Category Archives: Economy

The Panama Papers: Dirty Money or Dirty Media?

Panama PapersOn 3 April 2016, the first few of the so-called Panama Papers were published by mainstream media across the West. The Panama Papers are a collection of allegedly 2.6 TB of data and documents by and related to Mossack Fonseca, a Panamanian law firm providing offshore trust services.

The leak, given by an anonymous whistle-blower to Bastian Obermayer of the German Süddeutsche Zeitung, consists of 11.5 million documents created between the 1970s and late 2015 by Mossack Fonseca. A consortium of journalists, the International Consortium of Investigative Journalists (ICIJ) subsequently organised the research and review of the documents.

These documents allegedly provide proof of the rich and powerful in the world storing their massive stashes of money in tax havens across the world like the British Virgin Islands (BVI), Guernsey, The Netherlands, etc. This practice is called tax avoidance, and is usually not illegal. It is highly questionable from a moral standpoint though. Billions of euros or dollars flow through thousands of shell companies that provide no benefit to society in terms of services, goods and employment. And the country of residence of the billionaire in question doesn’t receive tax income which could be put to better use to improve society rather than sit on an anonymous bank account on the Cayman Islands.

Media Bias

Putin_mediaOne of the first things that struck me as odd, but that is sadly no longer surprising, was the incredibly one-sided reporting done on this by the media. On 3 April, lots of articles appeared about the Panama Papers, and they strongly implied that President Putin of Russia was mentioned in these documents. Even though Putin was not mentioned in the few actual documents released to this point, the mainstream media strongly implied (by using photographs depicting Putin, for instance), that Putin is personally involved with the arrangements mentioned in the documents by Mossack Fonseca. The BBC Panorama documentary entitled “Tax Havens of the Rich and Powerful Exposed” is also strongly biased in their editing, showing documents on-screen for only a few nanoseconds behind an unclear background. When you stop the video and zoom in you can clearly see that the documents shown are from the British Virgin Islands, while this British overseas territory is not mentioned even once in the documentary itself, while they are droning on about Putin and the Icelandic former Prime Minister Gunnlaugsson.

Why this massive media bias? Why is it necessary to remind us that leaders from countries like Russia, China, Zimbabwe, North Korea, Syria etc. are corrupt? We know that. That is not news. What would be news is to reveal hard evidence that Western billionaires like George Soros are just as corrupt, and worse, that they influence politics and world affairs using their massive stashes of money.

The reason why the bias is so strong is partly due to the methodology used, and partly because of other interests. The Süddeutsche Zeitung gives a detailed explanation on how these documents were searched for interesting titbits. One of the things they did is focus on countries that may be violating UN sanctions, which might explain in part why the bias is on non-Western countries as it is. Also note that these documents only come from one law firm in Panama. If there would be another leak from, say, a law firm on the BVI, then we might find other people involved.

As Craig Murray, former UK Ambassador to Uzbekistan has written, Western journalists, the corporate media gatekeepers, are withholding the vast majority of the actual documents from the public. If we truly want to know what the impact of the Panama Papers is, without spin from the media, we should have access to the actual raw documents. Raw docs or it doesn’t exist, so to speak. If you don’t release 99% of the documents, you’re engaged in 1% journalism by definition. This is why I like the work that WikiLeaks is doing. They work very hard to publish the original source documents responsibly so that we can all learn how the world works from the original and authoritative source material. And then all journalists can read these documents on an equal standing. It’s been a pet-peeve of mine for many years that mainstream media don’t link to their sources like bloggers do. If a story is clearly based on documents like in this case the Panama Papers, just release the source documents together with your explanatory articles. Why is this such a problem?

Or are the journalists who have access to these documents afraid of possible blow-back if they report on the hand that feeds them?

Who is funding this?

Because that is the big elephant in the room. Who could be funding this propaganda extravaganza? Let’s have a look at the ICIJ’s site shall we?

Soros

George Soros at the Festival of Economics 2012, Trento. Photo by Niccolò Caranti.

The International Consortium of Investigative Journalists is based in Washington, D.C, and is a project of the Center for Public Integrity. There, on the funding page, you can read that amongst the big institutional funders are names like the Omidyar Network (Pierre Omidyar, owner of The Intercept and founder of eBay), the Open Society Foundations (George Soros), the W.K. Kellogg Foundation, the Rockefellers, The Democracy Fund (again: Omidyar), and many others.

The OCCRP (Organized Crime and Corruption USAIDReporting Project) is also heavily involved with the Panama Papers project, and is sponsored, by (again) the Open Society Institute of George Soros, and also USAID, which is a US government agency and front organisation posing as a charity and frequently used as an instrument of regime change.

Is it strange that which such backers the very first news reports that came out were so incredibly biased? Given how much the US administration would like to see regime change in Russia, are these reports bashing the Russian President a surprise? No, sadly, I’m not surprised any more. What I find despicable, is that so many journalists who worked on this, like to think of themselves as independent and the ultimate arbiters of truth, when evidently, they are not.

Why are there not reports about the vast amount of wealth stashed away in tax havens by George Soros? Mark Zuckerberg? Warren Buffet? The journalists sacrificed a token Western leader like Gunnlaugsson from Iceland, so they can claim to be bias-free (“look, we’re also publishing on Western leaders!”), while in reality, their entire enterprise is funded by the rich and powerful in the West. So I think I can quite confidently predict that for instance George Soros’s financial arrangements in various tax havens will not be published. Mark my words.

The TTIP Tragedy

europeYesterday, the European Parliament passed a draft report containing the EP’s recommendations to the Commission on the negotiations for TTIP. TTIP is the “free trade” treaty that is being negotiated between the US and the EU. It is the latest chapter in a long range of abbreviations across the world, from ACTA, to CETA, to TPP, TISA, etc. The end goal for TTIP is to create a single, massive free trade area/single market between the United States and the European Union member states. In practice, this requires that our standards be lowered to theirs and American businesses given unfettered access to the European markets (and in name vice versa, but it remains to be seen whether that will be the case in reality.)

The negotiations with the United States are being conducted in secret. There are various MEPs who are regularly informed about the progress of the negotiations, but they are prevented from saying anything substantial about the actual contents of the documents currently on the table. The peoples of Europe have no influence and no say in what makes it in the final treaty. Most of the Members of the European Parliament also have no idea about the exact contents of the negotiating document, and what is currently on the table. The European Parliament will vote on TTIP when the treaty is completed, but does not have the power to make amendments to the final text. This is a massive shame, since this treaty will influence us in major ways. In practice, it will open up our markets to American big business, while the effect for European middle and small enterprises are almost non-existent (as the vast majority of SMEs will not make the step to export to the United States).

Negligible Economic Advantages

The long-term economic advantages of TTIP to Europe is in fact completely negligible. Karel De Gucht, the previous EU Commissioner for Trade until 2014, claimed that TTIP will create lots of jobs in Europe, when in fact, we’re looking at an increase of GDP of at most 0.4 to 0.5 percent over a time period of decades. Claiming that this treaty will be about job creation and creating opportunities for workers on both continents is just completely dishonest, as also claimed in a blog on the U.S. Center for Economic and Policy Research (CEPR) website. According to various studies, the economic advantages are quite negligible. Incidentally, when De Gucht was confronted by some questions asked by the journalist regarding the alleged economic advantages of TTIP, he couldn’t provide an answer. And these are the sorts of people in charge of these things?

ISDS With A Different Name

ttip-2One important aspect that hasn’t been scrapped in the new resolution is the notorious ISDS provision (Investor-State Dispute Settlement). ISDS is a arbitration provision, that basically says that if a corporation thinks that a certain law passed by a nation-state’s parliament is hurting the profits of the corporation, they will have a way to sue the state for damages, in practice amounting to hundreds of millions of euro’s.

The most laughable thing about this arbitration commission is, that in the initial proposals, it consists of 3 lawyers, one of which will be from the company and another one from the nation state; the third one to be decided by the 2 parties. No legitimate judge would be asked to take this decision, and this provision has the potential to hurt democracy in a massive way. That this was even up for serious discussion is simply insane. When we as people can no longer decide for ourselves what we do and do not allow onto the market, because we should always take into account whether or not that will hurt someone’s business model, what independence do we have left? What will be left of the people’s sovereignty, granted to them by international law?

The ironic thing is that in the latest resolution passed by the European Parliament (P8_TA-PROV(2015)0252), the term “ISDS” has been replaced with: ‘a system for resolving disputes between investors and states’. Tell me: how is that different from “Investor-State Dispute Settlement”? This was just a different term used in the new resolution just so some fractions in the European Parliament can say: “Look people, we stopped ISDS!”, while at the same time the Commission and the negotiating team can say to the Americans that it’s still in. In effect, nothing has changed on this point. The entire concept of investors suing states for damages because legislation is a threat to their business model, and doing so in kangaroo courts, is an utter travesty to the legal system.

Another problem is that big corporations have an excessive influence on European policy-making. During the preparatory phase of TTIP, 590 meetings took place between the Commission and corporate lobbyists. 92% of these meetings were with representatives of big business. In fact, quite a few sentences in the proposals are directly written by the lobbyists, and made it in the proposals virtually unchanged. And this is not only a problem for TTIP, this happens all the time.

Consequences of Arbitrary Arbitration

An example of where this could lead to is the case of Achmea vs the Republic of Slovakia. In this case, Achmea (which is a major Dutch insurance conglomerate) sued the Slovak Republic for damages because they wanted to re-nationalise their health care system. Of course, Achmea stood to lose millions of euros in potential profits due to this policy change, so they sued, citing alleged breaches of the Treaty on encouragement and reciprocal protection of investments between the Czech and Slovak Federal Republic and the Kingdom of the Netherlands. Luckily, the arbitration committee in this case dismissed all of Achmea’s claims, and recognised the sovereignty of the Slovak Republic to make these kinds of policy decisions.

Now imagine what happens when TTIP is implemented, on a massive scale and in a vast area across many different industries? What sovereignty do we have left when we have to think about protecting the profits of huge corporations with each and every policy decision?

Investor-State Dispute Settlement is wholly unnecessary

Protecting investments by means of arbitration committees only makes sense if your trading partner is a country without a well-developed and functioning legal system. It does not make sense whatsoever in the context of a free trade deal between the United States and the EU, since European countries do have functioning legal systems. It isn’t a union of banana republics. At least not yet. So any investment arbitration mechanism in the TTIP treaty that circumvents the nation states’ legal system is wholly unnecessary. The only reason it will make it into the treaty is to give big business a lot more power to overrule the decisions made by our elected representatives. One step closer to a United States of Europe, which in the vision of eurocrats the likes of Guy Verhofstadt is only complete when it stretches from California to the Caspian Sea.

Benito Mussolini, the fascist Italian dictator during WWII, once defined fascism as: the merger of the corporate with the state. When TTIP is passed, the corporate is the state! We will open our European markets up to American multinationals who, as we know, have little concern for labour standards, food safety regulations, and more. It will amount to us lowering our standards to theirs in the interest of “free trade”.  If we don’t lower our standards, that would imply that the United States would raise theirs, which is extremely unlikely to happen in the current political climate. It will introduce a dispute settlement system that is actively hostile to the very principle of democracy. And our parliaments will have no say in the matter. Despite what the average eurocrat says, these are very real dangers. But there are even more reasons not to want this trade agreement with the United States.

Free Trade? With the people who spy on their allies?

nsaRecently, news came out that the United States NSA spied on the German Chancellor and her most senior officials and also on the last 3 Presidents of the French Republic. These documents on WikiLeaks also reveal that the US has a decade-long policy of economic espionage, and is intercepting all French corporate contracts and deals valued over $200 million.

Two years after Edward Snowden’s revelations were made public, we have seen a move towards more secrecy, more surveillance, and more corporatism, and a lot less transparency and accountability. Transparency and accountability is also a major issue within the EU institutions and in particular the TTIP negotiations, but I’ll get to that it a bit.

Over the last 2 years we have seen moves by various European intelligence agencies to imitate the NSA and GCHQ in their capabilities. Just recently, the Dutch government released for public consulting a proposal aimed to give the AIVD, more power, authorising them to start tapping cable-bound communications.

Also, the FBI by means of James Comey and others in the US and UK (Cameron, May) are desperately trying to ban encryption, against all expert advice. Banning encryption makes us less secure, preventing, for example, banks and corporations from protecting our personal data against interception by criminals. Without encryption we cannot securely shop online, we cannot message online, businesses cannot keep their trade secrets confidential, etc. Encryption is essential to the internet, and essential to innovation.

The important point is this: Do we really want to increase cooperation in the areas of trade and industry, across all sectors, with the country that has been spying on us and disregards its own Constitution and rule of law? Do we really think that is in the interest of European citizens?

I wonder what would happen in the following hypothetical situation. Let’s say for the sake of argument that it is revealed that the Bundesnachrichtendienst (Germany’s foreign intelligence agency) has been spying on the last 3 US Presidents. Would the US then take the initiative and start negotiating a trade deal and much closer cooperation with the Europeans? Or would these actions be strongly condemned and action taken to prevent these actions in the future? I think we know what the response of the US in this hypothetical situation would likely be. However, in the real world, the US has been spying on the Europeans for decades on a massive scale, and we still don’t reconsider who our allies are?

verhofstadt_van_baalenWe still mindlessly follow the US lead when it comes to demonising Russia, we don’t consider what actions are in the best interest of European businesses, we continue to give the US great advantages as they continue to stir up trouble, start revolutions and regime changes in Ukraine, hurting stability in the entire region, with MEPs Verhofstadt & Van Baalen joining in, calling for regime change on Maidan square.

The fact that US foreign policy is not a force of good in the world would already be grounds to scrap this entire treaty altogether.

Europe’s democratic deficit

ostrakon

An Ancient Greek ὄστρακον (ostrakon), mentioning Megacles, son of Hippocrates (inscription: ΜΕΓΑΚΛΕΣ ΗΙΠΠΟΚΡΑΤΟΣ), 487 BC. In the ancient Athenian democracy, ὄστρακον were pieces of discarded pottery that people would scratch a name into to cast their vote of who to banish from the city.

Some people may accuse me of being Eurosceptic. That is not the case: I like the concept of European cooperation and integration, I have many clients across Europe, I like the fact that I am able to travel, live, and work anywhere in the European Union. That is not the problem, and in fact, one of the greatest achievements of close European cooperation.

What is the problem, however, is the clear lack of democracy and transparency at the European level at various European institutions. European elections are held to elect Members for a small piece of the pie that is the European Parliament (depending on the country you’re from the piece may be bigger or smaller), but other than that, the European institutions are completely closed from all meaningful interactions with European citizens. The Commission is not elected, and all other European institutions that make or influence European policy also have unelected officials who decide on things. We have 4 different Presidents responsible for God knows what, and all unelected. This is the major problem with the Union, and the thing in my opinion needs to be fixed before we start thinking about further expansion, or the transfer of even more powers to Brussels.

Europe should embrace democracy, not eschew it, like we could see yet again prior to the latest Greek referendum, when various European leaders made threats to the Greek people about the consequences should they not agree to more austerity. Even the President of the European Parliament, Mr. Martin Schultz has made such threats, which is wholly unbecoming of a President of a poor excuse of a Parliament, who should be above all parties, and adhere to independence from such political opinions.

Democracy is a great concept, invented in the 5th century BCE by the ancient Athenians in Greece. We should do more of it!

The Sad Truth

The sad truth regarding TTIP is that — based on the resolution just passed by the EP — I can already make the prediction regarding the final verdict of the European Parliament when the TTIP final document is finally presented to them: they will pass it, and it’ll probably include some sort of ISDS provision. There will probably be time pressure involved, requiring MEPs to read and interpret thousands of pages of legalese in a very short time-frame, which ensures that no MEP will actually read the document they vote on.

And when TTIP is passed, corporate fascism in Europe has won.

Regin: The Trojan Horse From GCHQ

In 2010, Belgacom, the Belgian telecommunications company was hacked. This attack was discovered in September 2013, and has been going on for years. We know that this attack is the work of Western intelligence, more specifically, GCHQ, thanks to documents from Edward Snowden. This operation was called Operation Socialist. Now, however, we know a little bit more about how exactly this attack was done, and by what means. Internet connections from employees of Belgacom were sent to a fake LinkedIn page that was used to infect their computers with malware, called “implants” in GCHQ parlance. Now we know that Regin is the name given to the highly complex malware that seems to have been used during Operation Socialist.

Projekt 28Symantec recently reported on this malware (the full technical paper (PDF) can be found here), and it’s behaviour is highly complex. It is able to adapt to very specific missions and the authors have made tremendous effort to make it hard to detect. The malware is able to adapt and change, and since most of anti-virus detection relies on heuristics, or specific fingerprints of known malware, Regin was able to fool anti-virus software and stay undetected. However, Symantec put two and two together and has now revealed some of Regin’s inner workings.

fig3-countriesThe infections have ranged from telecoms and internet backbones (20% of infections), to hospitality (hotels, etc.), energy, the airlines, and research sectors but the vast majority of infections has been of private individuals or small businesses (48%). Also, the countries targeted are diverse, but the vast majority of attacks is directed against the Russian Federation (28%) and Saudi Arabia (24%).

The Regin malware works very much like a framework, which the attackers can use to inject various types of code, called “payloads” to do very specific things like capturing screen-shots, taking control of your mouse, stealing passwords, monitoring your network traffic and recovering files. Several Remote Access Trojans (also known as RATs) have been found, although even more complex payloads have also been found in the wild, like a Microsoft IIS web server traffic monitor (this makes it easy to spy on who visits a certain website etcetera). Another example of a highly complex payload that has been found is malware to sniff administration panels of mobile cellphone base station controllers.

How Regin Works

As mentioned above, Regin works as a modular framework, where the attackers can turn on/off certain elements and load specific code, called a “payload,” to create a Regin version that is specifically suited to a specific mission. Note that it is not certain whether all payloads have been discovered, and that there may be more than the ones specified in the report.

fig2-sectorsRegin does not appear to target any specific industrial sector, but infections have been found across the board, but mostly in telecom and private individuals and small businesses. Currently, it is not known what infection vectors can possibly be used to infect a specific target with the Regin malware, but one could for instance think of tricking the target into clicking on a certain link in an e-mail, visiting spoof websites, or maybe through a vulnerable application installed on the victim’s computer, which can be used to infect the target with Regin. In one instance, according to the Symantec report, a victim was infected through Yahoo! Instant Messenger. During Operation Socialist, GCHQ used a fake LinkedIn page to trick Belgacom engineers into installing the malware. So one can expect infection to take place along those lines, but other possibilities may of course exist.

regin_stages

The various stages of Regin.

Regin has six stages in its architecture, called Stage 0 to Stage 5 in the Symantec report. First, a dropper trojan horse will install the malware on the target’s computer (Stage 0), then it loads several drivers (Stage 1 and 2), loads compression, encryption, networking, and EVFS (encrypted file container) code (Stage 3), then it loads the encrypted file container and loads some additional kernel drivers, plus the payloads (Stage 4), and in the final stage (Stage 5) it loads the main payload and the necessary data files for it to operate.

The malware seems to be aimed primarily against computers running the Microsoft Windows operating system, as all of the files discussed in the Symantec report are highly Windows-specific. But there may be payloads out there which target GNU/Linux or OS X computers. The full extent of the malware has not been fully revealed, and it will be interesting to find out more about the exact capabilities of this malware. The capabilities mentioned in the report are already vast and can be used to spy on people’s computers for extended periods of time, but I’m sure that there must be more payloads out there, I’m certain that we’ve only scratched the surface of what is possible.

Regin is a highly-complex threat to computers around the world, and seems to be specifically suited towards large-scale data collection and intelligence gathering campaigns. The development would have required significant investments of time, money and resources, and might very well have taken a few years. Some components of Regin were traced back all the way to 2003.

Western Intelligence Origins?

In recent years, various governments, like the Chinese government, and the Russian government, have been implicated in various hacking attempts and attacks on Western infrastructure. In the article linked here, the FBI accuses the Russians of hacking for the purpose of economic espionage. However, Western governments also engage in digital warfare and espionage, not just for national security purposes (which is a term that has never been defined legally), but they also engage in economic espionage. In the early 1990s, as part of the ECHELON programme, the NSA intercepted communications between Airbus and the Saudi Arabian national airline. They were negotiating contracts with the Saudis, and the NSA passed information on to Boeing which was able to deliver a more competitive proposal, and due to this development, Airbus lost the $6 billion dollar contract to Boeing. This has been confirmed in the European Parliament Report on ECHELON from 2001. Regin also very clearly demonstrates that Western intelligence agencies are deeply involved in digital espionage and digital warfare.

Due to the highly-complex nature of the malware, and the significant amount of effort and time required to develop, test and deploy the Regin malware, together with the highly-specific nature of the various payloads and the modularity of the system, it is highly likely that a state actor was behind the Regin malware. Also, significant effort went into making the system very stealthy and hard for anti-virus software to detect. It was carefully engineered to circumvent anti-virus software’s heuristic detection algorithms and furthermore, some effort was put into making the Regin malware difficult to fingerprint (due to its modular nature)

Furthermore, when looking at the recently discovered attacks, and more especially where the victims are geographically located, it seems that the vast majority of attacks were aimed against the Russian Federation, and Saudi Arabia.

According to The Intercept and Ronald Prins from Dutch security company Fox-IT, there is no doubt that GCHQ and NSA are behind the Regin malware. Der Spiegel revealed that NSA malware had infected the computer networks of the European Union. That might very well been the same malware.

Stuxnet

symantic_virus_discovery.siA similar case of state-sponsored malware appeared in June 2010. In the case of Stuxnet, a disproportionate amount of Iranian industrial site were targeted. According to Symantec, which has published various reports on Stuxnet, Stuxnet was used in one instance to change the speed of about 1,000 gas-spinning centrifuges at the Iranian nuclear power plant at Natanz, thereby sabotaging the research done by Iranian scientists. This covert manipulation could have caused an explosion at this nuclear facility.

Given the fact that Israel and the United States are very much against Iran developing nuclear power for peaceful purposes, thinking Iran is developing nuclear weapons instead of power plants, together with Stuxnet’s purpose to attack industrial sites, amongst those, nuclear sites in Iran, strongly indicates that the US and/or Israeli governments are behind the Stuxnet malware. Both of these countries have the capabilities to develop it, and in fact, they started to think about this project way back in 2005, when the earliest variants of Stuxnet were created.

Dangers of State-Sponsored Malware

The dangers of this state-sponsored malware is of course that should it be discovered, it may very well prompt the companies, individuals or states that the surveillance is targeted against to take countermeasures, leading to a digital arms race. This may subsequently lead to war, especially when a nation’s critical infrastructure is targeted.

The dangers of states creating malware like this and letting it out in the wild is that it compromises not only security, but also our very safety. Security gets compromised when bugs are left unsolved and back doors built in to let the spies in, and let malware do its work. This affects the safety of all of us. Government back doors and malware is not guaranteed to be used only by governments. Others can get a hold of the malware as well, and security vulnerabilities can be used by others than just spies. Think criminals who are after credit card details, or steal identities which are subsequently used for nefarious purposes.

Governments hacking other nations’ critical infrastructure would constitute an act of war I think. Nowadays every nation worth its salt has set up a digital warfare branch, where exploits are bought, malware developed and deployed. Once you start causing millions of Euros worth of damage to other nations’ infrastructure, you are on a slippery slope. Other countries may “hack back” and this will inevitably lead to a digital arms race, the damage of which does not only affect government computers and infrastructure, but also citizens’ computers and systems, corporations, and in some cases, even our lives. The US attack on Iran’s nuclear installations with the Stuxnet malware was incredibly dangerous and could have caused severe accidents to happen. Think of what would happen had a nuclear meltdown occurred. But nuclear installations are not the only ones, there’s other facilities as well which may come under attacks, hospitals for instance.

Using malware to attack and hack other countries’ infrastructure is incredibly dangerous and can only lead to more problems. Nothing has ever been solved by it. It will cause a shady exploits market to flourish which will mean that less and less critical exploits get fixed. Clearly, these are worth a lot of money, and many people that were previously pointing out vulnerabilities and supplying patches to software vendors are now selling these security vulnerabilities off on the black market.

Security vulnerabilities need to be addressed across the board, so that all of us can be safer, instead of the spooks using software bugs, vulnerabilities and back doors against us, and deliberately leaving open gaping holes for criminals to use as well.

The Internet of Privacy-Infringing Things?

Let’s talk a little bit about the rapid proliferation of the so-called Internet of Things (IoT). The Internet of Things is a catch-all term for all sorts of embedded devices that are hooked up to the internet in order to make them “smarter,” able to react to certain circumstances, automate things etcetera. This can include many devices, such as thermostats, autonomous cars, etc. There’s a wide variety of possibilities, and some of them, like smart thermostats are already on the market, with autonomous cars following closely behind.

According to the manufacturers who are peddling this technology, the purpose of hooking these devices up to the internet is to be able to react better and provide more services that were previously impossible to execute. An example would be a thermostat that recognises when you are home, and subsequently raises the temperature of the house. There are also scenarios possible of linking various IoT devices together, like using your autonomous car to recognise when it is (close to) home and then letting the thermostat automatically increase the temperature, for instance.

There are myriad problems with this technology in its current form. Some of the most basic ones in my view are privacy and security considerations. In the case of cars, Ford knows exactly where you are at all times and knows when you are breaking the speed limit by using the highly-accurate GPS that’s built into modern Ford cars. This technology is already active, and if you drive one of these cars, this information (your whereabouts at all times, and certain metrics about the car, like the current speed, mileage, etc.) are stored and sent to Ford’s servers. Many people don’t realise this, but it was confirmed by Ford’s Global VP of Marketing and Sales, Jim Farley at a CES trade show in Las Vegas at the beginning of this year. Farley later retracted his statements after the public outrage, claiming that he left the wrong impression and that Ford does not track the locations of their cars without the owners’ consent.

Google’s $3.2 billion acquisition

google-nest-acquisition-1090406-TwoByOneNest Labs, Inc. used to be a separate company making thermostats and smoke detectors, until Google bought it for a whopping $3.2 billion dollars. The Nest thermostat is a programmable thermostat that has a little artificial intelligence inside of it that enables it to learn what temperatures you like, turns the temperature up when you’re at home and turns it down when you’re away. It can be controlled via WiFi from anywhere in the world via a web interface. Users can log in to their accounts to change temperature, schedules, and see energy usage.

Why did Google pay such an extraordinary large amount for a thermostat company? I think it will be the next battleground for Google to gather more data, the Internet of Things. Things like home automation and cars are markets that Google has recently stepped into. Technologies like Nest and Google’s driver-less car are generating massive amounts of data about users’ whereabouts and things like sleep/wake cycles, patterns of travel and usage of energy, for instance. And this is just for the two technologies that I have chosen to focus my attention on for this article. There are lots of different IoT devices out there, that eventually will all be connected somehow. Via the internet.

Privacy Concerns

One is left to wonder what is happening with all this data? Where is it stored, who has access to it, and most important of all: why is it collected in the first place? In most cases this collecting of data isn’t even necessary. In the case of Ford, we have to rely on Farley’s say-so that they are the only ones that have access to this data. And of course Google and every other company out there has the same defence. I don’t believe that for one second.

The data is being collected to support a business model that we see often in the tech industry, where profiles and sensitive data about the users of a service are valuable and either used to better target ads or directly sold on to other companies. There seems to be this conception that the modern internet user is used to not paying for services online, and this has caused many companies to implement the default ads-based and data and profiling-based business model. However, other business models, like the Humble Bundle in the gaming industry for instance, or online crowd-funding campaigns on Kickstarter or Indiegogo have shown that the internet user is perfectly willing to spend a little money or give a little donation if it’s a service or device that they care about. The problem with the default ads-based business model discussed above is that it leaves the users’ data to be vulnerable to exposure to third parties and others that have no business knowing it, and also causes companies to collect too much information about their users by default. It’s like there is some kind of recipe out there called “How to start a Silicon Valley start-up,” that has profiling and tracking of users and basically not caring about the users’ privacy as its central tenet. It doesn’t have to be this way.

Currently, a lot of this technology is developed and then brought to market without any consideration whatsoever about privacy of the customer or security and integrity of the data. Central questions that in my opinion should be answered immediately and during the initial design process of any technology impacting on privacy are left unanswered. First, if and what data should we collect? How easy is it to access this data? I’m sure it would be conceivable that unauthorized people would also be able to quite easily gain access to this data. What if it falls into the wrong hands? A smart thermostat like Google Nest is able to know when you’re home and knows all about your sleep/wake cycle. This is information that could be of interest to burglars, for instance. What if someone accesses your car’s firmware and changes it? What happens when driver-less cars mix with the regular cars on the road, controlled by people? This could lead to accidents.

Vulnerabilities

And what to think of all those “convenient” dashboards and other web-based interfaces that are enabled and exposed to the world on all those “smart” IoT devices? I suspect that there will be a lot of security vulnerabilities to be found in that software. It’s all closed-source and not exposed to external code review. The budgets for the software development probably aren’t large enough to accommodate looking at the security and privacy implications of the software and implementing proper safeguards to protect users’ data. This is a recipe for disaster. Only when using free and open source software can proper code-review be implemented and code inspected for back-doors and other unwanted behaviour. And it generally leads to better quality software, since more people are able to see the code and have the incentives to fix bugs, etc. in an open and welcoming community.

Do we really want to live in a world where we can’t have privacy any more, where your whereabouts are at all times stored and analysed by god-knows who, and all technology is hooked up to each other, without privacy and security considerations? Look, I like technology. But I like technology to be open, so that smart people can look at the insides and determine whether what the tech is doing is really what it says on the tin, with no nasty side-effects. So that the community of users can expand upon the technology. It is about respecting the users’ freedom and rights, that’s what counts. Not enslaving them to closed-source technology that is controlled by commercial parties.

Economic Consequences of NSA Surveillance

Note: This article is also available in Portuguese, translated by Anders Bateva.

(Note: A version of this article also got published on Consortium News) In the last 6 months or so, Edward Snowden, former NSA contractor, came forward with revelations about the NSA, disclosing quite a few of the agency’s surveillance programs, and revealing that the agency has the most blatant disrespect for civil rights and spies on everything and everyone, all over the world, in a Pokémon-style “Gotta catch ’em all!” fashion. The actions of the NSA are also having a real effect on the United States economy. Let’s talk about the economic consequences the NSA’s surveillance programs will have on the United States economy, and, more specifically, its tech industry. The actions of the US administration, and more specifically what the NSA is doing with their surveillance programs, are having a big impact on the US economy, especially in Silicon Valley. Why would I store my data on servers in the United States, where this data is easily accessible by the NSA, among others, if I can just as easily store it in Europe or some other, more secure place?

A Positive Investment Climate

To understand the US hegemony when it comes to IT companies and services, it is good to have a look at the history of the investment climate. Why did these companies pop up in the United States? Why wasn’t Google invented in, say, Germany, or Finland? The reason many of these cloud storage services and internet companies popped up in Silicon Valley as opposed to Europe, say, is because of the investment climate in the United States, which made it much easier to start an internet company in the United States. Large institutional investors, venture capitalists, are less likely to invest in a start-up in Europe. Also, bankruptcy laws are much more relaxed in the US as opposed to Europe. Whereas in the US, you can be back on your feet in a year or so after going bankrupt, in Europe, this is generally a much longer process. According to the Economist, it takes a minimum of 2 years in Spain, 6 years in Germany, and a whopping 9 years in France. In my own country, The Netherlands, it takes 3 years to be debt-free again after a bankruptcy, but if you go bankrupt in Paris, good luck, you’ve just ruined your future. This makes it far more risky to try new things and set up shop in Europe, because the consequences if things go bad are so much worse. Unfortunately, this has left us Europeans in the position that we currently don’t really have a European ‘Silicon Valley’, we don’t have a lot of viable, easy to use alternatives, and these desperately need to get developed. We depend too much on American companies right now, and I think it’s good if we diversified more, so that we will get a healthy market with plenty of good alternatives, instead of what we have now, which is a US monopoly on web-mail (Gmail/Hotmail etc.), social networks (Facebook, Twitter, LinkedIn, Foursquare, etc.), internet search (Google), cloud storage (Dropbox, Microsoft, Amazon), and other things. Already, cloud storage providers in Silicon Valley currently see big drops in their revenues because of the disclosures of Snowden. Why would we store our data across the pond? This is the central question and this is having real economic consequences for the United States.

US Cloud Service Providers Face Economic Consequences

US Cloud Service Providers Face Economic Consequences Because Of NSA SurveillanceCloud providers based in the US were experiencing significant profit drops when the NSA revelations were made public. People outside the United States suddenly began to question whether their sensitive data was safe on American soil. All these companies are subject to the  PATRIOT Act, which requires them to hand over any information and data they have on their customers, and they are prohibited by the US government to tell their customers about it. So the conclusion can quite definitively be that no, your data cannot be trusted to stay secure if you send it over to the United States, by using ‘convenient’ cloud services like Dropbox, or Amazon, among others.

This is the critical criterion. It doesn’t matter that the company tells you that they use the most high-end military-grade encryption, it doesn’t matter that they thought of an interesting technical solution to try and circumvent surveillance, it doesn’t matter that they write glowing blog posts solemnly promising not to hand over your data, all that matters is that it is a US company, required to obey US law, and required to hand over your data. Few companies will be able to resist the pressure and forfeit their entire business model to protect your privacy. This is also what strikes me as funny when I read about major US tech companies, like Google, Apple and Microsoft, who found out that their server-to-server connections were being intercepted by NSA. These intra-server connections were not encrypted, sent in the clear, probably on some private fibre optic cable. Of course this could be intercepted given the NSA’s technical competence. So now these companies are trying really hard to sell the story to their overseas customers that their intra-server communications are now fully encrypted. This is a feeble attempt to keep some of their customers from switching to alternatives (of which there are not many, unfortunately), as these companies are still US companies, with offices and infrastructure in the US, and the need to obey the laws over there. So it’s totally irrelevant that these tech companies are now encrypting their intra-server communications, as the US government can simply request the data via other, more official means. But these companies aren’t just promoting irrelevant measures, they actively act against our interests. After the revelations done by Edward Snowden, Facebook is making data hand-offs to US authorities easier (fully automated, without judicial oversight). Facebook is also partnering with police to make protests harder to organise. And still we insist in using its social network. These are instruments of control and surveillance. We’re not their customers, we’re the product being sold. We have a distinct lack of viable alternatives which aren’t based in the US, and it’s important to remember that social networks have a social aspect. It isn’t enough for you to change over to a competitor, you have to convince your friends to switch as well. This is what keeps social networks afloat for so long, because this is indeed very hard to do.

March to Irrelevance

In October 2013, Congress raised the debt ceiling again, which will buy some time until January 2014. Then they will have the exact same problem. The United States is structurally spending more money than they have available, and current US national debt ($17 trillion dollars) can never be repaid. They are pretty much already in default. But since the financial system is based on trust and hearsay, smoke and mirrors, it takes a while for people to face the reality, wake up and smell the coffee. At which point the United States will be an irrelevant relic from the past. Here in Europe, we need to protect our own citizens’ interests, and start developing viable alternatives for the US hegemony, because the US hegemony will be over one day.