Ralf Bendrath and I gave a presentation on “statehood and internet” at this year’s re:publica conference in Berlin. Re:publica is an annual conference for internet aficionados, bloggers, internet activists and, ever more so, politicians and public authority representatives involved in internet regulation. For the first time organised in 2007, it has by now risen to host some 2500 visitors and has been extensively covered (DE) by old-media outlets.

We used the opportunity of the China-Google/US conflict to discuss basic relationships between states and private actors, a question raised (both links DE) in the blogosphere and media, and some general perspectives of internet politics.

The rich body literature on global governance has identified and thoroughly analysed these basic variants:

• States and private actors jointly set rules on either global or national scale. An example for this would be if US government agrees with Google to treat internet censorship as a trade barrier. Another example: Icelandic parliament supports Wikileaks with their Icelandic Modern Media Initiative to create an informational safe haven.
• Private actors ignore state-set rules. The persevere existence of file-sharing is one prime example for this with PirateBay as its, by now broken, incorporation.
• Rules are primarily set by states, but with option to exit the market by private actors. Their is an abundance of examples for this. States set law, corporations follow suite. Google spokesman Brian Richardson in an Wired article: “Obviously, we follow the law like any other company.“ Or exit the legislative territory.

While I don’t want to transcribe our presentation, I’d like to highlight a few topics we were discussing.

In an interview with NPR back in early 2009, Google CEO Eric Schmidt outlined Goole’s reasoning for entering the Chinese market three years before.

“The decision that we ultimately came to with China was that it was better to engage rather than be estranged. The Chinese citizens will eventually rebel over some of these — in our view — idiotic restrictions, because they are now aware of them. They now know that information is being withheld from them by law and that those laws will be overturned from public pressure over time.”

The strategic concept is simple: Stirring rebellion by censoring and publishing censorship. Chinese internet readers would realise that they are deprived of information and thus of freedom, get angry, unite, fight the government and change internet regulation. Easy as that. A “perfected storm” (Philippa Malmgreen) on the financial front sounds like a more plausible US foreign strategy to deal with China and contain and retard its rise to the top of international politics. But I wouldn’t blame Eric Schmidt here, US foreign policy pundits had talked about this strategic approach for years. (e.g. Kalathil 2003, Dot Com for Dictators; Metzl 2001, Network Diplomacy, Arquilla/Ronfeldt, Noopolitik) From that perspective, Google was indeed kind of privately run Radio Free Europe. And I would assume that many pundits in Washington involved in foreign politics shared this perspective. Eric Schmidt himself seems to very engaged in questions about perpetuating and stabilising America’s global stance and Western liberal democracies: “Set against this sober assessment of the future of liberal democracies, we have to come to grips with the new strength and success of those countries which don’t fit neatly into the traditional Davos model. China, of course, tops this list.” (Quoted in: Huffington Post, 11.2.2010) Strategic thinking in Foreign Affairs, such as the latest piece of Anne-Marie Slaughter still considers the internet as a valuable resource for the US hegemonic status, yet it’s less about stirring rebellions and virtual diplomacy, but about exploiting competitive advantages by non-hierarchical, open communities and transnational networking.

Spreading information is one side of the coin, gathering information the other. (Maybe the coin-methapher is detrimental here, as dealing with information consists of more than two processes; computation, organisation etc. need to be added. Anyhow.) Utilising information, information technology and the internet has been discussed by US foreign policy thinkers ever since the rise of the internet. Joseph Nye’s and Owen’s article “America’s Information Edge” was seminal in its attempt to instrumentalise the internet and its technologies for US strategic goals. While concepts like “system of systems” and “information umbrella”, which ought to span the US and their allies (with different degrees regarding the latter), mainly referred to military information (think of battlefield information dominance), it also conveyed a touch of, well, political information awareness.

(I haven’t found literature on this topic providing further details here. So either this branch of strategic thinking is discontinued, which I do not believe given the number of citations according to Google Scholar. Or its so obvious that no further discussion has been necessary and all that has been of interest is how to operationalise such a strategy. And that for sure is something that wouldn’t happen in Foreign Affairs and some RAND studies.)

The instrumental use of the internet is hardly ever mentioned in internet governance discourses and debates, especially in economic approaches which tend to have a blind spot for more fundamental political questions, anyway. But on the empirical side, what we can observe there, is the battle over informational dominance in many societal dimensions, non just the military one. While a state monopoly of informational power for sure won’t emerge, some of the current policy approaches could be labelled as attempts to erect some informational asymmetries and hence change the rules of the game for certain actor constellations.

The government–terrorist/suspected citizen relations were fundamentally changed by the information aggregation policies in the 9/11 aftermath. Discussions about TIA, the total/terrorism information awareness program, followed. Back in 2003, Markle Foundation’s Task Force on National Security in the Information Age provided still stunning work on which governmental/corporate/private data sources would need to be combined. (Cf. screenshot) And now, then ten years after, the European Commission is planning for a 2012 “Green paper on commercial information relevant to law enforcement and information exchange models”. (p. 30; kudos to Ralf for that hint) By using massive informational resources provided by state organisations and private corporations, security agencies have been able to overcome their ignorance over some malevolent perpetrators. But it comes with a hefty price tag attached.

Information aggregation policies certainly have an effect on relations between states/private corporations and individual citizens and customers. For sure, it’s under-researched. Google, to name just one, is feeling the heat of user criticism about their data aggregation practices. Their efforts of fostering freedom of expression might be laudable (well), the amount of information voluntarily and possibly in part unnecessarily gathered by their systems and services contradicts some fundamental privacy recommendations. While Google itself might have no economic incentives to exploit their vast amount of information about individual users, this stance might vanish in the long run. Today, their data aggregations are already sought after by governments and we have no idea to which extent this is happening.

Google’s reaction (and of other corporations in the data aggregation segment) to questions about their unavoidable cooperation with governments has been so far: “We don’t comment on any discussions we may or may not have had with any national intelligence agency.” (Chrisine Chen, Google, Policy Communications Manager)

This week, Google has launched a website to share some statistical data about government requests. But still, their information does reveal hardly anything about quality and quantity of data shared with state authorities and private intelligence providers, as we don’t know what a request covers and the data stream it entails. (“Requests may ask for data about a number of different users or just one user. A single request may ask for several types of data…”) Google is walking an impossibly fine line, here, between kowtowing to government requests on the one side and not handing-in user (who are usually not their paying customers) interests. (Jeff Rosen described earlier challenges of Google’s policy department in the NYT in 2008.)

From the individuals’ perspective, this is a change for the worse. Normatively, an individual would likely want to be in control over every bit of data relating to her personal life. Some business models (search, marketing, intelligence, etc.), however, rely on an detrimental approach to individuals’ privacy and data protection rights. The same holds true for government responsibilities such as domestic security, taxation, public health, or emergency operations. While it is worthwhile to discuss the value of openness, the political debate for the years to come will have to address rising informational asymmetries that discriminate individuals against governments and corporations.

China spearheads the anything-goes movement of technology-based societal control, authoritarian countries worldwide follow suit, and we yet don’t know whether western democracies will manage to at least remain in their currently mediocre shape if one of the many ongoing global developments and crisis should ever have a major and disruptive societal impact. From the perspective of the freedom and unhindered flow of information, the internet makes a bad expression these days and things haven’t changed for the better in the last year and the naughties.
John Perry Barlow’s “fuck them” against the dark priests of internet regulation has died away, the rejected kings have given a dam, the doers of power moved on – internet governance has covered a long distance in the last decade. Yet, the fundamental conflict is still ongoing and presumably will, as long as the Internet remains the world’s leading communication infrastructure and the constant flux of innovation raises again and again new opportunities that actors consider to take advantage of pursue their agenda.

Just as every year, the Chaos Computer Club has held its annual Chaos Communication Congress. Being the 26th instance of this post-Christmas meeting, it was aptly named 26C3. The motto of the congress “Here be dragons” was, as Frank Rieger explained in his keynote (summed up in a CCC blog, video streams of all presentations), a text-label used on old sea maps to mark uncharted territory where dangers, dragons, sea monsters or treasures were assumed. According to this analogy, the CCC community aims at playing a more avant-garde of a role, an exploratory force with “small ships ahead of the masses” looking into potential traeasuries and dangers lying the yet not fully charted territory of societal and cultural usage of information technology.
Whereas other actors contemplate launching military invasions to fight the unknown unknowns, 26C3 prefers a more playful search for truths of and possibilities for the use of information technologies. Playful indeed was the scenery on the floors and in the basement of the Berlin Congress Center with all these flying quadrocopters, Lego-based machines and robots and all these blinking hackerspaces. And Berlin couldn’t have welcomed the geeky crowd better than with the mystique of a freezing, snowy, quiet post-cristmas days setting.

Rieger outlined his ideas of a political agenda for the CCC and the hackers’ community for the months and years to come. He called for nothing short of a roll-back of data breaches and mass data collection, individual liabilities of business and public administration executives for “data crimes”, data protection quality ratings by publicly funded research institutes. He explicitly excluded the German Federal Office for Information Security (BSI) from the list of possible organisations to excert such ratings. While formally responsible for enhancing user security on the internet, the BSI had, accroding to Rieger, recently been granted the right to intercept inter-administrative traffic in Germany — a development one should have in mind when discussing the cooperation between German internet providers and the BSI.

The community should, Rieger asked, start activities to upgrade and invent systems needed for the “technical defense of our communicative habitat” — just in case. My impression that no one really doubts that the judicial, business and political sphere will put more pressure on the that “digital habitat”. Thus, the conceptualization of internet security from the perspective of the CCC congress is very different from what is usually discussed on conferences where the majority of attendees has an LE, policy or business background. (I wonder whether my Giganet paper, in which I have tried to conceptualize internet security, will ever go online :-/)
Rieger, who has a strong technical background in cryptography for mobile communication, asked the crowd to technically improve tools and software, e.g. to correct OpenSSL, to speed up and increase the scalability of Tor, and to find ways to technically circumvent the presumably upcoming mass usage of deep packet inspection. Decentralized technologies would be the route to go.

Austrian journalist Erich Möchel has covered IT politics and European data surveillance policies for more than a decade. In the late 1990s, he was the first to cover Enfopol, the then emerging transatlantic Europol-FBI surveillance system. On 26C3, he gave a follow up on US-EU data retention activities.
In the last couple of years internet security politics would have changed in a way, that Möchel describes as an ongoing “militarization of cyberspace”. The working group of the European Technical Standards Institute (ETSI) that is responsible for defining technical standards for exchange of data retention data has been staffed with personnel with significant military intelligence background. Möchel concludes that the British GCHQ is in a key position to control activities within these working groups and influences technical standards.
The technical standards for exchanging data gathered via data retention comprises data fields that are forbidden to collect according to current legislation in most EU states. The ETSI standards go way beyond what is defined as mandatory by data retention laws, comprising optional data fields such as lists of all the devices with which a user uses a service, ring duration of failed attempted calls, billing details such as customer numbers at the billing provider or the list of billing numbers used to pay the providers services. The resulting list of BIC and IBAN numbers can then be used to link retention data with SWIFT data.

Möchel’s investigations on the realities of internet surveillance could indeed have enticed the audience to daydream about how it all could be if only…. Sandro Gaycken, technology thinker, philosopher and regular speaker at CCC events, used the opportunity to link Hackers’ visionary thinking with Utopian theory in an inspring, thoughtful and relaxedly academic presentation. (Christian Scholz has the details and a transcription of the presentation.)
Unfortunately, utopia and dystopia are related, and the features of today’s information technologies could too easily be combined with authoritarian forms of governance and result in a real 1984. The recent trends in internet politics make a dystopian outcome more and more feasible. Historically, the emergence of authoritarian or totalitarian regimes would happen every once in a while, Gaycken said.
On the other end of the spectrum is, what Sandro Gaycken calls the “Hacker’s utopia” of the “Free Information society”. Its genuine agenda is derived from the idea that major societal problems could be overcome by establishing a free flow of knowledge and information. This leitbild of a free information society serves as a powerful idea that structures activities against an IT-powered decay of our societies into more authoritarian (I prefer this term over the term “totalitarian” used by Sandro) systems — activities such as the anti-surveillance, anti-censorship or open source movements.
Sandro contrasts the idea of a “‘Free Information’ society” with the idea of a “free ‘Informatized Society’”, in which hackers ought to address any societal problems as soon as ICT is involved. The latter idea leads to an overstretch of hackers responsibilities. Sandro obviously advises hackers to be careful about extending their activities into too many societal territories and political conflicts. “Hackers’ utopian ideas were never meant to constitute a full-fledged social utopia”. As a consequence, an extension of the agenda of hackers’ ethics into more political arenas would “blur the agenda” and create entanglement in left-right infopolitics conflicts.

The politicization of illegal downloads would serve as an example of an overstretch of the hackers’ agenda. While striving for a property rights reform would be a legitimate goal, Gaycken is doubtful whether Christina Aguilera’s albums should be considered as important societal knowledge and thus be part of the public domain. He pointed at how an extended hackers’ agenda aiming at free-beer-not-free-speech filesharing would lead to conclusions about the role of the state and of law that are detrimental to the free information interests that are at the core of the Hacker’s ethic. In short: “Filesharing politicization promotes the surveillance of the internet.”
Instead, Sandro proposes the Hackers’ agenda to be clarified. Concentration on hackers’ core idea of a “free information society” and on neutral and clear infopolitics would be favourable and necessary in order to not get hampered by right-wing/left-wing-types of conflicts.

I have an idea what Sandro might be up to: ensuring the coherence of the hackers’ coalition by selecting “things we can change” — that’s what utopias are about, as he said in his introduction. And never get engaged in fight you can’t win or that would bust the coherence of your troops, one could add. While there might be a difference between the “hackers’ core agenda” and hackers’ extended agenda, I would love to see a more elaborated and precise elaboration about these two concepts beyond the filesharing discussion.
Apropos filesharing. In the advent of 26C3, there has been a bit of a quarrel between Sandro and official CCC representatives around Frank Rieger about filesharing in the German weekly Zeit. An inattentive reader probably has the impression, that Sandro Gaycken considered filesharing not worthy to be politicized whereas Rieger&Co had argued that filesharing is a politically important technology.
In his 26C3 presentation, Sandro Gaycken stated that “filesharing politicization promotes the surveillance of the internet.” Of course, the “politicization of filesharing of copyrighted material” would be politically stupid or hyper-bold, but has it ever been proposed anywhere but in teenagers’ forums? But my impression is, that the alleged ‘politicization of filesharing of copyrighted material’ would more likely be a defensive reaction to copyright holders’ strategy of equating filesharing of copyrighted material with robbery and their attempts to criminalize filesharing in general. Filesharing, i.e. the distribution of files based on peer-to-peer technologies, is indeed a technology that is highly valuable. Peer-to-peer technologies are indispensable for the “hackers’ core agenda” (Sandro Gaycken) and the goal to ensure “free communication with any protocol” (Frank Rieger). Sandro’s argumentation slightly suffers from his definitional looseness and the at least implicit equation of the “politicization of filesharing” to the ‘politicization of filesharing of copyrighted material’. These two things are quite a different thing, just as “filesharing” and “filesharing of copyrighted material” are fundamentally different, politically and economically and judicially.
Having followed Frank Rieger’s presentation, my impression is that the hackers’ community feels being forced into the defensive. Why else should Rieger announce that CCC will come up with a financial concept for artists in the next couple of months. While I’m curious to see the plan, my hunch is that it is going to be a piece of cake for the content industry to get a dozen of talking heads and fora to squash the plan. I couldn’t imagine anything more remote from the hackers’ agenda than the development of a business plan for a whole industry, and anything fitting less to the forthcoming general political agenda than rhetorics like “the state has to guarantee the income of artists” (Rieger at 26C3). Content managers must be cheering for joyful anticipation.

Christian Bahls was a major pillar of the German anti-filtering movement last year, which urged the newly elected coalition of conservatives and free-market partisans to distance itself from its predecessors web-fiiltering legislation to allegedly promote child-security. Christian gave a short summary of last years activities and identified the centralized ownership of critical internet infrastructures such as DNS servers as a major security threat for internet freedom. As providers like Vodafone block port 53, alternative DNS server would not always an option to circumvent illegitimate filtering attempts. Thus, Bahls proposed and briefly showcased stumbling code that implements three technical approaches to counter the vulnerabilities that are intrinsic to DNS as a scarce internet ressources: 1) DNS-via-HTTP(s)-Tunnel, 2) DNS-with-Cache-in-DHT (distributed hash tables), 3) HTTP-Prody-with-Cache-in-DHT.
The latter two approaches reminded me of Yochai Benkler’s 2004 paper on “Peer Production of Survivable Critical Infrastructures“, in which he proposed the use of peer-to-peer systems for three critical internet components, namely networks, storage and computing ressources. While network connectivity should be ensured by using ad hoc mesh wireless networks, resilient distributed data storage is to be implemented by peer-to-peer file services and the availability of computing ressources by distributed computing. In a sense, Bahls extends this peer production approach of technical internet security to secure “information freedom”, which is threatened activities of national governments ironically pursued in the name of enhancing internet security.

Daniel Schmitt and Julian Assange of Wikileaks rocked the floor at 26C3 last week in Berlin by revealing a plan to use to cooperate with Icelandic politician to turn the island into a “Switzerland of Bits”. Icelandic population, threatened by IMF’s widely feared euphemistically called structural adjustment programmes, is highly supportive of Wikileaks’ recent activities to keep documents in the public sphere that were gagged by Icelandic jurisdiction.

Wikileaks describes itself as a “disclosure portal for classified, restricted or legally threatened publications” and an “anonymous safe harbour for the submission and uncensorable provisioning of documents”. According to “The National”, an Emirates based e-magazine, “Wikileaks has probably produced more scoops in its short life than The Washington Post has in the past 30 years”.

Their track record for 2009 is indeed impressive: Trafigura, Toll Collect contracts, the Kunduz Feldjaeger report, the 911 pager messages, the EUISS report proposing a built up of European military and police forces to protect alleged European interests abroad and seal off Europe for migrants, US special forces manual on unconventional warfare for special forces units and intelligence staff.

And now this: a plan for an “offshore publication centre” that “provides a specialized set of laws”, which would “fit the freedom of information needs of the information society”. In short: “a safe haven for data and communication”. While Avi and Randy in Stephenson’s legendary novel were in for a “thick river of gold”, Daniel and Julian want to provide the public with streams of information and make sure that publicly relevant information cannot be hidden from the public by inept court activities or economic or political pressure against media publishers.

As again displayed by the presidential decision to block payments to Dutch and British savers, Iceland is playing a tough political game these days, anyway. According to Roubini.com, the economic analysis website of Noriel “Dr. Doom” Roubini, Iceland is flirting with doom: “Not passing the bill could even lead to Iceland defaulting on its debt.” (Roubini.com Daily Newsletter, 6 Jan 2010) Has Iceland started a campaign of vengeance or would they use the leaking data center as capital that could be traded in in negotiations with EU countries?

Neil Stephenson’s Cryptonomicon figures faced a similar dilemma with their plan of a “data haven”, a “secure, anonymous, unregulated data storage”.

“What if … the good Sultan changes his mind, decides to nationalize your computers, read all the disks? What is needed is not ONE data haven but a NETWORK of data havens–more robust, just like Internet is more robust than single machine.” Neil Stephenson, Cryptonomicon

Decentralisation technologies might indeed be the way to go.

The legitimacy of the parliamentary democracy stems partly from the problem of aggregating individual interests into societally binding decisions. Technology might act as a game changer here. Moreover, the potentials of social technologies appear to be so enormous and presumably inline with majorities interest, that it is hard to envisage how the the currently predominant political system in western societies, representative liberal democracies, will remain unchanged. That is unless no massive backfiring by plutocratic interests—in opposite to democratic interests—will set in. Which will, dead certain, happen or better: does happening right now. Even mainstream media is starting to get it: Germany’s conservative daily FAZ (Frankfurter Allgemeine Zeitung) had an article today titled: „The state is reclaiming the net“ (in German, though). Baseline: There is a global trend driven by states to get the internet into their hands. Indeed. But that’s only one part of the story.

Wikileak has just published 10,000 pages of one of the best hidden secrets in German politics in the last couple of years: the contracts between the Federal Republic of Germany and Toll Collect, a joint-venture of Daimler-Chrysler, Deutsche Telekom and Cofiroute. Toll Collect had developed a fully automatized system to collect tolls payable for utility vehicles on the German autobahnen. The system consists of integral boxes with GPS receivers and obligatory for any utility vehicle driving on highways, a system of physical bridges receiving information from the boxes as well as holding cameras with OCR technology to identify potential free riders.

(In the Netherlands, there is currently a debate about a comparable toll-collect system for any vehicle. The early promises that the foto&OCR system would only and exclusively be used for toll-collection purposes have long been forgotten. By now, it also serves as a public surveillance technology.)

While the system by itself is a solid piece of engineering, it has been criticized for its non-pragmatical, overly ambitious and expensive approach. The biggest burden for federal finances however was caused by a delayed roll-out of Toll Collect’s solution, as billions of toll revenues didn’t made their way to federal accounts. While one would assume that a decently brokered contract would provide indemnifications by the service provide for the purchaser, this hasn’t allegedly been the case with Toll Collect. While politicians ranted about Toll Collect’s failure, the federal government acted as if it didn’t really want to get compensations from Daimler-Chrysler and Deutsche Telekom. In addition, the secrecy of the contracts for the operation of the toll collect system has aroused suspicion from the onset.

Wikileaks has become a major obstacle for those who are in favour of a plutocratic interpretation of democracy and it’s proneness to behind-the-curtain deals. Some private-public partnership and cross-border leasing deals would have had more difficulties in passing legislation if municipal, state or federal parliaments had known the contracts beforehand and been able to understand them. Regulatory capture precludes secrecy and intransparency of bureaucratic and managerial activities. Stern.de, a Bertelsmann subsidiary product, has called Wikileaks the „Robin Hood of the Internet“ (German). His popularity and his fate are legend.

While a lot has changed since those times, post-noble dukes still don’t like being ridiculed by mere peasants. These days, business interests feel plagued by flash-mobs and are weakened by the ability to organize labour interests by social technologies, maneuverability of national governments is reduced by the abililty to instant vet governmental activities (if public knowledge brokering services like Wikileak continue to grow), and mass media has suffered some dents in their credibility by their reduced use of investigational methods and easy alignment with business and government interests. These actors are those who a are set on a slippery slope, who are in descent. For them, the biggest problem is three-fold: technically enhanced trooping and rallying by like-minded interests, social motivation, the ease of achieving transparency by, say, Wikileak, and the ability of social investigation. But then, state institutions dominate the spheres of law and law enforcement. Laws and law enforcement are the tools for vested interests to make their wills publicly binding. We might very well see legislation upcoming that would go beyond some kind of Prohibition on the internet. Some vested interests would rather prefer thick digital walls and high barbicans.