Welcome to another edition of the Issues Team blog! Today we’re all about information: how the Panama papers leaks were possible, how big Internet platforms decide what you can and can't see, and a technology for getting *as much data as possible* by combining Internet connections.
Panama Papers and information security in legal services
The Panama Papers are so hot right now. But if you put aside all the ethics, the journalism, and well all the exciting stuff, I’m left with a major question: How the HELL can an international legal firm like Mossack Fonseca have 11.5 million documents leave the network, without any encryption, and no-one notices?
One of the routine topics here in the Issues team we often talk about (given we’re security, policy and legal nerds) is the state of information security in the professional services. Just how good (or bad) is the “cybersecurity” of New Zealand law firms, accountants, patent attorneys, and so on? All these professionals hold important information on their clients, and all have obligations to keep that data private. So how common is storing this information unencrypted, on a computer that's not up to date with security patches?
Tech has made it easier to store, process, and access data. This makes many things better and easier, but it also increases risks. The data in this leak shows some shocking things about the people involved. That the leak was possible at all shows some shocking things about data security in one big professional firm. Here's the American Lawyer and Wired looking at some of the data security issues:
Content moderation and free speech online
The Internet is great for spreading information - writing, videos, all sorts. When this goes well, we get things like Wikipedia, with a whole lot of people around the world sharing their knowledge and insights for the good of all. But along with the good comes some bad. The Internet can show us the ugly side of human behaviour, at a scale that has never before been possible.
We've blogged before about the NZ rules on objectionable content (stuff that's illegal), and classification of content (rules that limit who can see some things).That's our legal regime. There’s also another, less visible, form of content control courtesy of the big Internet platforms which serve and filter much of the content people see online. The Facebooks, Googles, Twitters, and so on have people who scrutinise and take down content they judge as unacceptable or harmful. There's a long, excellent article looking at this moderation process on The Verge - see below.
Moderation, by governments or businesses, opens a swathe of really difficult issues. How do we ensure free expression, with all the benefits for finding truth and learning, while limiting the harms from expression on the massive scale of the Internet? We don't have a definite answer, but it seems important to grapple with this!
As a companion piece, we've been listening to the BBC's "Oxygen of Freedom" podcasts on free expression in the Internet age. The first episode, linked below, offers a broad view on the value of free expression. A later episode ominously labels big Internet companies "The Deciders", for their power over what is seen by people.
Multi-Path TCP gets its own box
Many of us are walking around with a few different devices, each with their own Internet connection. Sometimes I wonder: wouldn't it be cool if we could combine those connections into one, super-fast firehose of data?
One way to do this is Multi-Path TCP (MP-TCP). You might have heard Kate Pearce's awesome talk about this at APRICOT earlier this year, or Kiwicon 2015. MP-TCP has been around for a couple of years (RFC 6824 was released in Jan 2013). Without getting too technical (because then I’ll get lost myself), it enables a user to split up their data packets across different paths (and even networks) using transmission control protocol (TCP). Why would you do it? Basically, you can glue together different connections for increased speed and better redundancy.
Anyway, MP-TCP is pretty technical and niche, and as cool as it is, a lot of people have shrugged and asked "when will this be a real thing I can get from an ISP?". Well, now I guess? OVH Telecom (a French ISP) has started offering an MPTCP box. It looks like (using Google translate so bear with me), it can run your Internet over four different network connections and they appear to be marketing it on aggregation, load-balancing and fail-over protection (if one network is down your packets keep on keeping on). Oh and they chuch in AES256 encryption on all traffic just for good measure so that’s pretty nifty as well.
From our perspective, MP-TCP definitely has potential to help an open and uncapturable Internet. It’s great to see an ISP making it easier for users too.