Free again: Doctorow signals the danger of states pushing tech boundaries. Photo: Rex/Will Ireland/Future Publishing
Show Hide image

Betrayed by your smartphone: Cory Doctorow on the future of internet censorship

“Information doesn’t want to be free,” writes the sci-fi novelist and activist Cory Doctorow, “people want to be free.”

When in May the European Court of Justice issued the ruling that has become known as “the right to be forgotten”, allowing individuals to request their removal from search results, it startled many in the tech industry. The decision jarred with their respect for freedom of speech, and commentators pointed out that Google would have to develop an infrastructure for assessing and removing search results. This seemed a very big ask.

Yet Google already has an effective system of self-censorship. It exists to comply with takedown notices issued under copyright legislation, when rights holders want links to piracy sites removed from their search results. One of the main arguments the sci-fi novelist and activist Cory Doctorow makes in his new book, Information Doesn’t Want to Be Free, is that the infrastructure for copyright enforcement is the same as that for censorship.

“Information wants to be free” is a rallying cry for many of those who fight against legal restrictions on the internet. The phrase was coined by the tech writer Stewart Brand in 1984 and referred to the way the web reduces many of the costs of producing and disseminating data to near zero. “Free” in this phrase has also come to mean “freedom”, because the internet makes it easy to avoid censorship.

Doctorow is challenging both interpretations – not because he doesn’t agree with them but because he thinks a crucial premise has been lost. “Information doesn’t want to be free,” he writes, “people want to be free.”

The first two-thirds of the book discusses ways in which artists are penalised by the internet’s present regulatory system. He criticises digital rights management (DRM) technology, which limits the platforms digital files can play on; not only does it mean we don’t “own” the files we pay for, but when a company that supports a file goes bust, the culture locked up in their DRM can be lost for ever. Doctorow describes this as “a library burning in slow motion”.

Many companies such as Apple sell devices that block you from downloading non-approved apps. “That is sold to creators as an anti-piracy measure,” Doctorow tells me when we speak on the phone. “But the most practical application has been to allow Apple to exert market power that it would never have had in any other world.”

This links to the final third of the book, which explores how systems for protecting copyrighted material can also be used for censorship.

Last month the security firm ESD America found dozens of “fake” mobile-phone towers across the US which were extracting data from users who unknowingly connected to them. Similar towers have been used at protests by police forces around the world to monitor activists. Doctorow argues that a government (he cites Ukraine as an example) could react to a protest by cross-referencing that data with information gleaned from domestic internet connections, because anti-digital piracy legislation often mandates “taps” on home web connections. Then it’s a simple job to establish protesters’ names and addresses. If they have a new smart thermostat, which is connected to the web, the state could even extract individual protesters’ thermostat ID. “Then they just cut off everybody’s heat that night,” he says. “Problem solved, done in one.”

Doctorow’s novels are often set in a technologically enabled dystopia. Information Doesn’t Want to Be Free offers a blend of mundane copyright policy recommendations and warnings about what will happen if our societies do not change course. “This,” he says, “is about whether our devices will betray us.”

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

This article first appeared in the 30 September 2014 issue of the New Statesman, ISIS vs The World

Getty
Show Hide image

Marcus Hutchins: What we know so far about the arrest of the hero hacker

The 23-year old who stopped the WannaCry malware which attacked the NHS has been arrested in the US. 

In May, Marcus Hutchins - who goes by the online name Malware Tech - became a national hero after "accidentally" discovering a way to stop the WannaCry virus that had paralysed parts of the NHS.

Now, the 23-year-old darling of cyber security is facing charges of cyber crime following a bizarre turn of events that have left many baffled. So what do we know about his indictment?

Arrest

Hutchins, from Ilfracombe in Devon, was reportedly arrested by the FBI in Las Vegas on Wednesday before travelling back from cyber security conferences Black Hat and Def Con.

He is now due to appear in court in Las Vegas later today after being accused of involvement with a piece of malware used to access people's bank accounts.

"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," said the US Department of Justice.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

His court appearance comes after he was arraigned in Las Vegas yesterday. He made no statement beyond a series of one-word answers to basic questions from the judge, the Guardian reports. A public defender said Hutchins had no criminal history and had previously cooperated with federal authorities. 

The malware

Kronos, a so-called Trojan, is a kind of malware that disguises itself as legitimate software while harvesting unsuspecting victims' online banking login details and other financial data.

It emerged in July 2014 on a Russian underground forum, where it was advertised for $7,000 (£5,330), a relatively high figure at the time, according to the BBC.

Shortly after it made the news, a video demonstrating the malware was posted to YouTube allegedly by Hutchins' co-defendant, who has not been named. Hutchins later tweeted: "Anyone got a kronos sample."

His mum, Janet Hutchins, told the Press Association it is "hugely unlikely" he was involved because he spent "enormous amounts of time" fighting attacks.

Research?

Meanwhile Ryan Kalember, a security researcher from Proofpoint, told the Guardian that the actions of researchers investigating malware may sometimes look criminal.

“This could very easily be the FBI mistaking legitimate research activity with being in control of Kronos infrastructure," said Kalember. "Lots of researchers like to log in to crimeware tools and interfaces and play around.”

The indictment alleges that Hutchins created and sold Kronos on internet forums including the AlphaBay dark web market, which was shut down last month.

"Sometimes you have to at least pretend to be selling something interesting to get people to trust you,” added Kalember. “It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference.”

It's a sentiment echoed by US cyber-attorney Tor Ekeland, who told Radio 4's Today Programme: "I can think of a number of examples of legitimate software that would potentially be a felony under this theory of prosecution."

Hutchins could face 40 years in jail if found guilty, Ekelend said, but he added that no victims had been named.

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics.

Oscar Williams is editor of the NewStatesman's sister site NSTech.