Law in the Internet Society
ready for review

Arrested Development: musings on the interdependence of State and commercial actors in the development of communication software and hardware

-- By NikolaosVolanis - 05 Nov 2009

1. The Argument

I will attempt to demonstrate how the interdependence of governmental and private commercial interests are detrimental for the development of communication networks and communications related software. My basic proposition is the following:

A. State law enforcement interests mandate specific technological solutions which allow for increased traceability of the behavior of individuals over electronic communications networks.

B. In order to achieve this purpose, the state has to engage either in regulation of technology directly (regulation by legislation) or indirectly by incentivising the providers of communications hardware and software to adopt a preferable techological solution.

C. Being for-profit entities, these intermediaries are primarily concerned with minimizing losses, by avoiding governmental contempt which could lead to administrative penalties or other sanctions.

D. In this context, when communications hardware and software is provided by commercial enterprises, asserting control over the latter through indirect regulation asserts influence over the specifications of hardware and software output. Digital surveillance and enforcement interests are better served through a top-down production process by commercial actors, whereas the latter may achieve higher profits or preferable treatment by ensuring that their hardware and software complies with state-endorsed specifications.

E. In this business-political embrace, grassroots software or hardware development may offset a drive towards excessive governmental control over the digital behavior of individuals.

2. Analysis

Our recent discussion regarding encryption technology not only demonstrates that the state can have an interest in regulating electronic communications code (as this allows for better enforcement and traceability), but also that such control can be exercised through commercial technologies, when the latter are favored by regulation.

A. + B. In the U.S., both the Arms Export Control Act (and the Traffic in Arms Regulations) as well as the Communications Assistance for Law Enforcement Act (CALEA, enacted in 1994) dealt with the critical issue of cryptography and the danger that this technology may pose to national defense and law enforcement respectively. In the wake of widespread migration to digital telephony and data networks such as the net, CALEA’s purpose was to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance by requiring that telecommunications operators and manufacturers of telecommunications equipment take necessary steps to ensure that their equipment and services support built-in surveillance capabilities, so as to allow state monitoring of communications traffic in real-time. Around the same time (1993), the U.S government developed and promoted an encryption device to be adopted by telecommunications operators for voice transmission, the “Clipper Chip”. The core of that concept was based on the ability of the Government to override the encryption technology at will (“established authority”), since the cryptographic key of every device bearing the chip would be put in governmental escrow. Although this initiative met considerable protest (see here for example), the U.S. government continued to press for key escrow by offering incentives to manufacturers (e.g. by allowing more relaxed export controls if key escrow was part of the software exported - for a more detailed account, see here (pp.15-17) - or by using the government's power as a major consumer of cryptographic products to rig the market). Still, with the release and swift propagation of independent free software such as PGP and Nautilus (open source software which provided strong encryption without key escrow requirements), it became impossible for the U.S. government to effectively advance its preferred encryption technology. After all, due to consitutional concerns, the adoption of such technology was voluntary. However, the solution did not come from large commercial entities, but from small grassroots initiatives.

C. + D. Indeed, by enabling both confidentiality and identification, encryption technology can be perceived as both “liberating” and “oppressive” technology, depending on the actual parameters that define its use. The aforementioned examples demonstrate that as software or hardware development becomes a commercial activity, it is produced by a smaller number of for-profit entities, which, in turn can be incentivized or disincentivized by the state in adopting specific technological solutions or complying with governmental regulations. Although, for example, the IT-savvy community has argued that such an artificial attempt to control the flow of information and to restrain it within the U.S. would be futile, still, companies in the business of producing encryption technology prefered to comply with government regulations, in fear of invoking government contempt (or worse). Likewise, a company called Network Associates (the successor of the PGP software), originally a strong opponent of encryption regulation, started to offer products that adopted key recovery mechanisms for corporations. With regard to the hardware industry, Cisco provides us with another example of a company submitting to governmental incentives through regulation: In 1998, it announced a router that would enable encryption (thus providing encryption at the OSI network layer, not the application layer, as it is the case with software such as PGP), but which would contain a switch which would allow the government to override such encryption (p.71) so as to monitor internet traffic.

The aforementioned cases indicate that the state may influence the supply of hardware and software by commercial entities, by effectively asserting indirect control over the commercial entities themselves. A final and more recent example may be that of Google and its political/business interaction with the Chinese government: Google adopts the technology mandated by brute political force; Chinese governmental concerns about information over the net are fully addressed (since they are embedded in computer code) and Google can access and profit from the Chinese market. It takes a couple of golden handshakes and historical or current politically sensitive issues like “Tiananmen Protests” or “Tibetan independence” are seamlessly purged from the Google search results. A similar story took place with Yahoo! in 2002, whereas Microsoft's Bing it the most recent example search engine that respectfully bowed down before Party propaganda.

E. In this context, communications software and hardware acquires a meaning that surpasses the field of engineering. It becomes a form of control and thus a focus of political contest and choice (p. 28). And in such political contest, free software (“free as in free speech”) acquires its full potential

# * Set ALLOWTOPICVIEW = TWikiAdminGroup, NikolaosVolanis

Nikolaos,

I enjoyed your essay. I agree that in the context you describe the tools of communication "surpass[] the field of engineering," and I also agree that the power of free software in such a domain, especially in light of governmental influence (as you describe), is significant. My only suggestion would be to consider drawing out E. just a bit more. Your discussion of C+D in light of A+B does a good job of painting a picture of the current situation, and in doing so your essay clearly conveys the dangers of the status quo. While I follow what you mean in E. and how you see it as a possible remedy, it would be helpful to add a sentence or two explaining it further. Otherwise, I appreciated the detailed links and careful historical discussion. I think the essay is nicely done.

-- BrianS - 03 Dec 2009

 

Navigation

Webs Webs

r9 - 03 Dec 2009 - 06:52:18 - BrianS
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM