Why shouldn’t Malaysia censor the internet?

Of late, the recent cases involving a certain pair of ‘sex’ bloggers and their ilk have prompted certain parties to call for more stringent regulations of the internet, but I for one think that we need to ensure that the internet remain free and un-censored–now more than ever. So why shouldn’t we censor the internet?

Rephrasing the question

A lot of people have made up their minds about it, mostly based on a series of assumptions–assumptions that usually false, and I hope to address the core assumption in this post.

Last week I wrote about the ‘rigged’ EDGE poll, that the EDGE had to eventually take down because they suspected someone was trying to bias the results. It was later revealed that a handful of IP addresses were responsible fro the bulk of the votes–presumably the fake ones. An IP address defines a unique internet connection, but not necessarily a unique device. You can try this yourself at home, and connect your PC, Laptop, Tablet and phone to your Wi-Fi router and then go online to check your IP from each–all of your devices will have the same ’external’ IP address.

The average monthly traffic in Asia-Pacific has dropped.

I suspect the average monthly consumption has dropped because of the growth in Asia Pacific, it’s quite counter-intuitive, but as Asia Pacific adds more users to the internet, the newer users in the more rural parts of the region aren’t downloading as much as their urban cousins. Therefore, while the overall traffic flow has increased, the average monthly consumption per account has reduced. It’s all conjecture at this point–but that’s what I think based on just this one data point. It makes sense to me, as a lot of people aren’t torrent-crazy-downloaders, which just means that they aren’t consuming anywhere near the full amount.

The Median monthly consumption is just 8.8GB, while the Mean monthly consumption was 22.0GB, and that tells me that the data is skewed–highly skewed. The statistician inside me is just crying to get out and shout–SKEWED!!

Skewed is just another way of saying that the distribution of internet consumption is un-evenly distributed across–or in more laymens terms–a few internet users are using the vast majority of the bandwidth.

There’s a controversy brewing in the land of the free, one that will have implications for Americans, but also Malaysians and nearly every citizen of the world. We may look back at the moment Mr. Snowden leaked controversial (and ugly) slides about a program called ‘PRISM’ as the start of a pivotal moment in internet history, a moment where we either begun a massive campaign to prevent illegal and unethical government wiretaps or a moment where we let governments turn the internet into a police state.

So let's recap what happened.

There isn’t a person I know that doesn’t have either an iPad, Facebook account or Gmail address. Even my dad who vehemently refused to have a Facebook account, eventually succumbed to the social pressure but that was much after I setup his company email with Google Apps. So to say that the US Government had access to private details of nearly every single person in the world is not a stretch.

So what is PRISM really?

So is it possible that the NSA has a backdoor to Google without Google knowing about it? Turns out it’s not as far-fetched as it seems.

Steve Gibson, a security guru with his own show on TwitTv seems to think so. He’s put together some high level analysis of the story, taking into account other similar stories and suggest that the NSA has a wire-tap on the entire world. A communications intercept targeting the likes of Google and Facebook, but one that the tech companies could be blissfully ignorant of. A wiretap strategically placed at the front door of Google, Facebook, Microsoft and Apple–that collects and stores every data packet passing into and out of their servers.

But communications intercepts don’t work–because the data is usually encrypted…isn’t it?

In most parts the communications that people like you and me use to connect to Google is encrypted, and we’re secure in the knowledge that our data in transit is protected from prying eyes by a minimum 128-bit encryption–that’s encryption that probably won’t be broken for another 20 years.

But not all data flowing into and out of Google is encrypted, some of it flows in plaintext–ripe for any wiretap to pick up. Just like email.

Great animation from the EFF on the draconian nature of the Transpacific Partnership Agreement with respect to Copyright laws:

Over the past years we’ve seen a recurrent theme where Government agencies were attempting to curtail internet freedom in the name of ‘keeping the peace’. From Saudi telcos threatening security experts to help them hijack tweets to governments procuring tools like Finspy to spy on their citizens–usually without any warrant or legal oversight. We’ve seen US federal agencies try to legislate mandatory technical backdoors into software and how the Syrian government treats internet access for its Citizens like candy for their children–you only get it if you behave.

In Pakistan, a wholesale blockade of youtube means their citizens are missing not just Gangnam Style, but Gentlemen as well (although that may not necessarily be a bad thing)–and we all know how much censorship and surveillance is going on in China.

A French court is now asking twitter to hand over account details to identify individual users that tweeted anti-semitic messages, both the Dutch and German police are users of spyware from companies that the are deemed ‘corporate enemies of the internet’ by reporters without borders, and while you may agree that courts have a right to curtail hate speech, just ruminate for a moment how one-sided French law is when they aggressively pursue anti-Semitic messages  but forbid Muslims school girls from wearing a hijab to school because it is supposedly a symbol of oppression. These biases point to deep flaws in our belief that freedom of speech can somehow be regulated by governments–the term regulated freedom of speech is an oxymoron to begin with.

This of course doesn’t just affect the ‘bad’  countries, those with lifetime membership cards to the axis of evil, but countries we’d generally consider good guys as well, those we associate with a respect for personal privacy and citizen rights, so that we did end up like this? To truly appreciate where we are we need to go back to how it all starts.

A false sense of Insecurity

The track records of governments has never been good. September 11 was a colossal failure of government intelligence, and it’s usually used an example of why governments should do better. What most people don’t know is that a company called Acxiom had data for 11 hijackers, and provided that data to assist in investigations post 9/11, it turns out had the government agencies used Acxiom, they may have had additional security on the planes that crashed into the WTC. The breadth and depth of the information provided to law enforcement has been kept secret–and in the wake of such attacks nobody bothered to ask whether Acxiom was operating within legal limits of collecting and storing that data–worse still people forget that Acxiom itself was hacked leaking private information of millions of Americans. Yes it may have help thwart the attacks on 9/11, but the Acxiom itself became a target of attack shortly after details of its information bounty were published, there are a lot of people who would pay for that kind of information.

Even with the fundamental problems of the government storing such private information–government agencies throughout the world continue to ramp up security concerns in the hope of scaring people into giving up their freedoms. Closer to home we continuously see the ’threat of sedition’ being used to deny individuals and private citizens their rights. The ‘possibility’ of a repeat of May 13th, is now accepted as a ‘high probability’ even though there is no data to suggest that a repeat is possible let alone probable. Just like courts in France we see a glaring bias in the execution of these sedition laws–and the targets are often pro-opposition rather than pro-government.

The Malaysian government is now being accused of running spyware suites like Finfisher, which incorporates a voyeuristic like ability on the malware owner to spy on the victims. The makers of Finfisher claim their software is only sold to governments–without realizing it’s the governments themselves that are illegally spying on its citizens.

Not since Tom Sawyer tricked his friends to paint his white fence has such levels of deception been seen.

However, the level of deception isn’t what is troubling, it’s the level of apathy among the mainstream society to these revelations that send shivers down my spine. No one from the general public seems perturbed that the very technology that was supposed to advance democracy and free speech in Malaysia is now being used to suppress it.

And we’re not the only ones spying on our citizens…

I’m truly anxious at the recent rhetoric about ‘regulating’ of the internet, and fear the worst. I grew up with the internet and like to think we made a journey together, from my high school days where dial-up internet was the norm, to the blazing fast broadband I have now–things have change a lot for the both of us. I am a digital native, I know no other land other than a digitally infused one we live in today. Couple that with my unique libertarian views and my savvy for all things tech, and you can quickly see why I strongly oppose internet censorship of any kind….and I really mean any kind.

There’s a really cool tool called glasnost, that can easily detect if your ISP is throttling certain traffic through its servers. It works amazingly well at detecting if your ISP is blocking that most sacred of all internet traffic–BitTorrent.

So running two test, one over my Unifi connection, and one more tethered over my Galaxy S3 on Maxis, and came to the conclusion that Maxis does indeed block torrents by default. However, just like how you have to call Maxis to enable VPN access via your phone, you have to call them to allow torrent traffic as well…supposedly.

The Edge recently held a political poll on whether Anwar Ibrahim should quit as the Opposition leader–But when the editor begun to see that the one-week survey attracted 12,736 responses and the responses were overwhelmingly one-sided, she smelt something fishy.

Upon further checking with the IT team, they found that 6,354 of the responses came from one IP address, and about 1,700 came from several IP addresses within the same building. Another 2,000 responses came from seven different IP addresses.

The DAP IT manager (didn’t know the DAP had an IT team now did ya?), in his press statement said that :

In investigating the DPI filtering equipment location, I have found 1032 suspicious network equipment using same IP address family as the the Arbor Network Peakflow SP with TM branding. Since the login page of this network equipment bears TM logo, undoubtedly MCMC should haul up TM and conduct IT forensic investigation on all 1032 equipments without delay. I am fully prepared to assist MCMC in its investigations.

In light of this new evidence, MCMC must re-examine its 2nd May statement. MCMC should be politically impartial and hold the standard of government regulatory body that it should be. It must put the interest of all Malaysians first.

Unless TM operates like the government, in which they announce the purchase of something in 2004, but only start to using it in 2013–I’m guessing they were using Arbor for other purposes before they decided to unleash its DPI functionality.

But there could be a twist.