I wrote a piece for the Guardian about the recent DDoS attack that was breathlessly described as ‘breaking’ the ‘entire Internet’. I don’t know that I’d go so far as to say the original reporting was “shoddy” (a sub-editor wrote that headline) but certainly scepticism was severely lacking. Unfortunately, as long as the public continue to expect something for nothing this is the type of journalism in store. Public relations people are constantly badgering journalists to run stories that serve some private interest. These journalists used to be paid a decent wage to report their own stories. Now their numbers are crashing yet they are expected to write more with fewer resources in less time. If you want quality journalism there’s no way around it. We have to pay for it.
How a cyberwar was spun by shoddy journalism
The Guardian, Friday 29 March 2013
Journalistic scepticism was lacking when stories about a DDoS attack ‘breaking’ the internet surfaced. This is a real future risk
‘A lot of people have a lot to gain from peddling scare stories about cyber “warfare”. As with any type of politics it’s important to know precisely who is making the claims and what their interests are.’ Photograph: Daniel Law/PA
A veteran Reuters reporter related a piece of advice given by his editor: “It’s not just what you print that makes you an authoritative and trusted source for news, but what you don’t print.”
He wasn’t talking about censorship, he was talking about what separates journalism from stenography and propaganda: sceptical scrutiny. The professionalism of the craft isn’t simply learning to write or broadcast what other people tell you. Crucially it is the ability to delve, interrogate and challenge, and checking out stories you’ve discovered through your own curiosity, or robustly testing what other people tell you is true.
Scepticism was in short supply this week when breathless claims about the collapse of the internet were published in such reputable publications as the New York Times, the BBC and even technical journal Ars Technica, all falling prey to the hyped-up drama of a DDoS attack against Spamhaus, a group that tracks spammers, and their alleged attacker Cyberbunker, a Dutch hosting company Spamhaus had blacklisted.
Ars Technica described the attack as at “a scale that’s threatening to clog up the internet’s core infrastructure and make access to the rest of the internet slow or impossible”. “If a Tier 1 provider fails, that risks breaking the entire internet,” it continued.
There is risk everywhere. Being alive carries the risk of death. It’s no good just saying what might happen (that’s the role of a screenwriter or novelist), what matters is the likelihood of it happening. The “risk” of the entire internet breaking from such an attack is very small. That should have killed off the worst of the scaremongering headlines and alerted the sceptical reporter that something was afoot.
A lot of people have a lot to gain from peddling scare stories about cyber “warfare”. As with any type of politics it’s important to know precisely who is making the claims and what their interests are.
In whose interest is it to hype up the collapse of the internet from a DDoS attack? Why, the people who provide cyber security services of course. And looking at the reporting, almost all the sources are directly involved and have a vested interest. The claims about the scale of the attack are from CloudFlare, the anti-DDoS firm hired by Spamhaus to ward off the attack. Eschewing subtlety they blogged about the event: “The DDos that Almost Broke the Internet”.
As soon as you have a source with a direct involvement, scepticism should be your guide. Sadly, reporters don’t always have the time or space for scepticism, and increasingly they are judged only on their ability to fill space at speed. In this environment there is no incentive to challenge a good yarn.
While the infrastructure of the internet might not be easy for reporters to understand, simply juxtaposing quotes from opposing sides isn’t all there is to journalism. Yes, this was a big attack in terms of traffic directed against one website (approx 300Gbps), but the internet seemed to cope just fine.
Even if you knew nothing about technology, you could have done what Sam Biddle did at Gizmodo and simply asked some challenging, sceptical questions such as:
• Why wasn’t my internet slow?
• Why didn’t anyone notice this over the course of the past week, when it began?
• Why isn’t anyone without a financial stake in the attack saying the attack was this much of a disaster?
• Why haven’t there been any reports of Netflix outages, as the New York Times and BBC reported?
• Why do firms that do nothing but monitor the health of the web, like Internet Traffic Report, show zero evidence of this Dutch conflict spilling over into our online backyards?
This story wasn’t just a failure to understand technology. It was a failure of basic journalism practice. To be willing to not write the story if it didn’t stack up.
This is the danger of the “dark age of journalism”, as it has been called. The training of the old Reuters reporter is replaced by one of political and corporate collusion. The separation between newsrooms and public relations agencies growing ever thinner as reporters rush to fill space at all costs, regardless of truth.
Even after she’d written the piece in the New York Times, tech reporter Nicole Perlroth tweeted how she was still getting targeted by corporate PRs to cover the “story”: “Hi Nicole, News is just breaking on the biggest cyber-attack in history. Are you planning on covering?”
The collapse of journalism combined with complex, fast-changing technology offers a wealth of opportunity for propagandists. In the soil of ignorance, fear can easily be sown. So it is with cyberwarfare.
Assange is no hero. He’s just another Max Clifford
The Times (London), February 8, 2013 Friday
Jemima Khan so believed in the cause of WikiLeaks, of opening up state secrets to the public gaze, that she put up bail for Julian Assange, a man accused of rape and sexual assault. Now, in an article for the New Statesman she writes of her disillusionment, warning that he risks going from Jason Bourne to L. Ron Hubbard.
Mr Assange is an example of the crusading campaigner who equates righteousness with media attention. He hijacked a noble cause as a means of self-aggrandisement. Indeed, at his 40th birthday party he auctioned photographs of himself to the assembled celebrity admirers. Many people, not just Ms Khan, were so eager for him to be the person they wanted him to be that they failed or refused to see what he was: a morally questionable man exploiting idealistic supporters to advance his own fame.
Some cling to the fiction that Mr Assange “changed the game”. Did he? As a result of his actions governments across the world have been frightened into ever greater internet surveillance. If a campaigner’s ultimate aim is to change the law, WikiLeaks has failed.
WikiLeaks was at its best before Mr Assange took the credit for it, when it was a team publishing on the internet material that journalists couldn’t report in their own countries. The “megaleaks” of thousands of documents – the Afghan and Iraq war logs and the US diplomatic cables – were certainly powerful. But the credit belongs to Bradley Manning, the US soldier detained since 2010, who risked his life to make them public. It’s clear from his chat logs that educating the public was his goal, not granting Mr Assange a proprietorial licence to cajole journalists into writing sycophantic profiles. For that reason I was happy to break his monopoly and leak his most precious leak – the diplomatic cables.
“WikiLeaks exposed corruption, war crimes, torture and cover-ups,” Jemima Khan writes. No it didn’t. It was exposed by Private Manning and the reporters who spent weeks digging through the data to make sense of it and produce stories that stacked up. Mr Assange’s contribution was to organise – or rather get his young interns and lackeys to organise – the huge press conference in which he starred as saviour.
Mr Assange is, at best, a middle man of the Max Clifford variety, brokering deals between source and newspaper. Except that Private Manning got only incarceration and a potential life sentence. Far from advancing the cause of openness worldwide, Mr Assange has gravely undermined it by so shamelessly making it all about himself.
A few notes on why I generally don’t respond to anonymous people on twitter or in comments.
Anonymity is a privilege. Words are powerful and if that power is not to be abused it must be accountable.
There are some cases where granting the privilege of anonymity is necessary and warranted. Primarily this is where direct harm would befall someone if he or she were identified as the source of the words. Such is the case with whistleblowers, insiders or someone in a vulnerable position. If these people are identified, they face the immninent threat of losing their jobs, their livlihoods or their well-being. They may face personal attack (physical or legal) for speaking out. They may be breaking corporate confidentiality even though what they expose is in the public interest.
Others need anonymity to be able to voice inconvenient truths, or to simply tell their stories. Women posting about driving without a male overseer in Saudi Arabia, for example, need anonymity to avoid being arrested.
The primary justification for anonymity is provable harm.
There are other occasions where people use anonymity to take on a different persona in order to explore different parts of themselves or simply for fun. I don’t see a problem with this so long as they aren’t hurting anyone.
But the idea that anonymity is a right and not a privilege is wrong. There needs to be good reason to avoid being accountable for what we say or write, particularly if what we say affects other people. Too often online, anonymity is the tool of the bullying coward, a means to avoid responsibility for publishing threats, abuse and lies.
That doesn’t mean writing only anodyne, inoffensive drivel. It does mean having the courage of your convictions and the ability to withstand criticism. If you believe in what you say, put your name behind it. People may disagree with you. That’s fine. But if they launch an anonymous ad hominem attack that is not fine. It reveals a weak argument made by someone who is a coward, a fool and/or a nasty piece of work.
I was on BBC’s Daily Politics show Thursday, 17 January 2013 discussing opening up government databases with Stephan Skakespeare who is leading the government’s review. The main point I hope I made is that access to data should be determined by what is in the public interest not necessarily that which can turn a profit.
Today I heard that hacktivist Aaron Swartz killed himself. He was just 26 years old. I met Aaron at various Open Government conferences. He was an incredibly intelligent original thinker who was committed to freedom of information and democracy. He went beyond the rhetoric and put his principles into action. While I was researching the Boston hacker scene for The Revolution Will Be Digitised he generously agreed to help me. I’ve decided to post that section here to give a sense of the man we’ve lost.
…I can count on one finger my Boston contacts. Fortunately that person is Aaron Swartz, who’s in the Cambridge tech/activist scene. He describes himself as a writer, activist and hacker and at twenty-five his CV is impressive: currently founder and director of a democracy campaign group, Demand Progress, he previously co-founded Reddit.com (a website for sharing news links) and was part of the original team to launch Creative Commons. At fourteen he co-authored the Really Simple Syndication (RSS 1.0) specification for publishing news updates. In the information war he’s participated in a few guerrilla campaigns which have accorded him his own FBI file (posted on his blog). In 2008, he hacked into a federal court library system to leak over 18 million public documents that the government had been charging citizens to access. Swartz only realised how much trouble he was in when the FBI started monitoring him. He got himself a lawyer, but luckily the New York Times got on the case and made him something of a cause célèbre. The FBI eventually backed off: it looked bad to spend taxpayers’ money going after a kid for making public records more publicly available.
Aaron has set me up with a room in a place called the Acetarium but even standing outside the door on this cold November night I can’t tell if it’s a hostel, a hotel or a house. I telephone the proprietor Benjamin Mako Hill and in a few minutes I see pale legs jumping down the stairs. He’s known as ‘Mako’, he tells me, and he has an impish, Irish look with a pointy Pan-like beard and big mischievous blue eyes with a ring through his left eyebrow. He’s wearing an American flag do-rag and a yellow cycling jacket. He’s brimming with energy and hops up the stairs two at a time. On the landing is a sign: ‘Shoes and pants off please’. I leave mine (shoes that is) at the door and head in.
Inside, over some home-made vegetable dumplings, I meet Mako’s wife and some of the other residents: a twenty-year-old couchsurfer from North Carolina, a freelance software programmer in the spare room and a guinea pig whose owner has gone travelling. Mako himself is a scholar at MIT’s media lab specialising in sociology and online communities and he’s an active member of the Free Software Foundation. He sounds exactly the sort of person who can put me in touch with the people I need to talk to, but when I start asking questions he clams up. ‘I’m not into that scene,’ he says tersely, tapping his foot. ‘I don’t know any of those people.’
Later that evening, Aaron comes over to the Acetarium and tells me this used to be the original Reddit offices. He passed them to Mako when Reddit was bought by Condé Nast and he and the other founders moved out to San Francisco to live the dream. He says California wasn’t all it’s cracked up to be. Neither was the office job at Condé Nast. He’s since been fired, dropped out of Stanford and is now a fellow at the Center for Ethics at Harvard University as well as running his campaign group. He has an intense curiosity that lasers into whatever happens to interest him at any given moment, but the attention is short, and soon he’s off delving into something else. Fortunately his immediate interest is my ‘quest’, so he grabs a nearby laptop to see what he can find online. A quick glance of Tyler Watkins’ and David House’s social networks reveals they’re both linked to someone called Danny Clark. It’s a long shot, but I ask Mako if he knows Danny Clark. His response is straightforward enough: ‘Never heard of him.’
‘But he’s on your list of LinkedIn contacts,’ says Aaron, now perusing Mako’s profile, and I remind Mako there’s no privacy on the Internet. He reiterates that he’s ‘not involved in any of this, and I don’t want anything to do with it’.
‘What’s wrong with answering her questions?’ Aaron counters.
‘You don’t understand, there’s been all kinds of people round here.’
‘I understand completely. I was investigated by the FBI, don’t forget. That doesn’t mean you can’t talk. We’re not in a police state yet.’
I decide not to press my host any further, but I’m struck by his guardedness. Clearly people are scared, and I begin to worry if I’ll get anything at all out of this trip. Maybe to make up for his reticence, Mako invites me to come along to a pub in Harvard Square where every Sunday he organises a social evening for a group of techie friends studying or working at MIT or Harvard. I meet all sorts of interesting people including a woman working on the human genome project, but the most interesting of all is another Brit who tells me he lives with Danny Clark…
While I was in Boston, Aaron told me he was working on another ‘project’ which I found out later was his guerrilla action to liberate academic articles. In July 2011, he was arrested and charged with downloading 4.8 million academic articles between September 2010 and January 2011 from JSTOR, a research subscription service offering digitised copies of academic journals and documents. He was accused of breaking into a computer wiring closet on MIT’s campus and downloading the documents which prosecutors say he intended to share online. Swartz turned himself in and pleaded not guilty to charges including wire fraud, computer fraud and unlawfully obtaining information from a protected computer. He was released on a $100,000 unsecured bond and faced up to thirty-five years in prison, if convicted. In September 2012, federal prosecutors added even more charges.
Aaron wasn’t a dangerous person who hurt people. His mission was to free public information. Shamefully for that he was targeted by certain justice officials in what amounted to more of a persecution than a prosecution. I think the war on hackers has gone on long enough. Officials need to understand that criminalising the best and the brightest is not good public policy.
The Sunday Times, 24 December 2012
The Freedom of Information Act (FOIA) has always sat uncomfortably with the British government. Britain was one of the last western democracies to adopt the act and officials were so worried about people’s “right to know” that implementation of the law was put off for five years — the longest preparation time in the world. Indeed, Tony Blair described its passage as “one of the biggest mistakes I made in office”.
That should tell you all you need to know about officials’ fear of real public engagement. Responding to what people actually want to know is a different form of democracy from telling people what you want them to know through bloated governmental press offices.
After the expenses scandal, this government came to power on a transparency mandate and has substantially improved matters, opening up large tracts of official data, publishing more public spending information than ever before and even providing pay grades for public officials. We are still a long way from what a company chief executive would expect to see from his employees — exact pay and perks for all staff employees with their name attached — but things have improved dramatically.
However, all that good work is about to be undone by one worrying change announced last week in the government’s response to post-legislative scrutiny of the FOIA. This would allow officials to “take into account some or all of the time spent on considering and redacting when calculating whether the costs limit has been Read the rest of this entry »
House Magazine, 6 December 2012
(Download the PDF)
It is deeply disturbing to read Brian Leveson’s recommendations on regulating the press at a time when police and security services are trying to legalise the broadest surveillance powers yet on ordinary citizens.
The Leveson Inquiry was “sparked by public revulsion about a single action – the hacking of the mobile phone of a murdered teenager”. Yet the Communications Data Bill will give the state a legal right not simply to ‘hack’ voicemails, but rather to spy on all our communication – both telephone and internet – without judicial oversight.
Regulating the press? The state spying on its citizens? These are not the hallmarks of a democracy. When the supposed torch-bearers of Enlightenment values fall under the spell of authoritarianism, we must worry not only for ourselves, but for the citizens of truly authoritarian countries. The West is in danger of abdicating its values and becoming a place where the stifling of a free press and universal surveillance of citizens is legitimised.
The Leveson report is a screaming in the wind by an Establishment who cannot believe how fast power is slipping from its grasp in the digital age. Watching the hearings I was reminded of ‘Sunset Boulevard’ with Leveson as Norma Desmond, waiting for his close up.
Leveson is an exercise in delusion and denial. For the sad fact is that newspapers are dying. News is now online. Digital information does not respect national borders. If there is any jurisdiction it does respect it is that of the United States where most of the major technology companies operate and where there is a First Amendment protecting free speech and a free press. The judges, lawyers, the great and the good of Britain who once controlled what could be said, now cannot. In their pique, they are in danger of throwing away what still matters: our democratic values.
Leveson deals with inconvenient truths – such as the largely self-regulating internet – by ignoring it. The sheer bulk of the report symbolises bias towards a statist ideology where bigger is better and centralised state control best of all. That the Internet has become so fabulously successful precisely because it is not centrally regulated is again ignored.
A few proposals are worth singling out. Leveson acknowledges the importance of whistleblowers in identifying and alerting us of corruption and injustice. But the ‘us’ he refers to are not the public. Even when he admits there is no authority within the police service that commands the trust of officers, he wants only a confidential channel. He proposes that employment or service contracts include a clause ‘to the effect that no disciplinary action would be taken against them as a result of a refusal to act in a manner which is contrary to the code of practice’. But this is limited only to journalists’ contracts. Why not public servants such as NHS staff where gagging clauses can be found that deter, undermine and penalise whistleblowers? They are dealing dealing with matters of life and death.
He claims the “Police Service as a whole has responded positively and proactively”, which is not what the journalists who investigated phone-hacking say. And if the police did fail to do their job, Leveson forgives that, too, because they had ‘perfectly reasonably decided to limit the prosecutions in 2006 not least because of their incredible workload that was a consequence of terrorism.’ No such real-world pressures – such as lack of public records, severe financial constraints even the collapse of the industry – are accepted for newspapers.
He concludes that the press is too close to politicians and the police but entirely ignores why this is so. In Britain, there is simply no other way to get information without getting close to either. It is the secrecy of the system that has created the collusion and the information cartels.
Despite all my efforts to investigate MPs’ expenses using the law, in the end it came down to an inside leak paid for with cash. Newspapers are pragmatic. They operate in the system as they find it. The only reason I was different is that I came from America where the records are public and there is less need for reporters to collude with the powerful to get information.
Check out the Guardian’s Prince Charles page for the latest news on our unelected and unaccountable heir to the throne.