W3C hosting a "Web We Want Magna Carta" drafting session at Internet Governance Forum


The Web I want doesn't have DRM in its standards, because the Web I want doesn't believe it's legitimate to design computers so that strangers over a network can give your computer orders that you aren't allowed to know about or override.

Read the rest

IETF declares war on surveillance


The Internet Engineering Task Force has published RFC 7258, which is a bombshell whose title is: "Pervasive Monitoring Is an Attack." It represents the outcome of a long argument about whether the Internet's technical architecture should take active countermeasures to fight mass surveillance, which Tim Bray summarizes. I especially like his rejoinder to people who argue against this because there are places where it's legitimate to monitor communications, like prisons: "We don't want an In­ter­net optimized for prisons."

Read the rest

ANSI starts to publish standards that have been made into law, in insanely crappy form

Rogue archivist Carl Malamud has been fighting to publish the building and safety codes that have been incorporated into the law, but which you have to pay to see. He's published thousands and thousands of pages' worth of safety codes, and is being sued by some of the standards bodies. Now, he writes: "An announcement from Joe Bhatia, the leader of the American National Standards Institute, says 'A standard that has been incorporated by reference does have the force of law, and it should be available.'"

Read the rest

W3C's DRM for HTML5 sets the stage for jailing programmers, gets nothing in return

An excellent editorial by Simon St. Laurent on O'Reilly Programming asks what the open Web has gained from the World Wide Web Consortium's terrible decision to add DRM to Web-standards. As St Laurent points out, the decision means that programmers are now under threat of fines or imprisonment for making and improving Web-browsers in ways that displease Hollywood -- and in return, the W3C has extracted exactly zero promises of a better Web for users or programmers.

Read the rest

Public.resource.org explains to the Mississippi Attorney General's Office that a law is only a law if it's published


Rogue archivist Carl Malamud is publishing the world's safety codes. Some governments disapprove. He writes, "Upon receipt of a Certified Letter of Takedown from the Special Assistant Attorney General of Mississippi, Public.Resource.Org prepared a 67-page response, enclosed a Trodart Professional-Grade Self-Inking Rubber Stamp inscribed with a revolutionary saying ('If it isn't public, it isn't a law.'), packed it all up with a Mississippi flag made of crinkle-pak, and dispatched the parcel back to the sender. "

Read the rest

Firefox bug: "Pledge never to implement HTML5 DRM"

Chris Sherlock has filed a bug against Firefox in Mozilla's bugzilla bug-tracker, entitled "Pledge never to implement HTML5 DRM." It's an interesting way of using the open/transparent development protest to allow Web developers to voice their opinion on the World Wide Web's terrible, awful decision to standardize DRM for browsers. As the W3C's overseer for HTML5 has written, the only reason for DRM in HTML5 is to prevent legal innovation, not to stop piracy.

Read the rest

W3C green-lights adding DRM to the Web's standards, says it's OK for your browser to say "I can't let you do that, Dave"


Here's the bad news: the World Wide Web Consortium is going ahead with its plan to add DRM to HTML5, setting the stage for browsers that are designed to disobey their owners and to keep secrets from them so they can't be forced to do as they're told. Here's the (much) worse news: the decision to go forward with the project of standardizing DRM for the Web came from Tim Berners-Lee himself, who seems to have bought into the lie that Hollywood will abandon the Web and move somewhere else (AOL?) if they don't get to redesign the open Internet to suit their latest profit-maximization scheme.

Danny O'Brien from the Electronic Frontier Foundation explains the wrangle at the W3C and predicts that, now that it's kosher to contemplate locking up browsers against their owners, we'll see every kind of control-freakery come out of the woodwork, from flags that prevent "View Source" to restricting embedded fonts to preventing image downloading to Javascript that you can't save and run offline. Indeed, some of this stuff is already underway at W3C, spurred into existence by a huge shift in the Web from open platform to a place where DRM-hobbled browsers are "in-scope" for the WC3.

Read the rest

Public Resource kickstarting free, open publication of the world's safety standards

We've written often about Carl Malamud, the rogue archivist who has devoted his life to making the world's laws, standards, and publicly owned information into free, accessible, beautiful online documents. Now, I'm pleased to help him launch an ambitious, vital Kickstarter project aimed at raising at least $100,000 to turn the world's public safety codes into thoroughly linked, high-quality HTML documents (presently, many of the 28,040 public safety codes that Carl and public.resource.org have put online exist as scanned bitmaps that can't be searched or linked). The project involves a careful re-typing of all that scanned material and re-tracing of images and formatting them as vector-based SVG files.

Carl and his colleagues have fought in the courts for their right to publish the law that we, the people, are expected to follow. They have passed on lucrative careers in the private sector to devote themselves to public interest, public spirited work that makes the sourcecode for the world's governments available at our fingertips. The work they are doing unlocks untold billions in value -- from being able to ensure that your weekend DIY rewiring project meets code and won't burn down your house, all the way up to giving workers in deadly factories in Bangladesh access to the laws that are supposed to be honored in their workplaces.

$115 gets you a copy of their giant, amazing book of global safety standards, but there are interesting and awesome premiums at price-ranges from $10 (public acknowledgement on the Wall of Safety) to $475 (the Big Box of Propaganda!). I've put in my $115 -- not for the book, but as a way to thank Carl and co for the amazing work they do, and as a means of funding more of it. I hope you'll give, too.

Read the rest

IETF proposal to Prism-proof the Internet

A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.

Read the rest

This is the crypto standard that the NSA sabotaged

The New York Times has published further details of last week's leaked documents detailing the NSA's program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.

NIST has re-opened the comments on its standard with the hope of rooting out the NSA sabotage to the random number generator and restoring trust in its work products.

Read the rest

Firsthand account of NSA sabotage of Internet security standards


On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. It's an anatomy of how the NSA worked to undermine and sabotage important security standards. For example, "NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!)."

Read the rest

All of India's public safety standards now online for free

Rogue archivist Carl Malamud writes,

For the first time, a full standards bureau is now available on the Internet for people to examine. This archive is published for the people of India and the people of the world who wish to see the technical specifications for public safety that govern our modern society. The archive includes 18,825 standards. Many of them have txt file extracts and over 600 are already available in HTML, SVG, or MATHML renditions.

Read the rest

EFF and Public Resource fight back against copyrighted, paywalled laws

Rogue archivist Carl Malamud sez, "Happy mutants may remember a post on August 8 about why standards bodies explain why access to standards should be copyrighted and paywalled. The piece explained the perspectives of Standards Development Organizations (SDOs) in their suit against Public.Resource.Org. I'm pleased to announce that in the matter of SDOs v. Internet, Team Internet has now made a first appearance. EFF has the details on their site." Cory 3

Standards bodies explain why they think the law should be copyrighted and paywalled


Public Resource is being sued for publishing building standards that the public is legally required to follow. These standards were developed by private-sector industry bodies who make millions off of access fees charged to the public. In other words, a large block of American law is privately owned, secret, and accessible only for a fee. Three Standards Development Organizations (SDOs) are suing and they've released a statement to the media explaining why the law should not be free for all.

The SDOs underwrite the substantial costs of developing standards, in whole or in significant part, by relying on revenues from the sales and licensing of their copyrighted standards. This funding model allows SDOs to remain independent of special interests and to develop up-to-date, high quality standards.

An article in the Washington Post's Wonkblog by Lydia DePillis delves more deeply into the issue:

There are various pieces of administrative precedent and case law in different courts that support either side. Essentially, though, it’s a question of principle vs. practicality: Code is law, Malamud says, and it’s owned by the public. But good code is also expensive, the standards development groups maintain, and charging for copies is the least bad way to pay for it.

(Thanks, Carl!)

EFF and Public Resource win: public safety standards aren't copyrighted

Dave from the Electronic Frontier Foundation sez, "Remember that time an air-conditioning association tried to bully Carl Malamud into taking down safety standards from Public.Resource.Org, claiming they owned the copyright to a public law? Well, Carl and EFF fought back--and won. The Sheet Metal and Air Conditioning Contractors Association backed down and signed an agreement allowing Public.Resource.Org to publish the safety standards. It's a major win for free speech and open government." From the article: "Whether it's the Constitution or a building code, the law is part of the public domain," (EFF Intellectual Property Director Corynne McSherry). Cory 0