What does it mean if your phone is a gateway into experiences and other narrativesi
Aaron Swartz was not yet a legend when, almost two years ago, I asked him to build an open-source, anonymous in-box. His achievements were real and varied, but the events that would come to define him to the public were still in his future: his federal criminal indictment; his leadership organizing against the censorious Stop Online Piracy Act; his suicide in a Brooklyn apartment. I knew him as a programmer and an activist, a member of a fairly small tribe with the skills to turn ideas into code—another word for action—and the sensibility to understand instantly what I was looking for: a slightly safer way for journalists and their anonymous sources to communicate.
There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards.
Aaron was attuned to this kind of problem. I’d first met him in 2006, when he and two other coders sold the social-news site Reddit to Condé Nast, the parent company of Wired, where I’m an editor, and of The New Yorker. The three of them moved into a converted conference room in the corner of Wired’s San Francisco headquarters. Aaron stood out from his colleagues—he was moody, quiet, and blogged about how much he disliked working there.
Then, one Monday, he left the office to spend the day at a nearby federal courthouse where oral arguments were unfolding in Kahle v. Gonzales, a Constitutional copyright battle being waged by the law professor Lawrence Lessig. When he got back, he asked me, somewhat shyly, if he could write something for Wired about the proceedings. The resulting seven-hundred-word blog post was crisply written and clearly laid out the issues. I wondered about this young tech-startup founder who put his energy into the debate over corporate-friendly copyright term extensions. That, and his co-creation of an anonymity project called Tor2Web, is what I had in mind when I approached him with the secure-submission notion. He agreed to do it with the understanding that the code would be open-source—licensed to allow anyone to use it freely—when we launched the system.
He started coding immediately, while I set out to get the necessary servers and bandwidth at Condé Nast. The security model required that the system be under the company’s physical control, but with its own, segregated infrastructure. Requisitioning was involved. Executives had questions. Lawyers had more questions.
In October, 2011, Aaron came to the Wired office and we whiteboarded some of the details. In the intervening years, Aaron’s quiet withdrawal had shifted into a tentative confidence, his sullenness replaced by a disarming smile and a gentle generosity. Before he left, I walked him over to the new, much larger Reddit office next door. He stepped inside, looked around, and walked back out without anyone recognizing him.
By then, Aaron had been indicted for bulk downloading four million articles from JSTOR, an academic database, from M.I.T.’s public network, and the case must have been weighing on him. But he wouldn’t talk about it.
He lived in New York then, so my interactions with him from that point on were mostly electronic. The system, which we came to call DeadDrop, was a back-burner project for both of us, and Aaron had a lot of front burners. I learned his protocol: when he had the time to code, I could reach him on the phone or on Skype. We had long exchanges about security and features; Aaron rejected the ones he thought would overcomplicate the system—individual crypto keys for every reporter at a news organization, for example.
In New York, a computer-security expert named James Dolan persuaded a trio of his industry colleagues to meet with Aaron to review the architecture and, later, the code. We wanted to be reasonably confident that the system wouldn’t be compromised, and that sources would be able to submit documents anonymously—so that even the media outlets receiving the materials wouldn’t be able to tell the government where they came from. James wrote an obsessively detailed step-by-step security guide for organizations implementing the code. “He goes a little overboard,” Aaron said in an e-mail, “but maybe that’s not a bad thing.”
By December, 2012, Aaron’s code was stable, and a squishy launch date had been set. Then, on January 11th, he killed himself. In the immediate aftermath, it was hard to think of anything but the loss and pain of his death. A launch, like so many things, was secondary. His suicide also raised new questions: Who owned the code now? (Answer: he willed all his intellectual property to Sean Palmer, who gives the project his blessing.) Would his closest friends and his family approve of the launch proceeding? (His friend and executor, Alec Resnick, reports that they do.)The New Yorker, which has a long history of strong investigative work, emerged as the right first home for the system. The New Yorker’s version is called Strongbox; it went online this morning.
Nine days after Aaron’s death, his familiar Skype avatar popped up on my computer screen. Somewhere, somebody—probably a family member—had booted up his computer. I fought the irrational urge to click on the icon and resume our conversation. Then he vanished from my screen again.
dystopiance reblogged
Information is power. But like all power, there are those who want to keep it for themselves. The world’s entire scientific and cultural heritage, published over centuries in books and journals, is increasingly being digitized and locked up by a handful of private corporations. Want to read the papers featuring the most famous results of the sciences? You’ll need to send enormous amounts to publishers like Reed Elsevier. There are those struggling to change this. The Open Access Movement has fought valiantly to ensure that scientists do not sign their copyrights away but instead ensure their work is published on the Internet, under terms that allow anyone to access it. But even under the best scenarios, their work will only apply to things published in the future. Everything up until now will have been lost. That is too high a price to pay. Forcing academics to pay money to read the work of their colleagues? Scanning entire libraries but only allowing the folks at Google to read them? Providing scientific articles to those at elite universities in the First World, but not to children in the Global South? It’s outrageous and unacceptable. “I agree,” many say, “but what can we do? The companies hold the copyrights, they make enormous amounts of money by charging for access, and it’s perfectly legal — there’s nothing we can do to stop them.” But there is something we can, something that’s already being done: we can fight back. Those with access to these resources — students, librarians, scientists — you have been given a privilege. You get to feed at this banquet of knowledge while the rest of the world is locked out. But you need not — indeed, morally, you cannot — keep this privilege for yourselves. You have a duty to share it with the world. And you have: trading passwords with colleagues, filling download requests for friends. Meanwhile, those who have been locked out are not standing idly by. You have been sneaking through holes and climbing over fences, liberating the information locked up by the publishers and sharing them with your friends. But all of this action goes on in the dark, hidden underground. It’s called stealing or piracy, as if sharing a wealth of knowledge were the moral equivalent of plundering a ship and murdering its crew. But sharing isn’t immoral — it’s a moral imperative. Only those blinded by greed would refuse to let a friend make a copy. Large corporations, of course, are blinded by greed. The laws under which they operate require it — their shareholders would revolt at anything less. And the politicians they have bought off back them, passing laws giving them the exclusive power to decide who can make copies. There is no justice in following unjust laws. It’s time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture. We need to take information, wherever it is stored, make our copies and share them with the world. We need to take stuff that’s out of copyright and add it to the archive. We need to buy secret databases and put them on the Web. We need to download scientific journals and upload them to file sharing networks. We need to fight for Guerilla Open Access. With enough of us, around the world, we’ll not just send a strong message opposing the privatization of knowledge — we’ll make it a thing of the past. Will you join us? Aaron Swartz July 2008, Eremo, Italy
dystopiance reblogged
The United States House of Representatives approved the Cyber Intelligence Sharing and Protection Act (CISPA) [Thursday] by a comfortable 288 to 127 margin. Almost half of the House’s Democrats joined 196 Republicans in supporting the measure.
The legislation grants companies broad legal immunity when they share information related to online threats with one another and with the federal government. Advocates argue that the legislation is needed to allow companies to quickly and efficiently share information in order to help secure their networks.
But critics such as the American Civil Liberties Union and the Electronic Frontier Foundation describe the legislation as an attack on user privacy. They worry that companies will use the broad immunity offered by CISPA to ignore other laws that protect consumer privacy. And in a veto threat issued on Tuesday, the White House echoed these arguments.
“The bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities,” the Obama administration said on Tuesday.
“The US House just passed CISPA, undermining the privacy of millions of Internet users,” the Electronic Frontier Foundation said in a tweet. “Now we take this fight to the Senate.”
“I voted against #CISPA because it does not adequately protect the civil liberties of Americans,” Rep. Anna G. Eshoo (D-CA) tweeted. “People deserve both privacy and security.”
So far, the CISPA debate has been a repeat of last year’s legislative process. An earlier version of CISPA passed the House in 2012 despite the objection of civil liberties groups, but companion legislation got bogged down in the Senate.