Black Code: Inside the Battle for Cyberspace

by Ronald J. Deibert

  5: THE NEXT BILLION DIGITAL NATIVES

  1 Somalia has not had a properly functioning government since 1991: An extensive look at Somalia’s thriving telecommunications sector is available in Bob Feldman, “Somalia: Amidst the Rubble, a Vibrant Telecommunications Infrastructure,” Review of African Political Economy 34, no. 113 (2007): 565–572; Sarah Childress and Abdinasir Mohamed, “Telecom Firms Thrive in Somalia Despite War, Shattered Economy,” Wall Street Journal, May 11, 2010, http://online.wsj.com/article/SB10001424052748704608104575220570113266984.html; Joseph Winter, “Telecoms Thriving in Lawless Somalia,” BBC, November 19, 2004, http://news.bbc.co.uk/2/hi/africa/4020259.stm; and Abdinasir Mohamed and Sarah Childress, “Telecom Firms Thrive in Somalia Despite War, Shattered Economy,” Wall Street Journal, May 11, 2010, http://online.wsj.com/article/SB10001424052748704608104575220570113266984.html.

  2 Somali cab drivers, nurses, teachers, engineers: Somalia is the fourth most remittance-dependent country in the world. See Mohamed Aden Hassan and Caitlin Chalmers, “UK Somali Remittances Survey,” Department for International Development, May 2008, http://www.diaspora-centre.org/DOCS/UK_Somali_Remittan.pdf.

  3 According to the Arab Social Media Report series: This series can be found at Dubai School of Government, “Social Media in the Arab World: Influencing Societal and Cultural Change?,” Arab Social Media Report 2, no.1 (2012), http://www.arabsocialmediareport.com/UserManagement/PDF/ASMR%204%20updated%2029%2008%2012.pdf.

  4 The combination of youth, unemployment, and radicalism: On youth unemployment in the Arab Spring, see Gwyn Morgan, “Youth Unemployment the Kindling that Fuels Unrest,” Globe and Mail, September 10, 2012, http://m.theglobeandmail.com/report-on-business/rob-commentary/youth-unemployment-the-kindling-that-fuels-unrest/article4199652/?service=mobile.

  5 The fastest growth rates are occurring among the world’s failed and most fragile states: In the ITU’s 2009 Information Society Statistical Profiles, the ten countries that saw the fastest Internet user growth rates (calculated in terms of compounded annual growth rates) over five years were Afghanistan, Myanmar, Vietnam, Albania, Uganda, Nigeria, Liberia, Sudan, Morocco, and D.R. Congo. Uganda, Nigeria, Liberia, and D.R. Congo were ranked as having low human development on the UN’S 2008 Human Development Index, with no available data for Afghanistan, which at the time was ranked seventh on the Fund for Peace’s Failed States Index. The growth rates for Afghanistan, Myanmar, and Vietnam were derived from 2002 to 2007 ITU figures, while 2003 to 2008 figures were used for the rest. The International Telecommunications Union’s Information Society Statistical Profiles are available at: “Information Society Statistical Profiles 2009: Africa,” 2010, http://www.itu.int/ITU-D/ict/material/ISSP09-AFR_final-en.pdf; “Information Society Statistical Profiles 2009: Europe v.1.01,” 2010, http://www.itu.int/dms_pub/itu-d/opb/ind/D-IND-RPM.EUR-2009-R1-PDF-E.pdf “Information Society Statistical Profiles 2009: Europe,” 2010, http://www.itu.int/dms_pub/itu-d/opb/ind/D-IND-RPM.EUR-2009-R1-PDF-E.pdf; “Information Society Statistical Profiles 2009: Americas,” 2010, http://www.itu.int/dms_pub/itu-d/opb/ind/D-IND-RPM.AM-2009-E09-PDF-E.pdf; and “Information Society Statistical Profiles 2009: Asia and the Pacific,” 2010, http://www.itu.int/dms_pub/itu-d/opb/ind/D-IND-RPM.AP-2009-R1-PDF-E.pdf. See also “Failed States Index 2008,” Fund for Peace, http://www.fundforpeace.org/global/?q=fsi-grid2008.

  6 Whereas in other parts of the world cyberspace controls: Rafal Rohozinski and I discuss cyberspace controls in Russia and the Commonwealth of Independent States in “Control and Subversion in Russian Cyberspace,” in Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace, eds. Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain (Cambridge: MIT Press, 2010): 15–34.

  7 Each country in the global South and East: India’s “Information Technology (Intermediaries Guidelines) Rules of 2011,” available at http://www.mit.gov.in/sites/upload_files/dit/files/GSR314E_10511%281%29.pdf, place extraordinary policing responsibilities on ISPs and other services that operate in cyberspace. India’s 2008 Information Technology Act, available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloads/itact2000/it_amendment_act2008.pdf, gives the government the power to block, intercept, monitor, or decrypt any information in the interest of sovereignty, integrity, defence, or security of India. See Amol Sharma, “India Court Adjourns Google-Facebook Case Until August,” Wall Street Journal, May 3, 2012, http://online.wsj.com/article/SB10001424052702304746604577381791461076660.html; and Jonah Force Hill, “India: The New Front Line in the Global Struggle for Internet Freedom,” The Atlantic, June 7, 2012, http://www.theatlantic.com/international/archive/2012/06/india-the-new-front-line-in-the-global-struggle-for-internet-freedom/258237.

  8 India has also waged a persistent campaign: In October 2011, it was reported that RIM had set up a facility in Mumbai to help the Indian government carry out lawful surveillance. See “RIM Sets Up Facility to Help Indian Government with Lawful Surveillance,” Toronto Star, October 28, 2011, http://www.thestar.com/business/article/1077575-rim-sets-up-facility-to-help-indian-government-with-lawful-surveillance?bn=1. I wrote about the travails of RIM in “Cyberspace Confidential,” Globe and Mail, August 6, 2010, http://www.theglobeandmail.com/commentary/cyberspace-confidential/article1241035/?page=all.

  9 Meanwhile, the Indian government banned all mass text messaging Regarding the Indian government’s banning mass texting for two weeks, see Dean Nelson, “India Bans Mass Text Messages to Stem Panic Among Minorities,” Telegraph, August 17, 2012, http://www.telegraph.co.uk/news/worldnews/asia/india/9482890/India-bans-mass-text-messages-to-stem-panic-among-minorities.html.

  10 in an attempt to prevent the sale and distribution of cloned and pirated mobile phones: On the Communications Commission of Kenya cutting off 1.89 million mobile phones, see Winfred Kagwe, “Kenya: 1.9 Million ‘Fake’ Phones Shut,” All Africa, October 2, 2012, http://allafrica.com/stories/201210020512.html.

  11 In 2010, Turkey ordered ISPs to block access to YouTube: YouTube was banned by a 2007 court decision after videos accusing Mustafa Kemal Ataturk, the first president of Turkey, of being homosexual. In an attempt to enforce this ban, Turkey also blocked more than thirty Google services. See Justin Vela, “Turkey Blocks Google Sites – Accidentally?” AOL News, June 9, 2010, http://www.aolnews.com/2010/06/09/turkey-blocks-google-sites-accidently/.

  12 South Korea put in place regulations to block several dozen North Korean websites: The OpenNet Initiative reported on South Korean collateral filtering in “Collateral Blocking: Filtering by South Korean Government of Pro-North Korean Websites,” January 31, 2005, http://opennet.net/bulletins/009/.

  13 In his 2010 report: Helmi Noman discusses faith-based Internet censorship in majority Muslim countries in “In the Name of God: Faith-based Internet Censorship in Majority Muslim Countries,” OpenNet Initiative, August 1, 2011, http://opennet.net/sites/opennet.net/files/ONI_NameofGod_1_08_2011.pdf.

  14 In the Far East, the same pattern is emerging: The OpenNet Initiative has documented Thailand’s cyberspace controls in “Thailand,” in Access Contested, eds. Ronald Deibert et al., 271–298. The case of Chiranuch Premchaiporn is detailed in James Hookway, “Conviction in Thailand Worries Web Users,” Wall Street Journal, May 30, 2012, http://online.wsj.com/article/SB10001424052702303674004577435373324265632.html.

  15 The cartels have also shown a ruthless ability: The murders of bloggers by drug cartels in Mexico has been profiled in “Mexican Drug Gang Beheads ANOTHER Blogger and Dumps Body and Severed Head in Street with Bloody Warning Note,” Daily Mail Online, November 10, 2011, http://www.dailymail.co.uk/news/article-2060057/Blogger-beheaded-Mexican-gang-left-note-warning-snitch.html; and “Killings Grow More Gruesome as Mexican Drug Cartels Try to Out-shock,” The National, October 10, 2011, http://www.thenational.ae/news/world/americas/killings-grow-more-gruesome-as-mexican-drug-cartels-try-to-out-shock. The Citizen Lab’s Luis Horacio Najera is an exiled journalist from Mexico and winner of the 2010 International Press Freed
om Award. He has been undertaking extensive research on the use of information and communication technologies by Latin American drug cartels and will be publishing his findings in 2013 as a Citizen Lab report.

  6: WE THE PEOPLE OF … FACEBOOK

  1 Google’s ongoing acrimonious relationship with China: Google’s announcement of the two policies is available on its blog at “Security Warnings for Suspected State-Sponsored Attacks,” June 5, 2012, http://googleonlinesecurity.blogspot.ca/2012/06/security-warnings-for-suspected-state.html; and “Better Search in Mainland China,” Inside Search: The Official Google Search Blog, May 31, 2012, http://insidesearch.blogspot.sg/2012/05/better-search-in-mainland-china.html.

  2 “corporate sovereignty”: Rebecca MacKinnon, Consent of the Networked: The Worldwide Struggle for Internet Freedom (New York: Basics Books, 2012). In The Master Switch: The Rise and Fall of Information Empires (New York: Random House, 2010), Tim Wu shows how all previous innovations of the information industry have followed a single path from being open and widely accessible to being dominated by a single corporation or cartel, and warns that the Internet may one day also follow this path of development.

  3 Its vigorous opposition to the SOPA and PIPA bills: The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) aim to curtail online copyright violations by granting the U.S. government new tools and powers to block users’ access to websites that sell copyright-infringing or counterfeit goods.

  4 “unprecedented synthesis of corporate and public spaces”: Steve Coll’s New Yorker essay “Leaving Facebookistan” (May 24, 2012) is available at, http://www.newyorker.com/online/blogs/comment/2012/05/leaving-facebookistan.html.

  5 social media are less like town squares: On private policing of online content, see Jillian C. York, “Policing Content in the Quasi-Public Sphere,” OpenNet Initiative, September 2010, http://opennet.net/policing-content-quasi-public-sphere.

  6 they have had to balance the desire to penetrate markets: On corporate social responsibility, see John Palfrey and Jonathan Zittrain, “Reluctant Gatekeepers: Corporate Ethics on a Filtered Internet,” in Deibert et al., eds., Access Denied, 103–122. See also Colin M. Maclay, “Protecting Privacy and Expression Online: Can the Global Network Initiative Embrace the Character of the Net?,” in Access Controlled, 87–108; Ethan Zuckerman, “Intermediary Censorship,” in Access Controlled, 71–86; and Jonathan Zittrain, “Be Careful What You Ask For: Reconciling a Global Internet and Local Law,” in Who Rules the Net, eds. Adam Thierer and Clyde Wayne Crews (Washington: Cato Institute, 2003).

  7 The same downloading of responsibilities can be seen in: A larger discussion of the concerns associated with the Anti-Counterfeiting Trade Agreement is available in Michael Geist, “The Trouble with the Anti-Counterfeiting Trade Agreement (ACTA),” SAIS Review 30.2 (2010).

  8 stating that it archives content removal requests: The Chilling Effects Clearinghouse is a joint project of the Electronic Frontier Foundation and Harvard University, Stanford University, University of California, Berkeley, University of San Francisco, University of Maine, George Washington University Law School, and Santa Clara University School of Law clinics. More on Chilling Effects can be found in, http://www.chillingeffects.org/faq.cgi.

  7: POLICING CYBERSPACE: IS THERE AN “OTHER REQUEST” ON THE LINE?

  1 In November 2012, Google released an update: The Google Transparency Report can be found at http://www.google.com/transparencyreport.

  2 Twitter’s report came out immediately: The Twitter/Malcolm Harris case was profiled in Joseph Ax, “Occupy Wall Street Protester Whose Tweets Were Subpoenaed to Plead Guilty,” Reuters, December 5, 2012, http://www.reuters.com/article/2012/12/06/us-twitter-occupy-idUSBRE8B504120121206.

  3 The EFF has investigated and ranked eighteen U.S. email, ISP, and cloud storage companies: In “When the Government Comes Knocking, Who Has Your Back?,” https://www.eff.org/pages/who-has-your-back/, the Electronic Frontier Foundation “examined the policies of 18 major Internet companies – including email providers, ISPs, cloud storage providers, and social networking sites – to assess whether they publicly commit to standing with users when the government seeks access to user data.” See also Christopher Soghoian, “An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government,” Minnesota Journal of Law, Science & Technology, 12, no.1 (2011): 191–237.

  4 Thai-American citizen detained: In August 2011, Anthony Chai, with the support of the World Organization for Human Rights, filed a lawsuit with a central California district court, charging Netfirm of violating (1) Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA); (2) the privacy provisions in California’s Business and Professions Code; and (3) the Declaration of Rights contained in California’s constitution. Chai is suing the company for US$75,000 in restitution and punitive damages. See Matthew Lasar, “Thai Censorship Critic Strikes Back at Snitch Web Host,” Ars Technica, August 29, 2011, http://arstechnica.com/business/2011/08/thai–dissident-strikes-back-at-snitch-web-host/. The OpenNet Initiative has documented Thailand’s cyberspace controls in “Thailand,” in Access Contested, eds. Ronald Deibert et al., 271–298.

  5 The Chinese government requested information: Rebecca MacKinnon discusses corporate social responsibility in the case of Yahoo! and Shi Tao in Shi Tao, Yahoo!, and the Lessons for Corporate Social Responsibility, Version 1.0, December 20, 2007, http://rconversation.blogs.com/YahooShiTaoLessons.pdf.

  6 numerous demands by governments to eavesdrop on users: Christopher Parsons investigates BlackBerry security, and government requests for its decryption keys, in “Decrypting Blackberry Security, Decentralizing the Future,” Technology, Thoughts, and Trinkets, November 29, 2010, http://www.christopher-parsons.com/blog/technology/decrypting-blackberry-security-decentralizing-the-future. The Citizen Lab’s announcement of the RIM Check project is at “Information Warfare Monitor (Citizen Lab and SecDev Group) Announces RIM Monitoring Project,” Information Warfare Monitor, October 21, 2010, http://www.infowar-monitor.net/2010/10/information-warfare-monitor-citizen-lab-and-secdev-group-announces-rim-monitoring-project/.

  7 A June 2012 Human Rights Watch (HRW) report: See in “In the Name of Security, Counterterrorism Laws Worldwide Since September 11,” Human Rights Watch, 2012, http://www.hrw.org/sites/default/files/reports/global0612ForUpload_1.pdf.

  8 ATIS hosts a number of committees and subcomittees: Ryan Gallagher discusses how networks of telecom companies and international government agencies, such as the Alliance for Telecommunications Industry Solutions (ATIS), are responsible for the harmonization of surveillance laws in “How Governments and Telecom Companies Work Together on Surveillance Laws,” Slate, August 14, 2012, http://www.slate.com/articles/technology/future_tense/2012/08/how_governments_and_telecom_companies_work_together_on_surveillance_laws_.html.

  9 dozens of governments party to this agreement: More information on the Council of Europe’s Convention on Cybercrime is available in Amalie M. Weber, “The Council of Europe’s Convention on Cybercrime,” Berkeley Technology Law Journal 18, no.1 (2003).

  10 would require ISPs and other telecommunication companies to store: The proposed Communications Data Bill has been profiled in “UK’s Data Communication Bill Faces Tough Criticism,” BBC, June 14, 2012, http://www.bbc.com/news/technology-18439226; “Jimmy Wales, Tim Berners-Lee Slam UK’s Internet Snooping Plans,” ZDNet, September 6, 2012, http://www.zdnet.com/uk/jimmy-wales-timberners-lee-slam-uks-internet-snooping-plans-7000003829; “UK’s Web Monitoring Draft Bill Revealed: What You Need to Know,” ZDNet, June 14, 2012, http://www.zdnet.com/blog/london/uks-web-monitoring-draft-bill-revealed-what-you-need-to-know/5183; and Mark Townsend, “Security Services to Get More Access to Monitor Emails and Social Media,” Guardian, July 28, 2012, http://www.guardian.co.uk/technology/2012/jul/28/isecurity-services-emails-social-media.

  11 From documents released under federal access to information laws: See Christopher Parsons, “Canadian Social Medi
a Surveillance: Today and Tomorrow,” Technology, Thoughts, and Trinkets, May 28, 2012, http://www.christopher-parsons.com/blog/technology/canadian-social-media-surveillance-today-and-tomorrow/.

  8: MEET KOOBFACE: A CYBER CRIME SNAPSHOT

  1 Meet Koobface: A Cyber Crime Snapshot: Between April and November 2010, the Information Warfare Monitor, led by Nart Villeneuve, conducted an investigation into the operations and monetization strategies of the Koobface botnet. See Nart Villeneuve, “Koobface: Inside a Crimeware Network,” Information Warfare Monitor, 2010, http://www.infowar-monitor.net/reports/iwm-koobface.pdf. Other important studies on Koobface include Jonell Baltazar, Joey Costoya, and Ryan Flores, “The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained,” TrendWatch, July 2009, http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_real_face_of_koobface_jul2009.pdf; Jonell Baltazar, Joey Costoya, and Ryan Flores, “The Heart of KOOBFACE: C&C and Social Network Propagation,” TrendWatch, October 2009, http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_pdf; Jonell Baltazar, Joey Costoya, and Ryan Flores, “Show Me the Money! The Monetization of KOOBFACE,” Trend Watch, November 2009, http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/koobface_part3_showmethemoney.pdf; and Jonell Baltazar, “Web 2.0 Botnet Evolution: KOOBFACE Revisited,” TrendWatch, May 2010, http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/web_2_0_botnet_evolution_-_koobface_revisited_may_2010_.pdf. In January 2012, Jan Droemer and Dirk Kollberg reported on their own detailed investigation of the Koobface perpetrators in “The Koobface Malware Gang Exposed,” Sophos Lab, January 2012, http://www.sophos.com/medialibrary/PDFs/other/sophoskoobfacearticle_rev_na.pdf?dl=true.