European Commission welcomes US Presidential Remarks and Directive

Do read the statement by a European Commission spokeswoman on President Obama’s remarks on the review of of US Intelligence programmes. 

In my previous blog, a couple of days ago, I compared those remarks, and the accompanying directive, to the assurances given to the Foundation as the start of Isaac Asimov’s saga on the process of shortening the chaos that followed the disintegration of “the Empire”. I led through to the need for a fundamental political rethink in order to avoid, or at least shorten, the period of chaos that will follow the disintegration of the Internet.

The first response, from a leading figure within ISOC, focused on my comments on the On-line Child Protection debate. It illustrated a lack of understanding that the scale and nature of the demands for action from parents around the world (and not just in the UK) may be even more potent than the Snowden revelations. If these are harnessed by those wishing to preserve the Stasi on-line world, because those who wish to restore personal control …

On a more positive note, I enjoyed watching the Musketeers last night and woke up in the middle of the night having dreamt that I was in charge of drafting NRDP (National Restore Democracy Party) manifesto for the European elections this year.

This was part of the section on European Internet Governance policy:

“The current European approach to Data Protection, Digital Identity, Cyber Security and Surveillance has been overtaken by events and is now over a decade out of date.

The Internet has lost its innocence. Thanks to Edward Snowden we all know that whatever we do on-line is not only recorded (to enable the packet-switched, store-and-forward, Internet to work), but stored (often well beyond the time needed for resilience), analysed (not just to improve performance) and the results made available (legitimately or otherwise), to a growing variety of “researchers”, lawyers, spooks and hackers. 

The Data Protection principles, drafted for the age of mainframes, have yet to be properly applied for the Internet age, when our most personal data (including our on-line habits) is routinely collated, stored and analysed around the world by persons outside the reach of any EU regulator. 

The Digital Identity principles are irrelevant in an age where confidence in accreditation services (e.g. Diginotar) has collapsed and those running reputable banking and payment  processing operations use transaction profiling, not third party trust providers to back up their own authorisation routines. 

Conventional approaches to cyber security no longer protect against serious attacks. Those who wish to protect their organisations and their customers are therefore joining a variety of “intelligence led security” partnerships to not only identify those attacking them but also use aggressive “asset recovery” techniques against the predators and those in their supply chains to get redress and deter future attacks.

In consequence almost everyone is running surveillance operations, whether to identify terrorists, victims or potential customers or those in need of health and welfare services or to attack, exploit, serve or protect them. 

Most of the data needed to digitally impersonate most of us is now out “in the wild”. The “Big Data analytics” technologies, whose use by the NSA has been revealed to the world by Edward Snowden, are routinely used by criminals to identify victims and by financial services organisations to identify attacks on their them and customers as well as by Internet Service providers to “improve” their services and National Security Agencies to identify terrorists or subversives.

Meanwhile the world has gone mobile, Even on Christmas Day nearly half of all UK traffic was over mobiles . More than half of us now use pay as you go . More-over the traffic figures are understated, because most of us piggyback our smart phones onto wifi wherever possible to get better speed and keep the charges down.

Things are also about to get much more complicated.

The Corporation of the City of London ordered the immediate removal of surveillance chips (measuring local footfall) as soon as it discovered they had been included, without its knowledge, in smart rubbish bins being piloted in the City.

The first fridge has already been caught taking part in a botnet attack. Who will be monitoring your kitchen appliances?

– The food police for breaching the latest NHS obesity “guidelines”?

– Google or Amazon looking to target advertising?  

– Organised crime looking for exploitable changes in life style? 

Most of what we are commonly told about the Internet is not true. “They” not only know you are a dog, but which breed and what trees you pee against. Conversely, however, hardly anyone, except those harvesting you profile in order to obtain electronic credentials for sale to fraudsters, is genuinely interested in you as an individual.    

We need to bring regulatory policies designed for late 20th Century on-line systems and threats, when on-line was an exception, into the 21st Century, when it is an integral part of the mainstream world, with our lives increasingly dependent on the secure and resilient functioning of a multitude of on-line support systems, which are dependent, in turn, on secure and resilient energy supplies   

So far the issues have been raised in the context of Government surveillance but US-centric players, such as the members of The Reform Government Surveillance Group , Facebook, Google, Twitter etc.) while European players, such as Vodafone have taken a more international approach.

Whether Europe steps up to the plate with a coherent forward looking approach, in place of the current mish-mash of irrelevant, tick box, regulatory overheads, will determine not only its future as a location for on-line business, but also whether the Internet as a whole survives as a globally integrated service or it fragmented along regional or national lines.

NRDP policy is that we should halt all current initiatives which do not have a compelling business case, showing how the benefits outweigh any possible economic or social harm, pending a review of the basic Commission approach to the regulation of the on-line world and the governance of the Internet.

We believe that the review should have the following objectives in mind:

– That we each own our personal information (from DNSA and Biometrics to transaction profiles) and all who presume to collect, copy, collate or use that information owe us a duty of care.

– That …”

And then I woke up   

Suggestions as to what I should have dreamt would be most welcome.