MEP wants to fit a black box recorder to your PCs, phones. For the children.
Some brief background, I first came across this story in my slashdot email this morning. The slashdot story is based on a piece on a website called activepolitic, which itself seems to be based on a spotty Google translation of a piece on Swedish site ‘europapotrlaen.se’.
The key assertion in all these pieces is that Italian MEP Tiziano Motti is currently proposing a scheme to the EU parliament by which everything a citizen of an EU state does online is authenticated, monitored and logged by means of a ‘black box’ system to be installed on every internet connected device.
Worth pointing out at this stage that I’ve been unable to find any mention of this via the Europa website (your Gateway to the European Union!), Motti’s European Parliament listing page, or even his own website. So I’m not quite clear yet on whether this is something that has been scheduled for debate, is intended to be scheduled for debate, or is/has been put before the parliament in one of the many and various ways that such things can come to pass, but I do intend to find out and will post an update if I can clear things up a little.
However, I was able to contact Marcin de Kaminski, one of the sources mentioned in the activepolitics piece, who very helpfully supplied this google docs link to the text of the proposal authored by Motti.
It makes for chilling reading, and as such I’m not going to extract from it too heavily, it really is something which needs to be appreciated - if that’s the correct term for the feeling of crawling horror that will steal over you as you read it - in its totality.
The document provides at least some background context as to what Motti is doing
Recognising the limits of the current technological instruments, Hon. Motti commissioned a feasibility study for the implementation of a model to make the issue of paedo-pornographic material on the web instantly traceable, through the identification of the connected users, and to monitor the uploading of illegal contents.
So presumably what we’re seeing is the result of this feasibility study.
Motti, in describing his intentions, is keen to let you know that this project (his emphasis)
does not in any way aim to create a digital “Big Brother”, on the contrary it is designed principally to re-establish the necessary monitoring and control of the digital world within a safe and standardised, democratically shared environment which is based on the principles of equity, reliability, neutrality, the protection of human rights and fundamental liberties, and which is not used for improper purposes
He then goes on to outline a system for which the term “Big Brother” is hardly a sufficiently derogatory description. As one might expect, it starts with having to unambiguously identify yourself before going online. In this case you will cryptographically authenticate yourself with a ‘Guarantor’. The guarantor is a fundamental element of this model of control, and is what is known in cryptography terms as a ‘Trusted Third Party’ or ‘TTP’.
In Motti’s model, this TTP will be
a non-profit, non-governmental organisation which acts as a “super-partes witness”
The two other ‘stakeholders’ who will be party to this and all other online transactions being the user and what the document describes as “the investigative agencies in charge of fighting crime” (henceforth abbreviated as LEA for Law Enforcement Agencies)
[ If you’re of a certain age and inclination, this will no doubt conjure up memories of the US NSA’s rather poorly received ’clipper chip' initiative. This is worse. ]
Once you’ve authenticated your identity to the guarantor, the ‘black box’ software will record everything you do online, every page you visit, every search you make, every file you download, everything you post to Facebook, every conversation you have in an online chat room or forum. It will cryptographically sign these logs, encrypt them and send them to the guarantor.
As part of this process, the key used to encipher the logs will be split into three parts using an algorithm known as ‘Shamir’s Secret Sharing Scheme’ or ‘SSSS’. One part is retained by the user, one part goes to the guarantor and one to the LEA.
As any crypto geek - or indeed anyone who reads the linked wikipedia article - can tell you, when a key is split in this way, you only need two parts of it in order to reassemble the whole thing. This is presumably what Motti means when he suggests that this system is democratic, that is the ‘vote’ of the LEA and the TTP is enough to open up your logs and have a look whether you agree or not.
In summary then, this system requires you to prove your identity and then continuously log everything you do online with a third party, said logs being accessible without any consent on your part. This process is unashamedly referred to throughout the document as ‘evidence gathering’.
This would be voluntary. At first. Except where it wouldn’t be …
In an initial phase it is suggested to introduce the Logbox system on a voluntary basis against incentives (e.g. fiscal, economic, insurance, legal, etc.), except in some of the more sensitive cases such as financial transactions, relations with the public administration, processing of information in compliance with European or national legislation concerning privacy, web surfing by minors and so on.
In the medium term, the system should become a standard, and web surfing should be inhibited by any device that is not compatible with the LogBox infrastructure and which has not authenticated its transactions with the Guarantor (not the ISP or other non-neutral subjects).
But all that - of course - is by no means the limit of Motti’s ambitions. The document contains a chilling indication of the scope of his vision.
Later the system could also, where suitably integrated with event management and intrusion detection systems, contribute to the implementation of a capillary, reliable early warning system to fight illegal activities, assuming a pro-active role in the defence of the Internet as a whole and of the single nodes that it comprises.
Which sounds awfully like Motti would like all of this to tie in with a real time monitoring system.
The justification for this rests upon the two now tediously familiar pillars of child protection and the ‘nothing to hide, nothing to fear’ principle. The first of these, as I never tire of pointing out, was a favourite rhetorical tool of one A Hitler, the second has been debunked repeatedly, but let’s look at a single real world example.
On the 25th of January 2009, it was legal in the UK to possess an image of consenting adults participating in certain forms of sadomasochistic sex acts. Not to everyone’s taste, but legal.
On the 26th of January 2009, section 63 of the Criminal Justice and Immigration Act 2008 came into force, and it was not. What a difference a day makes. In this case, the difference between ‘nothing to hide’ and ‘three years in prison’.
Motti describes his proposed system as a
Copernican revolution in the method of monitoring and logging
Those are not the words that I would choose, but then again, recall that Motti considers that a system which identifies, monitors and records your every action, for your own good “does not in any way aim to create a digital ‘Big Brother’”.