Damn the Constitution: Europe must take back the Web

Meatspace rules rule, OK?

Opinion I've had enough of US hegemony. It's time for change -and a closed European network.

Today's Internet is a poor respecter of national boundaries, as many repressive governments have found to their cost. Unfortunately this freedom has been so extensively abused by the United States and its politicians, lawyers and programmers that it has become a serious threat to the continued survival of the network as a global communications medium. If the price of being online is to swallow US values, then many may think twice about using the Net at all, and if the only game online follows US rules, then many may decide not to play.

We have already seen US law, in the form of Digital Millennium Copyright Act, used to persuade hosts in other countries to pull material or limit its availability. US-promoted 'anti-censor' software is routinely provided to enable citizens of other countries to break local laws; and US companies like Yahoo! disregard the judgements of foreign courts at will.

Congressman Howard Berman's ridiculous proposal to give copyright holders immunity from prosecution if they hack into P2P networks is the latest attempt by the US Congress to pass laws that will directly affect every Internet user, because no US court would allow prosecution of a company in another jurisdiction when immunity is granted by US law.

Unless we can take back the Net from the libertarians, constitutional lawyers and rapacious corporations currently recreating the worst excesses of US political and commercial culture online, we will end up with an Internet which serves the imperial ambitions of only one country instead of the legitimate aspirations of the whole world.

While this would greatly please the US, it would not be in the interests of the majority of Internet users, who want a network that allows them to express their own values, respects their own laws and supports their own cultures and interests.

US domination has been going on for so long that many see it as either inevitable or desirable. 'They may have their problems but at least they believe in democracy, free speech and the market economy', the argument goes. Yet today's United States is a country which respects freedom so much that if I, a European citizen, set foot there I can be interned without any notice or due process, tried by a military tribunal and executed in secret.

It has a government which respects free speech yet tries to persuade postal workers to spy on people as they delivered their mail. Its Chief Executive illegally sold shares when in possession of privileged information about an impending price crash. ICANN, the body it established to manage DNS, had to be ordered by a court to let one of its own directors examine the company accounts for fear he may discover something untoward. And elected representatives -like the aforementioned Howard Berman -are paid vast amounts by firms lobbying for laws which serve their corporate interests.

These are clearly not the people who should be setting the rules for the Net's evolution. Unfortunately today's Internet, with its permissive architecture and lack of effective boundaries or user authentication, makes it almost impossible to resist this technological imperialism.

Who trusts you, baby?
Fortunately the technology itself - in the form of trusted computer architectures, secure networks and digital rights management - can be used to rescue the Net from US control.

These developments, reviled and criticised by those inside and outside the continental United States who hold on to an outdated and unrealistic view of what the Net was or could become, are the key to its future growth and usefulness. Whatever the libertarians say, they must be defended, promoted - and properly controlled.

I believe that the time has come to speak out in favour of a regulated network; an Internet where each country can set its own rules for how its citizens, companies, courts and government work with and manage those parts of the network that fall within its jurisdiction; an Internet that reflects the diversity of the world's legal, moral and cultural choices instead of simply propagating US hegemony; an Internet that is subject to political control instead of being an uncontrolled experiment in radical capitalism. It is time to reclaim the net from the Americans.

This will not be easy. In order to do this we have to reject two beliefs that underpin our current understanding of the Net, and these beliefs, although wrong, are dear to many.

The first is the idea that the Internet is somehow outside or above the real world and its national boundaries. If I phone someone in Nigeria and suggest a money-laundering fraud then it is obvious to all that I am breaking the law in two countries, not in 'phonespace'. Nobody has ever suggested that the content of the telephone network -all those voice calls -should be somehow privileged and treated as outside the normal world.

Why, then, do we act as if our interactions with screen, mouse and keyboard are different? If I send an email suggesting that I am in possession of $50m and will hand it over in return for your bank details, why can't it just be that I also am breaking the law in two countries, not in some mythical 'cyberspace' with its own legal system?

Losing the idea of 'cyberspace' simplifies things greatly.

The other thing we need to lose is the ridiculous belief that when we are online we are somehow in 'another place' outside the real world. We need to reject the philosophical bullshit which argues that there is an equivalence between being simultaneously a 'citizen' of Maine and of the United States and our co-existence in the real world and the online world *, and accept instead the mundane reality that nobody has any real form of existence online - either now or in the foreseeable future.

This makes our discussion a lot simpler because we no longer have to grapple with the idea of having two forms of existence - the one that involves breathing, pissing and fucking and the one that involves typing. We don't have to stretch our legal or constitutional thinking to cope with the apparent contradiction of being in 'two places' with different standards of behaviour at the same time.

We can also deal with the problems of jurisdiction for online activity in the same way as we deal with it elsewhere: in the UK we're perfectly happy to prosecute someone for war crimes committed fifty years ago in another country, so why are there problems if the crime involved the Internet? Under English law a sex tourist can be prosecuted here even if he has sex with a child in Thailand: surely prosecuting someone for promoting racial hatred on a US-hosted website can't be that different?

This is not to claim that these issues are all simple, resolvable and determinate, just to point out that we already have legal systems - admittedly imperfect - in place that can deal with them mostly adequately, most of the time. In general the few exceptions are not allowed to be used as arguments for making bad law. We must not allow the Net to be the biggest exception, creating the worst law of all.

Brave Old World

This is hard for many old-time Net users to accept, because we like the idea that being online takes us into a new space, a new world. But it is simply not the case: we are not creating a brave new online world out of our electrons and pixels. It is all one world - the only difference is that we currently lack the ability to map our online activity onto our real-world lives with any degree of certainty. The result is that cyberspace appears somehow to be divorced from the physical world - but this is just an artifact of our current technologies and not a fundamental principle.

Once we clear our minds of these erroneous beliefs we can see that the US has no right to determine how the whole Internet is run. Each country should decide for itself. All we need to do is to mark out the network, using trusted computers and secure networks to locate servers, hosts, networks and people within geographically-defined areas - or nation states as they are usually known - and let the countries get on with it. We can establish the rule of law, national sovereignty and local values in those parts of the network that fall within the jurisdiction of a particular country, and let normal diplomatic, cultural and commercial channels deal with the interaction between countries.

This would not stop the US treating its Constitution as the only true source of wisdom or framing their discussions in terms that draw only from the US political and economic tradition. But if they decide to run their part of the Net according to the principles laid down two hundred and fifty years ago by a bunch of renegade merchants and rebellious slave owners they would not be able to force the rest of us to follow suit.

If they want a First Amendment online, or to let some gun-toting nut argue that writing viruses is the online equivalent of carrying a concealed weapon and so counts as a constitutionally protected right then they can go ahead - the rest of us can do things differently. ('Viruses don't trash hard drives - people trash hard drives.')

A cyberspace in which each machine is 'within' a jurisdiction and where actions can be mapped onto physical space will be very different from today's Internet.

In the mapped network we will not have the absolute freedom of speech which cyberlibertarians claim they want, but neither will we get absolute oppression, absolute free market capitalism or even absolute communism. We will instead get compromise, and regional or national variation, just as in the real world.

Many will see this as a loss of freedom, but the freedom they value so much is also the freedom to act irresponsibly, to undermine civil authorities and to escape liability. It is the freedom to release viruses, abuse personal data, send unlimited spam and undermine the copyright bargain. It is not a freedom we need.

It is easy to see why this approach will be resisted by US activists, of whatever political persuasion, who see the 'one world, one cyberspace' approach as a convenient way to establish an online constitutional hegemony. It will also be resisted by many of those who see any attempt to create trusted software running on secure processors as the network equivalent of the arrival of the black helicopters from the UN World Government Army.

However their position is untenable, because the vast majority of Internet users need and want a secure network where they can use email, look at Websites, shop, watch movies and chat to friends, and they are happy to accept that this is a regulated space just as most areas of life are.

Even if we don't act we will still get a regulated network, because the commercial interests which dominate the US know that it is a prerequisite for a digital economy. However the shape of that network will be entirely determined by US interests, just like today. It is therefore vital that a different approach to the development of the Internet is proposed -and I believe that Europe is the place for it to start.

Bring it back

Europe is the birthplace of the Web, with a wealthy, technically literate population, a network infrastructure that rivals that of the US and a rich cultural and political tradition which can counter US constitutional imperialism.

An important factor in Europe's favour is that we retain a belief that governments are a good thing, that political control is both necessary and desirable, and that laws serve the people. These beliefs are now lacking in the United States, rendering it incapable of acting to create any sort of civic space online or allowing its government to intervene effectively to regulate the Net.

The recently-agreed .eu ccTLD could be a rallying point for a serious attempt to extend the EU online, adopting new standards for trusted computing, regulating their use within EU countries and establishing a European dataspace which would grow over time to become a major node in the emerging trusted network that will replace today's Internet.

It will take political will and technological skill to do this, and it will not be achievable overnight. But if we are to escape a world where corporations build systems which are only capable of supporting US-style online government, or where trusted software is a trojan horse carrying the US constitution into our online life when we neither want nor need it, then we need to act now.

A trusted network will not stop the Americans - or anyone else - opting out and remaining with their existing unregulated Internet. Just like the survivalists heading out to Oregon with their assault weapons and dried food, those who don't want to be part of the great online civilisation could establish their own enclaves, where they would be free to run the code of their choice.

But inside Europe our values, our principles and our legal system can determine how our part of the Net is run. Personal data would be protected by law, and those who abused the information provided to them by individuals would be prosecuted. Data flows into and out of Europe would be properly regulated and controlled to ensure that neither spam nor viruses came in, and that no personal data went out without explicit consent.

In Europe our copyright laws allow lending of material, and so media players licensed for use within the dataspace would not restrict personal copying or lending, although they would respect other rights.

In Europe community standards for freedom of speech differ substantially from those of the United States, where any sensible discussion is crippled by the constitution and the continued attempts to decide how many Founding Fathers can stand on the head of a pin.

Over here, human rights legislation, interpreted by judges who are able to use their intelligence instead of just relying on textual analysis of the Bill of Rights, gives us a much better chance of tying online action to the real world and integrating cyberspace with real space in way that benefits both.

In the end, William Gibson was wrong: cyberspace is not another place, it's just part of this space. There is no 'there, there' : in fact, it isn't really there at all. The illusion is, in the end, only an illusion, however consensual it may be. Not only does 'meatspace rule', but 'meatspace rules rule' - the laws and regulations that govern the Net, whether they are legal, social, architectural or code-based, will all come from the real world, where judges, lawyers, programmers, politicians and - in some way -citizens get to decide how our online activities and our real world lives mesh and are linked.

The United States is incapable, for the reasons I've described, of understanding this or of escaping its constitutionally-determined destiny to attempt to establish hegemony over cyberspace.

It cannot be allowed to succeed, and so those of us within Europe need to begin to work now to extend our culture onto the Net in all its complex glory. We need to build our borders online and offer our citizens protection within those borders, and escape from America.

* Much as I like Lessig's work, he just goes too far here. I blame law school. Being a Cambridge philosopher manqué I tend to have a more brutal constructivist approach to this sort of thing.

© Bill Thompson.

Other stories you might like

  • Screencastify fixes bug that would have let rogue websites spy on webcams
    School-friendly tool still not fully protected, privacy guru warns

    Screencastify, a popular Chrome extension for capturing and sharing videos from websites, was recently found to be vulnerable to a cross-site scripting (XSS) flaw that allowed arbitrary websites to dupe people into unknowingly activating their webcams.

    A miscreant taking advantage of this flaw could then download the resulting video from the victim's Google Drive account.

    Software developer Wladimir Palant, co-founder of ad amelioration biz Eyeo, published a blog post about his findings on Monday. He said he reported the XSS bug in February, and Screencastify's developers fixed it within a day.

    Continue reading
  • FTC urged to protect data privacy of women visiting abortion clinics
    As Supreme Court set to overturn Roe v Wade, safeguards on location info now more vital than ever

    Democrat senators have urged America's Federal Trade Commission to do something to protect the privacy of women after it emerged details of visits to abortion clinics were being sold by data brokers.

    Women's healthcare is an especially thorny issue right now after the Supreme Court voted in a leaked draft majority opinion to overturn Roe v Wade, a landmark ruling that declared women's rights to have an abortion are protected by the Fourteenth Amendment of the US Constitution.

    If the nation's top judges indeed vote to strike down that 1973 decision, individual states, at least, can set their own laws governing women's reproductive rights. Thirteen states already have so-called "trigger laws" in place prohibiting abortions – mostly with exceptions in certain conditions, such as if the pregnancy or childbirth endangers the mother's life – that will go into effect if Roe v Wade is torn up. People living in those states would, in theory, have to travel to another state where abortion is legal to carry out the procedure lawfully, although laws are also planned to ban that.

    Continue reading
  • Zuckerberg sued for alleged role in Cambridge Analytica data-slurp scandal
    I can prove CEO was 'personally involved in Facebook’s failure to protect privacy', DC AG insists

    Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal. 

    DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant.

    That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data harvesting was covered by mainstream media. Facebook repeatedly stymied document production attempts, Racine claimed, and the paperwork it eventually handed over painted a trail he said led directly to Zuck. 

    Continue reading
  • Florida's content-moderation law kept on ice, likely unconstitutional, court says
    So cool you're into free speech because that includes taking down misinformation

    While the US Supreme Court considers an emergency petition to reinstate a preliminary injunction against Texas' social media law HB 20, the US Eleventh Circuit Court of Appeals on Monday partially upheld a similar injunction against Florida's social media law, SB 7072.

    Both Florida and Texas last year passed laws that impose content moderation restrictions, editorial disclosure obligations, and user-data access requirements on large online social networks. The Republican governors of both states justified the laws by claiming that social media sites have been trying to censor conservative voices, an allegation that has not been supported by evidence.

    Multiple studies addressing this issue say right-wing folk aren't being censored. They have found that social media sites try to take down or block misinformation, which researchers say is more common from right-leaning sources.

    Continue reading
  • US-APAC trade deal leaves out Taiwan, military defense not ruled out
    All fun and games until the chip factories are in the crosshairs

    US President Joe Biden has heralded an Indo-Pacific trade deal signed by several nations that do not include Taiwan. At the same time, Biden warned China that America would help defend Taiwan from attack; it is home to a critical slice of the global chip industry, after all. 

    The agreement, known as the Indo-Pacific Economic Framework (IPEF), is still in its infancy, with today's announcement enabling the United States and the other 12 participating countries to begin negotiating "rules of the road that ensure [US businesses] can compete in the Indo-Pacific," the White House said. 

    Along with America, other IPEF signatories are Australia, Brunei, India, Indonesia, Japan, South Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand and Vietnam. Combined, the White House said, the 13 countries participating in the IPEF make up 40 percent of the global economy. 

    Continue reading
  • 381,000-plus Kubernetes API servers 'exposed to internet'
    Firewall isn't a made-up word from the Hackers movie, people

    A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

    Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network.

    "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build."

    Continue reading

Biting the hand that feeds IT © 1998–2022