Posted on

To those who are still at La Quadrature du Net

So, it’s official. I’ve quit my job at La Quadrature du Net. It was not an easy decision, and it hurts. I’m too stubborn for my own good, and I do not know when to stop, but this is where it must ends. I also tend to believe people when they say things will change, and that everything’s gonna be better. I believe them when they say that they’ve heard me and my pain and are trying to do something about it. Deep down it’s hard for me to not trust someone.

I do not know when to stop, and I tend to burn myself. In spectacular way sometimes. During the four years I worked at LQDN, I’ve spent six month on medical leave and six other on part time due to a burn out. And I think that my biggest mistake was going back there.

Some people are doing a lot of stuff to try to improve the situation there. Some basic questions are asked. Questions such as what is LQDN strategy? How are you supposed to care for your employees (because yes, I was your fucking employee, if you do not like that, stop working with this association) in time of stress ? How are you supposed to work with other collective on an inter-sectional approach of the issues at hand ?

A lot of work on those issues have been done, saying otherwise would be an insult to the few people who are trying to fix thing. And this is the main reason I stayed longer than I should have for my own sake. But those who try to improve the situation, and most if not all of them are the few queers and women volunteering for the association, can only do as much as the group let them do.

During the four year I was there, I’ve seen a team building itself on the ashes of the previous one (we had nearly 70% of turnover, yes it means only two of us stayed there since the Paris attacks in 2015) and trying to figures out way to work together and to care for each other. It’s one of the thing that made the decision to leave hard. But it’s not enough, it’s merely the minimum requirements for a sane working environment.

But you prefer to do the “important” things, because you’re only a volunteer and you do not have enough time to do what you want: talking to the medias, speaking at conferences and arguing online about what LQDN members are allowed to say or not when they’re speaking in public. Arguing to the point where some other members had to left the association because you just didn’t care to understand their pain.

The same non debates are still eating energy there. Should the fights of LQDN encompass identity politics? Or should we only focus on state surveillance? The thing is, those questions have being asked internally for at least four years. I know, I’m one of those who keep asking. And the only answer I got was: we need time to debate.

So, you need time to debate. Fine. But, because you’re too busy to drink the koolaid, you’re not even able to see that your employees are on the verge of burn out and exhaustion, and because you refuse to spend some time trying to understand the situation;, you cannot even starts to change things. And some of those changes might be easy. I don’t know. I don’t know because no one, except the two or three same person, are spending time on this.

And while you’re doing the so important work that you consent to do, we’re left to ourselves. Trying to do things, to work with you and everyone else, to figures out what are the priorities, and all of that without a global strategy. Or consideration for the work being done. We’re doing things reflexively, because this is how it’s been done since today.

So fuck it. I quit. I don’t like it. I’m bitter. Enraged. And sad. When I look at what we could have done if you accepted to actually engaged in Human Resources management and stress reduction, I can only contemplate the waste of energy and people. You are lucky enough to have a tough team of skilled and extremely motivated people who are doing an amazing job regardless the way you consider them or their work to work for you. And you’re not even able to understand that.

I’m too naive. I thought things can change. But as long as you, as a straight male, let all the emotional and care work to the same people (queers and women), to keep feast on koolaid, you’re basically throwing people under the bus. Because you do not consider caring for the people you fight with a good investment of your so precious time, you’re pushing them to their own limits, to the point they’re going to break, and leave in bitterness and anger.

And yet here we are. You forced me to quit. I didn’t want. Fuck, I came back after a burnout on the promise that things were going to be better soon. They’re not. And if you do not get that, then fuck you.

I’m forced, for my sanity, to take steps back from the world. I can’t spend time at party without collapsing. I cannot talk on one on one to people without wishing to rip my skin of my arm. I’m not suicidal now, mostly because I think it’s not worth the hassle, not because I want to live. I don’t. And while I have issues on my own, you did nothing to not add to those issues. So yes, I’m bitter. And I’m worried about the people that I left behind, my coworkers, who still have to deal with your bullshit.

You might say that going public will not help. Well, for four years, I basically tried everything. I used twitter, internal system, one on one talks, informal and formal requests to the general assembly, I’ve tried to solve some issues, or at least to expose them to you, to give you a chance to change things.

And you did not.

You did not tried to build a better world. Because that’s what it is in the end, the community you shape by your actions are supposed to be the reflect of the world you fight for. And I do not want to live in this world of yours. So I cannot condone anything you’re going to do.

In a more pragmatic way, it also means that I have to take steps back, and to try to heal a little bit before going back to try to fix things. Or change them. So yes, you won’t see me again anytime soon. Yes, I’m going to lose friends over it, but this is the extreme this association led me too. I have to chose between seeing my friends, and being reminded of the state of this association, and preserving myself.

I won’t make it to Congress either. Or to most of the conference this year. I won’t see the crowd of crazy and fun and loving people that made going there manageable. And this is on you.

Fuck. You.

Posted on

Taking them down

How to take the identity capitalism complex down

I’m currently at RightsCon in Tunis, speaking and exchanging with a lot of different actors around tech and human rights issues, from state to civil society to Facebook (because it seems shame is dead). And I talk to a lot of people (except Facebook ones, they’re scary as hell), and the conversation inevitably lands on what we’re doing at LQDN, and the short answer is We’re out to get the GAFAM down.

And then, they ask me how are we going to do that, what are the next steps, what’s the plan to destroy those hegemonic capitalistic system whom promotes hate speech ? And the thing is, we do not know, because it haven’t been done since the internet exists (except some anti trust cases, but even then, Microsoft survived for instance).

We know ways to not do that, to not harm them enough to destroy them. Using the current system of laws and regulations, including anti trust and anti monopoly laws, have only limited results. Even if it’s an interesting way to achieve some results, in the mid-term (four to five years), corporate monsters will spend billions of dollar on lobbyist money to change the law, as is happening with e-Privacy.

Boycott doesn’t work. Or only on insane scales. And it kind of makes it a personal choice, or issue, while the GAFAM are a threat to society. Their goal is to make money, not to protect their users. And they make money by selling to advertisers a closed list of identities that can be targeted by ads, they make money by turning what you read and write, what you are and what you like, into promotional content and user engagement. And if your identity does not suit the social vision of what the GAFAM can and will tolerate, then you’re erased from this catalog of ID, and you’ll be targeted by ads which will shape you in something else.

Also, promoting and monetizing hate have impact in everybody’s life, wether you’re on Facebook or not. The fact that neo-nazis, nationalists and identitarians are pushing their ideas without being demoted by the platform, gives them legitimacy and the strength to take their hatefull goals and ideas in the street and push it on anyone which they see as an ennemy.

This is why, even with decentralisation going forward, destroying mono cultural hegemonies is still required. You cannot just boycott Facebook, you need to destriy them, split their body in parts which can then be incinerated, salted and sent into the sun.

Having your own safer space, is akin to boycotting Facebook and the likes. It’s important that you have the capability to do it, but it will not makes the GAFAM go away.

Taxations and regulations are other ideas which I see a lot being suggested. It could work, at least it could probably reduce the harm their doing to our society, but we all know that they’re quite good at hiding their money away from national taxes system.

Regulation is kind of bad too. A lot of them requires to have some resources to spend on regulation conformity, and to have lawyers that are competent, trained on the subject and able to defend yourself. It cost money, money being the thing that GAFAM have in stupidly high amount, they can follow regulation quite easily, while most of all the small actors probably can’t afford it. Or GAFAM will not comply and pay bills. Or they’ll make proposals, produce white papers, grab a share in multi-stakesholder system to push their view in the regulatory body. They’ve done it before (look at how it became stupidly insane to setup a mail server or how they pushed to have DRM implemented in HTML specifications), they’ll do it again, they can wait five years paying bills in the tenth of billions of dollars without really being at risks.

So, what works ? We do not really know. We do not know how to take down a GAFAM, and that’s why we try a lot of different things. And that is why we also needs to find how other people did against similar systems.

Because we had this kind of system before. Systems who were pushing their ideology and cultures on anyone, in an intent to maximise the profit, while denyin minorities or locals to exist in a way which do not suit them. Those system were the colonist nation-state and private trade company (such as the Dutch East India Trade Company or the British India Trade Company).

So yes, we need to use anti-colonialism tactics and strategy. Some of them implies getting the heck out of the toxic space those corporations to organize, we need to promote alternate cultural and ideas, we need to make association with the GAFAM as toxic as we can, for any one who would want to negociate with them to be publicly exposed and shamed as a white supremacist promoters and accomplice.

This is what everyone who want to give back control to societies and communities should do. None of the GAFAM are your allies, or ever will be your allies. They might provide some opportunistic help, but I really think that, in the longterm, it deals more damage than it create goods.

I’m not sure where I’m going with this, I’m in criticial lack of coffee and there’s too many people here. The only thing I know is that we do not really know how to destroy the GAFAM, but that doesn’t means that we should not try anything. Or talking to activists who’s been fighting oppressive corporate and nation complex for decades. And supporting them wheneever you can.

Posted on

End of Transmission

I have to write this down. Now. I have to do this. Now. Why ? Because I’m experiencing some clarity right now, and it will not last. It might looks like a hasty decision, but it is something I’ve been torturing myself with for months now.

I quit twittering. Or micro bloging. I’m going to close my twitter account (or accounts, you’ll never know) and I’m not transferring it to another micro bloging platform.

There’s some issue I’m having with micro bloging, and the web of notifications as we know it. Most of them are due to the fact that it’s not a form of socialization that gave me enough space to breathe and to get on with my life.

ADD does not help. Depression does not help. Having followers liking your calls to help without investing themselves much does not helps – that’s also something I’ve stopped doing.

Getting my fix of data is the first thing I do in the morning, right after snoozing my phone’s alarm, before getting out of bed. It’s like listening at the radio or watching TV in the morning before breakfast I guess. And it’s OK for a lot of people, and it’s fine. But in the end it kills me.

It’s been almost ten years since I’ve been pushing bits around here. I’ve seen twitter without retweets or faves. Or likes. Or quotes. Or algorithmic filtering. I’ve been in touch with people who radically changed my life, in ways they do not suspect, thanks to this blue bird.

But things changed, and some of the dilemma I had, related to this platform, are less and less dilemmas. And this is were I’m going to throw a bit of politics in the mix. I’ve made a mistake for years, and this mistakes was thinking that the user base can change the platform. It was thinking that platform owner, even hegemonic capitalist monsters such as Alphabet, Amazon, Apple or Microsoft, that platform owner did care about letting minorities exists in the fringe of those platform.

It was thinking that me, being and acting on twitter, was bringing more to communities than being out of twitter. It was mistaking the potential reach for the actual impact i could have on the world.

I’m thinking a lot about hypercapitalism and how social interactions and reputations are more and more slowly becoming a currency. And how the value of this currency is less and less representative of the work done to get there. I could elaborate on this. And I will, but not here, not now. I need to mature this a little bit more.

The short story is that I’ve been entrapping myself in a permanent performative version of me, to which I’m not even sure to subscribe. Or to understand. Most of my feelings and moods are alien to me, I do not understand them, and it’s partly because I’m too much in the now, not enough in the later. Which cannot helps me to get better.

It also puts me under a microscope. And I’m a white male, I cannot relate to the perpetual figth it is to exist online for visible women. Which brings me to the next point. My mistakes was thinking that it is possible to have different culture coexisting close to each other, sometime interfering — for better or for worse — but most of the time minding their own business in the inifinite space of information that the cyberspace is supposed to be.

I really think that we need a diversity of culture, that we need to let our own cultures to evolve and change, to be influenced by others, to develop themselves and crawling out of our lives, making us bigger than our individual selves. That we should nurture them and experiment with them.

But you cannot do that on homogeneous platforms and protocols. You cannot do that in the perfect hypermnesia of the advertising driven surveillance system. You cannot do that using less than ten platform. We cannot because, on those platform, the mainstream culture, the one that is amplified, developed, reinforced and marketed as the only culture that exist, is the one of the entity who have power on the infrastructure.

Which means that the only cultural choices you have is the one that those people are willing to give you. As Audre Lordre once wrote, « The Master’s Tools Will Never Dismantle the Master’s House. »

You can’t fight racists and homophobic people on a platform which actively support them, and makes money out of them. I used to think that, by being there, I could convince more people to try to take the power back, but the reality was that it was convenient for me. Enjoying my bit of celebrity to compensate cognitive dissonance. Persuading myself that using a platform which actively hurt people I care for, or myself, might be worth it in the long term.

It’s not, I was wrong. I want to get better, to get rid of this ghost of me that’s on my shoulders. I want to take time to write, read and think about the word. I want to go back at being active in a community instead of pretending I care and burning myself tweets after tweets.

So this is it. This is the end of me. It’s not an easy decision, but it’s a long thought one.If you want to get in touch, feel free. You have ways to reach me somewhere, or you’ll figure out. Or you’ll accept that I’m not that important in your life, and it is perfectly fine for me.

So long. And thank you for the tweets.


Posted on

Security and Safety

There’s something on my mind that’s been going on for a while. Well, another something going on in y mind.
And it’s about security and/or safety and how those concepts are used today. Or how they’ve been twisted. So, let’s start with what I mean by those terms. They’re often used as synonym for each other, but I keep thinking that they’re not meant to be.

Security, as I see it – at least in the uncountable use – is a concept related to peace of mind (even the latin form securitas is about peace of mind). It means it’s something you do not have to pay attention because it cannot hurt you. I think it’s linked to avoiding accident and incident, to put the potential cause of accident away. That’s the reason we have more and more automated features in cars, like ABS or ESC, who tries to manage traction for you to not care about traction loss (and control loss). They’re meant to avoid accident. Or to significantly reduce your exposure to the risk of an accident. Those are called securities for a reason, they make you able to feel secure while you drive half a ton of metal and plastic at high speed along other people doing the same thing while hopping no-one will fail to avoid collision with each others.
Peace of mind requires to reduce or negates the perceived risks to work. You must been aware that you were exposed to risk and then to be aware of something which allow you to think that perceived risk has been acted upon and that you’re now able to stop being worried about it. Feeling secure is something deeply rooted in most of animals, it meant to have certainty about the fact that you can eat, drink, and not being killed by something while your asleep. It means taking step to ensure that you’ll have that tomorrow, and the day after that, and the day after that, until your death.
Security is being addressed in our communities by laws and regulations. Whether they’re explicit or implicit doesn’t really matters. They’re made to ensure that, at the end of the day, all member of the community can stop thinking about the daily threats they’re facing daily. Security implies rules which purpose is to control behaviors that the community perceive as an existential risk, it also implies active measure to protect one self from them which leads to either individual arming themselves to defend themselves, or giving this power to a group of people devoted to maintain security and to control behavior. And this group of people must display that the rules are enforced, because if they’re not, then they’re not devices for peace of mind. To elaborate more on this, there’s whole segment of philosophy dedicated to it (Foucault’s “Surveiller et punir” being one of them, but 1984 by Orwell or Best of Worlds by Huxley do address this).

Safety is, on the other end, everything that exist to reduce harm done. It’s the plan B, it’s what happens when shit finally hit the fan. To stay on the car analogy, safety are safety belts and airbags. They exists only because there’s a risk of accident that have not been nullified by security measures (laws and regulations). And that is why self-driving cars is such a hard problem to solve, because you can’t have a null risk’s probability.
Safety is what allows Security measures to fail without doing much harm to everyone. It’s not really peace of mind systems, because they only exists because you’re exposed to a risk. When you put a helmet on before riding through whatever traffic with your bike, you become aware of the risks you take, and you try to reduce the harm you’ll suffer when someone you’ll eventually be thrown on the ground in the middle of a street because someone didn’t looked before opening their car door. Safety is knowing that if someone enter your house while you’re in it, you’ll have a place and space to recover and people to provides you what you’re missing.
Safety is not about control of behavior, it is about caring for others. Is is not peace of mind but it is acknowledging that you cannot achieve perfect security, and that you need to accept some harm. It is about recovering, learning, growing up.

Why do I talk about this? Because I hear a lot about (cyber)security, and not about (cyber)safety. Security being about perceived risk, and applying behavior control in a way that will be perceived as a reduction of this risk, leads to the current regime of mass-surveillance we live under.
I’ve red a Story about Jessica a while back. And I think it address the fact that we do not have (cyber)safety, that the infosec community have no clue about safety and what it means. The security focused industry means more surveillance (logging) and behavior control (don’t click on links, upgrade, choose a stronger password, don’t publish your key, and many of the do and don’t prevalent in the infosec community).
In computer science, the safety of the software an entity have to manage is, however, quite pregnant. You’ll have backup of the data, backups of the infrastructure, disaster recovery plans, etc. But this is only about the safety of the software. It is not about safety of users or the people who maintain it. If you cannot achieve software security for your company, you’ll probably end up fired at some point. All the on-calls procedures are just means of maintaining a software in a safe state (alive and running, or at least partly running after a crash).
However, users of the software are not protected by those technical safety solution. What will happens when users data will be leaked? What steps are you taking to reduce the arm being done to them? You must be able to answer this question. It could be providing legal counseling, or collaborating with law enforcement (not that I’m a big fan of cops). It could be being proactive and warn them as soon as you find out something bad happened to their data, and try to provide them assistance in recovering access to your software for instance.

Holistic security goes a deep further into control. It is based on the fact that achieving full security requires you to have a specific mindset, and that you must take care of you in order to achieve security. I find it interesting to link way of life to exposure to perceived risks. If you sleep well, you’ll be better at security. Too bad you suffer from depression and insomnia, meaning your last good night sleep was ten days ago, and it was drug induced. Holistic security tends to be, form my point of view, ableist. If you’re not emotionally, physically and socially fit, you can’t hope for security. You cannot get your mind of all the stuff that’s forbidding you to achieve security. It is, in the long run, blaming the victim. You didn’t took care of you, ergo your security has been breached.
I’m not saying that we must get rid of security. It is important to reduce risk exposure. But it has a cost: surveillance and behavior control. I’m saying that we must focus more on safety, on what happens when the cops gt you during a protest with your unlocked phone (or they unlock it using your face). What harm will you be facing when someone is black mailing you over the nudes you got in your Direct Message – or stored on your computer.
This is the question asked in the stroy about Jessica. And I didn’t find a lot of answer since this been published. Facebook tries to help with revenge porn, and there’s a lot of things being done here (go have a look at what BADASSis doing for instance. And this is an issue where technology can’t save you (it is, again, something that provide surveillance and control behavior). Safety means there’s something to take care of people and to help them to recover. It means about caring about people (not software, their just maths, they can’t be in pain), it means trying to make everyone life better (and not easier). For instance, Code of Conducts are security measures. And they’re important because they allow people coming to your community to know that they’re not at risks. Until you do not enforce your own Code of Conduct for instance.
Having a post-harassment process to help the victims, and the harasser (yes, I mean that), to understand what happened, to document it, and to provide support for the victim is safety. That is what safe space should be about. Not space where you won’t be hurt, but space where, when it happens, you’re allowed to take less harm than if you were alone. It is also a space where you’ll be told something you’ve done did hurt someone – not that you broke a rule. It is a space where people will address your behavior and helps you to stop it, not by expelling you, but by a process. It can mean that, for sometime, you cannot come in certain places. It depends on how your community provides safety.

Safety is feeling welcome, feeling belonging to something, knowing that you can make mistakes, own them, and grow out of them. It is not something you can code in your software and, in fact, a lot of the time, your software works against safety.
If your data collection algorithm can be used by cops to identify perpetrators of a crime, it can also allow anti-gay bigots to identify gay people in their surrounding. It can be used by an abusive husband to identify where’s the woman he lived with as fled. It can be used by adults to expose teenagers sexting each others. It can be used to locate where a camgirl lives to stalk her.

And what’s the perceived risks you’re collection of data is protecting users against? You have to wonder if people can conduct drug traffic or do sex wok using your software, and if, by using your data collecting software, they put themselves at risk if you cooperate with cops. Security, in this case, would be to not use your data collecting software. If you value the possibility for law enforcement community to identify sex workers more than you value their safety, it means that you’ve got a political motivation for keeping several years of activity logs.

Keeping data about people is collaborating with cops, harassers and stalkers. It is not about safety of your users, it is about security and control. If you want to do cyberSafety, then it must be impossible for cops to identify anyone with the data you got. It means that you must not be able to identify formally your users. It also means that you must not do ad tracking. It means that the well being of your users is important for you, whatever they do in their life, whoever they are.
Stop logging, start caring.

Posted on

[Repost] Google, Amesys – même combat

So, I’ve changed things around here and I’m trying to get some writing done soon. In the meantime, I’ll repost here an oped I wrote at la quadrature du net (From which I’m currently off due to mental health issue, more on that later), so here the original text, in French and, of course, there’s more on LQDN website

Du 21 au 24 novembre dernier, à Villepinte (région parisienne), se tenait le salon Milipol (pour Militaire/Police), « l’événement mondial de la sécurité des États ».

En plus des habituels trafiquants marchands d’armes qui font la fierté de l’industrie française (ayons une pensée émue pour Michèle Alliot-Marie qui exporta en Tunisie notre savoir-faire en matière de maintien de l’ordre), il y a, depuis quelques années maintenant, des marchands de matériel informatique et de solutions de supervision des populations.

Vous avez forcément entendu parler d’Amesys, de Qosmos, de Palantir et autres Hacking Team qui se sont spécialisés dans le développement de solutions clef en main d’espionnage et de surveillance de la population. Et, les affaires étant les affaires, la plupart d’entre eux vendent à toute personne désirant acheter du matériel, qu’il s’agisse des dictatures libyenne ou syrienne, ou des démocraties sociales occidentales compatibles avec l’économie de marché (France, Allemagne, Royaume-Uni). On parle dans ces cas de capitalisme de la surveillance, c’est-à-dire de mesurer la valeur des choses grâce à la fonction de surveillance.

La surveillance se base sur la connaissance. En épidémiologie par exemple, c’est connaître le vecteur infectieux, le documenter, savoir comment il se propage et se transmet, mesurer son temps d’incubation éventuel, déterminer ses symptômes pour comprendre son fonctionnement et trouver éventuellement un remède.

Dans le cadre de la surveillance des personnes, cela se traduit par la connaissance de ces personnes, leur identification dans le temps et l’espace, connaître leurs habitudes et leurs façons de réagir, mesurer leur sensibilité à telle ou telle idée. La surveillance c’est la connaissance. Et la connaissance c’est ce qui permet de définir les choses, de les identifier. Le capitalisme de la surveillance est donc un capitalisme de la connaissance, de l’identité. Ce que vendent Amesys, Palantir ou autres à leurs clients c’est l’assignation d’une identité définie par eux ou par leur client à un groupe de personnes en fonction de mesures et d’observations, i.e. de données.

Dans le cas des États, cette assignation identitaire amène à des conséquences qui peuvent être extrêmement violentes pour certaines populations, amenant à des répressions fortes, une suppression d’un certain type de personnes d’un certain quartier, à de l’injustice prédictive basée sur des statistiques biaisées par des biais racistes – le racisme structurel – et qui donc ne peuvent que renforcer ces biais. Les smart cities, dans leur version la plus extrême, sont les étapes finales de ce processus, l’identification permanente, fixiste, en tous points de tous les individus, l’impossibilité de bénéficier des services communs et publics sans révéler son identité, sans donner aux surveillants encore plus de connaissances sur nos vies et nos identités, pour leur permettre de mieux définir nos identités, de mieux vendre aux États la détermination, l’essentialisation, la réduction des complexités de nos vies à des étiquettes : terroriste, migrant, réfugié, musulman, femme, queer, bon citoyen.

Dans cette analyse qui est faite, on parle très vite, très souvent d’algorithmes ou d’intelligence artificielle. On les accuse de tous les maux, d’être racistes, de faire l’apologie du génocide, d’être sexistes, de censurer les discours d’éducation à la sexualité, d’invisibiliser les minorités sexuelles, comme si les intelligences artificielles, les algoritmes, disposaient de conscience, émergeaient de nulle part, avaient décidé d’être néo-nazi. Pardon, alt-right. Mais, au final, personne ne dit ce que sont les algorithmes, ou les intelligences artificielles. On va commencer par la seconde. L’intelligence artificielle est un algorithme doté d’une grande complexité et utilisant de grosses quantités de données pour donner l’illusion d’une intelligence, mais d’une intelligence ne comprenant pas ce qu’est un contexte et non dotée de conscience. Reste à définir ce qu’est un algorithme donc.

Appelons le wiktionnaire à la rescousse. Un algorithme est une « méthode générale pour résoudre un ensemble de problèmes, qui, appliquée systématiquement et d’une manière automatisée à une donnée ou à un ensemble de données, et répétant un certain nombre de fois un procédé élémentaire, finit par fournir une solution, un classement, une mise en avant d’un phénomène, d’un profil, ou de détecter une fraude ». C’est donc une formule mathématique, ne prenant pas en compte les cas particuliers, et qui a pour but d’analyser des données pour trouver une solution à un problème.

Ces algorithmes ne sont pas en charge de collecter les données, de définir le problème ou de prendre des décisions. Ils analysent des données qui leur sont transmises et fournissent une classification de ces données en fonction de critères qui ont été décidés par les personnes qui les écrivent, qui les configurent et qui les utilisent. L’ensemble des problèmes sur la reconnaissance faciale qu’ont rencontrés la plupart des entreprises de la Silicon Valley résulte du jeu de données utilisé pour identifier une personne et la reconnaître, car il ne contenait que des images de personnes blanches. Le chat bot de Microsoft – Tay – s’est avéré tenir des propos négationnistes ou appelant au meurtre et à l’extermination. Non pas parce que Tay a une conscience politique qui lui permette de comprendre les propos qu’elle tient, mais parce que des personnes l’ont inondée de propos racistes ou négationnistes, fournissant un corpus de données servant de base aux interactions du chat bot, l’amenant donc à écrire des propos racistes et négationnistes. Microsoft a rapidement retiré ce chat bot de la circulation et l’entreprise a depuis promis d’être plus « attentive » .

Parallèlement, nous entendons également, et de plus en plus, parler d’économie de l’attention. De capitalisme de l’attention. Ce qui aurait de la valeur serait ce à quoi nous faisons attention, ce que nous regardons. Sous entendu, nous, utilisatrices de ce système, sommes capables de faire le choix de ce que nous voulons regarder et lire, de faire le choix de la connaissance à laquelle nous avons accès. Internet permet, en théorie, un accès non discriminé à l’intégralité des informations et des données, et donc de la connaissance, du savoir. Après tout, la connaissance est une information à laquelle j’accède pour la première fois. Et cette acquisition de connaissance me permet de comprendre le monde, de me positionner par rapport à lui, et donc de me définir et de le comprendre, exactement ce que font les systèmes de surveillance massive utilisés par les États.

Réguler l’accès à l’information et choisir quels contenus montrer à quelle personne permet donc, également, de contrôler comment vont se définir les personnes, comment elles vont comprendre le monde. L’économie de l’attention est basée sur ce principe. Pour garantir que vous interagissiez avec la connaissance qui vous est proposée, qui est la façon dont ces nouveaux capitalistes mesurent la valeur, il est important de vous surveiller, de vous mesurer, de vous analyser, de vous assigner des identités. Et donc de contrôler la connaissance à laquelle vous avez accès et celle que vous produisez.

Les gigantesques plateformes financées par les GAFAM1 servent exactement à ça. Facebook vous empêche activement d’accéder à l’ensemble de l’information présente sur leur réseau, vous demandant de vous connecter pour accéder à d’autres plateformes que la leur, ou vous pistant partout une fois que vous êtes connectés, leur permettant ainsi de récolter encore plus de connaissances à votre sujet, d’augmenter leur capacité de surveillance et donc d’identification et de contrôle. Remplissant dans ce cas exactement la même fonction que les systèmes répressifs des régimes étatiques.

Notamment car Facebook, Apple, Google, Amazon, Microsoft décident ce qu’il est moral de faire, quelles identités doivent être renforcées ou au contraire dévaluées. Par exemple, Youtube, en supprimant la possibilité pour un contenu parlant de sexualités de rapporter de l’argent aux créatrices, envoie un message assez clair aux personnes faisant de l’éducation sexuelle, ou parlant de problématique touchant les personnes queer : votre production de connaissance n’est pas bienvenue ici, nous ne voulons pas que des personnes puissent s’identifier à vous. Il en va de même avec Facebook et son rapport à la nudité ou Apple qui filtre également tout ce qui pourrait parler de sexe, quitte à censurer le contenu des musées. En dévalorisant certaines connaissances, en la supprimant de certaines plateformes, les personnes à la tête de ces entreprises permettent d’effacer totalement de l’espace public des pans entiers de la société, de supprimer les voix des minorités, d’empêcher la contradiction de leurs valeurs et permettent donc de renforcer les biais des personnes consommant la connaissance disponible, amenant à une polarisation, une simplification et à une antagonisation du monde.

Alors effectivement, Facebook en soi ne mettra personne dans les geôles de Bachar el-Assad, du moins pas dans une complicité active, mais l’entreprise fait partie d’un système disposant de deux faces. Une face violente, répressive, alimentant les délires paranoïaques des États d’une part, et une face « douce » et insidieuse, utilisant les publicitaires et la restriction de l’accès à la connaissance pour permettre aux entreprises conservatrices de nous imposer leur vision bipolaire du monde, renforcement les sentiments d’appartenance à un groupe identitaire, avec les conséquences violentes que l’on connaît.

Et pour s’en persuader, il suffit de regarder les liens entre ces deux faces. Peter Thiel, fondateur, avec Elon Musk, de PayPal et qui détient maintenant 7% de Facebook est également le fondateur de Palantir Technologies, entreprise qui a, notamment, obtenu le marché public des boîtes noires en France, tout en étant aussi l’outil officiel de la NSA. Thiel a également participé aux nombreux procès qui ont fait mettre à Gawker la clef sous la porte suite à la révélation de l’homosexualité de P. Thiel par Gawker. Thiel, enfin, est l’un des influents soutiens des républicains nord américains, il a notamment participé à la campagne de Ted Cruz avant de rejoindre l’équipe de Trump et de participer à la transition à la maison blanche. Il a de fait nécessairement discuté, échangé et parlé avec Robert Mercer, l’un des directeurs de Cambridge Analytica, une entreprise dont le but est de cibler les électeurs grâce à de nombreux points de collectes, principalement récupérés par Facebook afin de pouvoir les cibler directement et influencer leurs votes.

Alors oui, lorsque l’on pose la question de démanteler Google, la question de démanteler Palantir se pose aussi, et celle consistant à vouloir privilégier les seconds car ils représentent un danger plus important pour la sécurité des uns et des autres. Mais sans l’omniprésence des systèmes d’identification, sans les exaoctets de données récoltées sans notre consentement dans le but d’individualiser le contenu auquel nous avons accès – selon des critères sur lesquels nous n’avons aucun contrôle – la mise en place de la surveillance et de l’identité devient complexe, coûteuse et impossible.

Il faut démanteler les systèmes capitalistes identitaires si l’on veut détruire les systèmes d’oppressions basés sur l’identité ou sur l’accès biaisé à la connaissance. Il faut s’affranchir des moteurs de ce système que sont la publicité, le pistage et l’identification permanente. Il faut questionner et démanteler le racisme, le néo-colonialisme, le sexisme des entreprises de la Silicon Valley au lieu de s’étonner que leurs algorithmes soient racistes. Car ils sont devenus omniprésents et nous empêchent de nous définir, de vivre, d’exister comme nous l’entendons, avec nos cultures complexes et nos identités changeantes.

Posted on

And Justice for all

Trigger Warnings: Rape, Paedophilia

Prison song

I’m not really elaborate on the fact that the current prison system (either in the US, or – basically – everywhere else) is broken and walk on its head. If you want to contemplate the disaster, you can watch Prison Valley, get facts from OIP or read testimony made by, basically, every inmates, their family, their friends about what the prison is doing to them.

I could tells you what the incarceration of my father for paedophilia did to me, how I had to hide it, to lie every single days to basically everyone, to pretend it did not happens for the sole purpose of surviving through middle school, and that it didn’t solve anything, Because he got convicted a second time for similar crimes years later. You’ll notice that neither I, my sisters or my mother have been found guilty of anything, but still, we paid a price. For justice.

I will not argue that prison is the worst solution to any problems. At best, you put people on hold and free them, expecting them to behave when they’ll get out. At worst, it’s a political tool used to criminalize populations and build resentment upon some populations (yes, it’s a tool used for power to keep people in check) while creating more sociopaths, storing them away in inhumane conditions, and forcing them to work – and so destroying jobs outside of jail.

Prison should not exist. Even for serial rapists, paedophile, killers, abusers of all sorts. If you’re only answer as a society is to store them away, in a dark room, and hopping they’ll get better you’re delusional. I do believe people can change, but they need help, acceptance, and an possibility of failure.

The thing is, prison is intricately mixed with the notion of justice. We tend to think we deserve justice, but I’m not sure we really think about what it means. The justice system, as its currently implemented in most part of the world, is a punitive one. The principles behind it is that if you do a wrong to someone, you should pay for it, one way or one another. You should not pay to the victim, but to the society.

Basically, it’s the biblical principle of the Talion’s Law: an eye for an eye, with interests. Those interests exist to dissuade further wrong to be done and because the perceived loss might be above the material loss. When it come to non material wrongs, it gets complicated.

The justice system tries to determine what is the impact of the wrongdoing, what are the personalities of victims and perpetrators to find an appropriate sanction. Basically the process of justice tries to evaluate the cost of a human life, which is an extremely capitalist view. The life of a worker, or of a woman worth less than the one of a CEO for instance. That’s why stealing and destruction of property is so harshly sanctioned, while rape or harassment of the work place is rarely sanctioned.

We deserve nothing

But you probably all know that, I’m just writing down some ideas on a text file. The thing I want to get too is that we deserve nothing. We do not deserve justice. It sound harsh, I know, but when you look at it, all the justice system is build around punishing.

And if you want to not act randomly, because you know, you’re a sophisticated society built on principle from the XVIII° centuries. Principles formed by white people of the bourgeoisie, then you need to defines what should be punished and what should not. You need to establish what is the norm and to enforce it. You need to make sure everyone understand what are the personal costs of transgressing this norm, and you need to know who is behaving and who is not. You need to be Santa Claus, knowing all the dirty secrets of every kids, and decides which on will get presents and which one won’t have anything.

You’ll justify it with the Law. The Book Of The Law. We modernised the process since the biblical times (where Moses got high on drugs in a mountain and wrote stuff on marble tablets because he was afraid of losing he’s grasp on power). You’ll enforce it with a dedicated group of people: cops. And then you’ll gave them the power to sort people between good and bad guys. To do that you’ll give them the power of mass and systemic surveillance.

This notion of justice most of people wants requires mass surveillance. And prison. And a norm. And I’m still wondering: do we deserves justice? I tend to believe that, as a member of a society, we deserves nothing. We do not deserves to be happy, to have a good life, and the like. Deserving something means that, inherently, the world in which you live, should give you something.

I think the only thing we deserve, as individual, is the fulfilling of our needs (physiological and/or mental). Not justice, not love, not a family. I could insert here a reference to the Maslow’s pyramid, but the model is a bit simplistic and outdated. I don’t think the notion of justice is a need. The closest thing that would be associated to a need, is the need to be recognised, to be esteemed by other. To live in dignity and respect. And either everyone deserves that, or no one.

As stated before, prison strips individuals of their dignity, of their respect, of their esteemed (by other or by themselves). And I think the notion of justice cannot be dissociated of the notion of prison. As long as you ask for people to be thrown in prison, you’re losing your access to live in dignity.

Where do we go from here

We do not deserve justice, and I think that, in our communities, we really should work on that. Justice is an outdated system used to justify incarceration, mass surveillance and therefor systemic discrimination.

What we need to think of is harm reduction, which is at the core of the Transformative Justice theory. The idea behind harm reduction is to provide communities with tools to help them avoiding harm in the first place, and then reducing the impact of it.

That’s the idea behind collective insurance for instance. A collective effort can help reducing the burden of an accident. It requires to accept the fact that some people might not want to behave, or are not able to. And that you need to have structures to act before something happens. Calling out rapist or aggressors helps to do that, but it deprives the aggressor of the possibility of change. This is a community response to a traumatism. It does not reduces the traumatism of the victim, but it tends to reduce the potential harm that a person can do.

But I think we can go further. Paedophiles for instance are almost universally perceived as monster that should rot in jail for ever because they hurt children by kidnapping them and tying them in a closet making them their sex slaves. Which is as accurate as the depiction of rapist being a stranger that will jump women in the street to rape them and kill them.

In Berlin, a program has been started to help paedophile who did not commit an aggression. You can read about it here and it seems to be successful. They allow paedophile to talk about their issue, to have access to treatment and t manage their life with dignity and without hurting kids. This is not the only program, but a lot of them are targeting offenders (you need to have molested a child to enter some of those program)

Which is a better outcome than sending them to jail, with a so-called obligation of treatment (it did work so well that my father did get back to jail ten years after), or stacking them in prison cells, refusing to deal with them don’t you think?

I have to add that, on a community level, I think this can works well with inside violence, not from harm done by the outside. You deserve dignity, so you should protect yourself against aggression, especially as a community. A neo-nazis entering a self-managed bar is an aggression, so you should gives yourself ways to protect against these violence from outsiders.

I think that the idea of transformative justice is interesting. The idea is to change the society to reduce harm being done, not trying to repair the victims (which is restorative justice) or trying to avenge them and dissuade potential perpetrators (traditional justice).

To ease the way of harm reduction, we – as a society – needs to be able to accept that perpetrators exists and are human being. And that they can change. We need to accept that, most of the time, a victim will endure some traumas that cannot ever be repaired fully – but they can learn to lives with it. We need to accept that, as a society, we have a role to play in aggressions and mitigating them.

One of the way of mitigation is to think of what enables aggressors. What makes them act and why would they think it’s OK to act this way. With the traditional justice system it’s often the perceived impunity. If a cop will not accept the complaint made by a victim, then the aggressor will never ever be confronted to the harm he did, so he will act and probably repeatedly.

Another enabler factor, is the social status of the perpetrator. A well established person, with power over a community – because they’re doing important things – will enable perpetrator to do whatever they want, think about R. Polanski, J. Depp, J. Applebaum for instance.

That is why it is important to avoid social structures which enables people to do harm. Meaning, you should not have only one person in charge of this important thing you need your social group to survive. Every structures which have only one person in charge, will lead to harm. That is why I think it’s important to attributes success and failures on collectives, not on individual among those collective.

We also needs to think about the friends of the perpetrators. Some of them are enablers, some are afraid of consequences if they act against their friends. I also tend to think that stripping a perpetrator of his friends by punishing them for actions he did, will not help those person to come forward and discuss an issue that bother them.

I think that most of the harm reduction process is about communication and speech. Being able to talk about something, without being thrown out of a group is something important. And you should be supported to come forward, you should be accepted for that. If someone does not understand consent for instance, or have trouble with it, this person should be able to talk about it, at least to someone. Yes, it means that you need to keep those discussions private.

Last point, you do not need for everyone to agree to that. But you need to have people who wants to try it and to work on it You should also be careful about not converting them o enabler, that’s why it’s something that needs to be addressed by your communities.

I really think we have an issue with justice. We claim we deserve justice while it’s a tool made by and for the power. Or we tends to mix justice and revenge. I think we should really works on those topics. Protection of whistle blowers, privacy and other related issues cannot occur in a traditional justice system since it is intertwined with mass surveillance, systemic discrimination and the like.

I’m not advocating for vigilantes either, which is a protection from the outside (and yes, you might need, at some point, to have people who can physically resists to adversaries, but that’s a different topic). But really, if we want to reduces aggression made by member of our communities toward other members of this communities, we cannot rely on the notion of justice,

Posted on

Redefining privacy

Let’s redefine Privacy, shall we?

There’s a lot of issue with Privacy. I already wrote about it some time ago, but I think that in fact the current definition of Privacy is an issue. For starters, no one is able to provide me with a definition of privacy.

Is Privacy a secret?

The definition I encounter the most can be summed up a bit like this, it’s everything that is "none of your concern". It’s the version of Privacy I used in my previous post and, I think, it’s probably the one that’s defended mostly by people who basically are not discriminated against by system of oppressions (states, but not only).

There’s two main issue with that. First, there’s thing that you cannot "hide", such as your apparent gender, or the color of your skin, and those will submit you to system of oppression – I won’t spend time to expose them, but please feel free to read some useful documentations. Second there’s the fact that secret is used to hide things – that’s the purpose of secret. You want to keep others in the dark about what’s happening. David Cameron just said that his personal investment in Panama are private matters. Conjugal rape and other in-family sexual assault are always hidden under the veil of the "private matters" that should be treated only inside the family.

I mean, clearly, secrecy is a bad thing. Not only for government, but for people in position of power and control over other. I’m not advocating for a full publicity of everything, but for a questioning of is privacy a synonym to secrecy?

Do we really want to hide all of our lives to our society? If we want to redistribute wealth, we need to know about the income of each person. If we want to act upon the discrimination women faces, we need to know about those discrimination, we need to know about who’s identified as a woman and to act upon the people who discriminate them.

If we want a world with a bit more fairness inside, we might need to be able to be a little bit more public about our lives. Society is build on the intersections and interactions we have with each other. The positive ones, and the negatives ones. The society, the cultures we live in, is not – I think – powered by the things we have in common, but by the differences we have and the different experiences we’ve been through.

So, privacy a the thing you keep in the closet is bad – go talk to queers about living in the closet to see why this kind of privacy sucks.

Also, I do not think that the right to privacy – as described by the article 12th of the UNDHR is defined by what we keep secret. This right is defined as protection against arbitrary interference. It doesn’t state that it has to be secret. It protects interferences, meaning, influence, actions, perturbations. Not about knowing about it.

The issue with mass surveillance – and why its so bad – is not because it allow a passive global observer to exist, it is because it create an active global discriminator that will sort people between good citizens and terrorists, based on what data we create. Mass surveillance described as a passive global observer is an issue. The mass surveillance complex is used by power structure to maintain their power over people, by creating and enforcing discrimination. This is clearly a violation of Privacy because it is arbitrary interfering in life of people. But it’s not because they collect the data.

This is one of the thing about mass surveillance, it does not exist in void, it exist as a political tool of social coercion. It'(s not the data collection and gathering that’s the real issue. With the amount of data collected, we could have a real source of interesting data for sociologist to help them describing our society, and gives us clue to change and improve it.

So, no. The fact that a passive global observer exist is not the issue. The issue is that it is a fact an acting and active global discriminatory system. And secrecy is only a way to protect against the passive global observer. It does not enforce privacy. It does not defines privacy. It does not helps you to protect yourself against discrimination.

Is Privacy your identity?

I’m not sure. Identity is a social concept (and a psychological one, it sucks when you use one word for two different things). It’s how you define yourself at some point in time, and how you are recognised and defined by others, based on their cultures and social cues and norms they have.

You decide how you want to define yourself, in regards with the current social cultures you bathe in. You adopt, reject, create or appropriates part of this culture to form your identity and to express to the society who you are, and how you’d like the society to consider you.

Your identity is – at least partly – publicly displayed and used by the society to interact with you. This is where discrimination will take place. If you’re identified as a woman – whether or not you define yourself as one – and the society we live in discriminates women – and we live in such society – then you’ll be discriminated.

Which basically seemed to be a good match for arbitral interfering ad specified earlier. It seems that the elements you use to define yourself, the elements used by other to identify you and to relates to you seems a better candidates for me than the one you keep secret.

What it means is that our privacy, what’s private, is the core of how we see ourselves. It’s not what we want to substract to public scrutiny. It’s how we want to be identified. And our rights to have a privacy is basically our rights to defined however we want – in a social context – without being discriminated for it.

It does not means that if you want to define yourself as a patriarcal asshole you’ll be able to act onto people as you want. It just means that defining yourself as a patriarcal asshole shouldn’t means that you’ll be treated in a specific way. The thing you’ll say, the thing you’ll do are what will bring your trouble, but not your identity.

Basically enforcing privacy is trying to find a way to end discrimination of any kind. It’s not providing tools – secrecy – to create more discrimination. Fighting for privacy is understanding that the world is non-binary, that no identity should be infeoded to another, it’s fighting for sanctioning people for what they do and not what they are.

Yeah, OK, but where’s the cryptography comes into play?

Cryptography is needed because – in a world of oppression – you need to organize yourself to change those. And to organize you need secrecy at least temporary – until you act. It is not a right has protected by any of the article of the UNHRD, but it is mentioned in the preamble:

Whereas it is essential, if man is not to be compelled to have recourse, as a last resort, to rebellion against tyranny and oppression, that human rights should be protected by the rule of law,

Meaning that, if you’re right to Privacy is not respected, then you need to react and fight for it. And for that you need secrecy, you need to hide from the spies and the forces that tries to remove your rights.

Because, in the end, the only rights you have are the one you fight for. And this is where cryptography will helps you. Cryptography will allow you to disobey, to organise dissent, to rebel, to have some time to breathe. But it will not helps you to enforce Privacy and the right to self determination.

And I think we all need to rethink that privacy is not what is secret, but it’s what makes us individuals. It what gives us the right to coexist in the same society. And this is why we all need to fight for it. Without privacy, there’s only bland human without identity. Without privacy there’s no place for non-mainstream person. Without privacy there’s no way to evolve and progress. Without privacy, there’s no I or You. There’s only us. Forced in an identity we didn’t choose, think, defined, accepted, created.

Those identities are the one created by the global active discriminator to divides us. They are the nationalist ones, they are the Charlie’s one. They’re the one of the dominant classes and we’re stuck with them, without a possibility to exist out of those scheme without being violently confronted.

We should fight for this privacy. For the possibility for anyone to self-determine themselves. And stop believing that we currently have access to it, or that cryptography will suffice.

Posted on

PJL Renseignement … stop fleeing!

PJLRenseignement

If you haven’t heard, there’s an emergency law currently “debated” in France, which wants to legalize illegal practices from the Intelligence services (both domestic – DGSI – and foreign – DGSE) and gives them impunity, circumvent the judge, and goes to a massive discriminatory surveillance.

The hashtag is full of report of people opposing it (from Human Right defenders and NGOs to citizen collective such as LQDN to companies and business of all scale). So yeah, it’s the law NSA’s head is dreaming of.

There’s two issues I want to discuss at hand. Not sure how it’ll end, but here it goes. The first one is why fighting surveillance is – in my opinion – the wrong fight and the wrong way of doing it, there’s more to this than just surveillance. The second is about all the geeks and hackers trying to flee out of France, to move their businesses out of it and other “abandon ship” strategies.

Fighting surveillance

So, surveillance. As Quinn Norton and Eleanor Saita stated one year ago in their talk at 30C3, surveillance – in itself – is not inherently good or bad. Surveillance is watching, and – when you want to interact on something – you need to watch it. It’s hard to grab precisely something in the dark (you can do it, but it’s hard).

You need surveillance to expose corruption for instance. Or fascism. Or any wrong doing in fact.

So, the issue discussed is not – and should not be – the surveillance per se. The issue is that this whole process is secret, hidden, non documented, without control or regulation.

What does it mean? First, it means there’s an asymmetry in information. Something knows more about me than I’m able to know about them. What you do not know controls you, it means that this imbalance of power makes the state having more control over you.

It makes them able to act upon you on a discriminatory way. The gigantic issue here is that. It’s not the surveillance, it’s the lack of control. It’s the fact that no one is watching the watchers and have way to act upon them. What frighten me most in this law, are the wording used “secret defense”, “higher interest of the state”, “impunity for state agent” and things like that.

I’ve ranted on twitter about the black boxes that will be able to algorithmically identify threats. The thing is a lot of people lost sight of what an algorithm actually is.

It’s a parametric mathematic function applied to a set of data in order to classify information – or at least that’s what is intended in this specific use case. The magic words in algorithm, machine learning, classification system is just this: parameters. The way you choose your parameters will change the way you classify your data.

How many occurrences of jihadist related news you need to have in your browsing history to be classified as a jihadist? Hom many hours a day you spend in this chatroom? How many times a week you go there?

Those numbers – the one that we as citizens will never heard about – are political tools. The way you choose them, and why you choose them create classification of people and will make you decide who needs to be swatted or not. That’s where the ugliness begins. Those numbers will be chosen to discriminate people depending on their backgrounds.

I mean, they’re already discussing about exceptions for surveillance – especially for journalists – which means that they’re clearly lie when they say it’s an anonymous data collect, they’re already discriminating people based upon their traffic.

So, the surveillance is not the issue. Neither is the privacy. The issue is the lack of control. The issue is the absence of transparency. And stop fighting surveillance saying you have a right to privacy. That’s true, but then it enable politician to call for the “right to be forgotten” which will only help them evading justice.

The issue is that mass surveillance, done by an oppressive system is a tool of segregation and racism. Because in the French context where we do not speak about Arabs anymore, but only about Muslims (and in a way that makes people think that all Muslims are Salafists and potential terrorists), I’ll bet 2 BTC on the fact that they will be the one specifically targeted by this surveillance.

Same goes for the poorer of us. Who happen to be the ones who are not the white guys, who are also the ones who fight for survival and acceptance at all time. I’m quite sure that if the system catchs a white and rich guy, he will go in the false-positive trash and nobody will incriminate him.

So, stop fighting surveillance for the only sake of it. I should not need privacy in a non-oppressive system – that’s even how you determine you’re leaving in a non-oppressive regime: what you do and what you are cannot be held against you as long as it does not threaten the safety of someone else. But go fight the state implemented discrimination.

Don’t run away. Fight.

Which leads me to this other point. We – as citizens, as a collective – need to fight that. I refuse to abandon the ship. I’m witnessing a lot of data-exodus. People actively looking to host their data abroad. Commercial companies – such as OVH – are looking to build datacenter elsewhere.

I can understand why a company would do that. They would because they intend to respect the law. Because they do not want to risk their existence to protect their customers, so they’re running away. But the thing is, if you flee, then what will happen when the country you’ve fled to will also change their law and regulation? Flee again?

That’s not a sane way to do thing. That’s why we have civil society, to oppose the state, to try to restore a bit of balance in the power repartition. If you flee, you say to the state: you can do whatever you want, I just do not care about it.

If you’re a big company, which a lot of money, yes, it might have some power against the government, they will have to choose between reinforcing their power or keeping some jobs in the country. But, well, if the state initially wanted to defend their citizens best interests they won’t be trying to deprive them form liberties, right?

So, fleeing will only preserves you. And, well, you’re still a French company, with offices in France, so you still need to obey the law. OK, you’ll be somehow outside of the DGSI reach. But your customers won’t, since they’ll still be in France and they’ll still connect to your infrastructure from France, from inside the Dragnet. Which, basically won’t protect them and can even gave them a false feeling of security – which is worse.

What can you do? It’s time to protect your customers, your users. The people who’ve put trust in you. You do have a choice – and it’s not an easy or simple or risk-free one. You have to choose between taking care of your users, and actually hold the promises of security you’ve done to them or obeying the law. That’s call civil disobedience and yes, you can end up in jail. But you’re not alone, and a legal defence fund is something you can create or ask for help.

Yes, it might seem easy to say. But that’s what I intend to do with my project. Providing tools for activists and militants groups who need them. In a way that will try to preserve most of their privacy. I do not intend to respect the law to do that. I do not intend to hide myself.

Hosting data for other people is a political statement. I’m sick of hearing people asking for a country where they could safely hosts their data. You can do it wherever you want, if your government has decided to jail you, they will be able to do it – wherever your data are. What we need is not a list of foreign hosters who are out of the French territory and jurisdiction, what we need is a government who actually protects us, not themselves. What we need is actually to take a stance.

Privacy café, camp, cryptoparties et al is good and nice, but it does not solve the main issue. When are we really going to show those who’re in charge who actually is? When are we really going to send them a middle finger?

Do not flee. Do not let them scare you. Fight back. Federate. Protect the

Posted on

The NSA and the hypocrisis

Context

Finally, the French governement is going to react to the NSA mass spying. Just after the first article published by Le Monde (there might be a paywall). Technically, it’s nothing really new since we’ve read the same for Mexico, England and Germany those last days – use your search-engine fu to find related articles.

Oddly enough, 6 month after the first revelations, the French Foreign Ministry has summoned immediatly the NSA^WUS ambassador to talk about it. AT the time I’m writing this, the results of the meetings are not yet public (and I don’t even know if the US Ambassador will answers at all) but, in the end, nothing will change.

Also, we currently have, in France, yet another debate around yet another expulsion of yet another school girl (directly from school) and a lot of discontent about or Ministry of Interior. I’m not thinking the summoning of the US ambassador is done only to try to heave people forgetting about this issue, but the timing is troubling.

First, the obvious – Why do the NSA is spying on French

This is the first time that a national newspaper of broad audience (Le Monde) is directly releasing and analysing Snowden’s document. Before today, it was only comment and translations of foreign newspaper and some analysis done by smaller press apparel.

Le Monde is used to do this kind of release since it was the partner of Wikileaks for the CableGate and, at least parts of, the Warlog. And they’ve got a lot of attention when they did that, so I suppose that this article, and the apparently starting collaboration between Snowden’s news agency and Le Monde, is starting to gather political momentum.

And the french governement is craving for achievments. There’s a lot of miscontent right now – not enough to pull people in the streets, but enough to increase the extrem right wings voter pool – and they might want to do something good. Political momentum from NSA scandal might be the good one to convert into good reputation.

However, they always seems to discover the fact that the NSA had spies on French citizens and officials. They know it since, at least, June and I won’t admit that they didn’t had strong suspicion before that. This is just something they’re doing to occupy the news space, and try to divert people from ongoing issues – hate speech, immigration, economic situation, jobs issues, pick one or many of them and you can even add to the list.

Friends and foes

NSA says they’re spying on anyone to find terrorists. So, it means that:

  1. They do not trust us and think that there’s a risk big enough to have a terrorist-strike on the US soil coming from the french soil. If that’s the case, it means they do not trust their allies. So why are we even part of NATO?
  2. They trust us, but they think our own spying services are lame. I can get it, but then, since we’re allies, they’re probably sharing intel with us. As they’re doing with the UK secret services: GCHQ (GCHQ seems to be the NSA’s reach in EU).
  3. It’s not about terrorism, or a risk of war. Then it’s mainly an economic issue and the NSA uses its powers to take over some market for the benfits of US companies – the ones who works with the NSA.

The economic angle

The economic angle is something interesting. In the french IT industries, we have mainly two actors favored by the state. Former State companies – France Telecom aka Orange, Bull but it was a failure, etc – and big names well established – and for the computer stuff it will be US companies.

One single example is quite interesting. Since France is part of NATO, we must comply to some interoperability on different levels such as ammunitions, information system and managemenbt and strategies.

I like the ammunition aprt, because it explains well what interoperability is. The NATO calibers are standards. And if you want to have your rifles, guns, rocket laucnhers, whatever approved and used on NATO battelfields, you must be able to fire them.

It doesn’t means you must use the Colt’s M16, just that you’re own rifle must be able o fire the NATO ammos. In France we use the FAMAS (French automatic Rifle), the US use the M-16. That’s interoperability.

For the information management, NATO requires the sale level of interoperability. You must be able to send and receives data to and from any NATO system. The US used their own version of Microsoft Windows Hardened for their specifid needs.

The France use the Bull system. No, it’s a joke. Mouhamar Khadafi use the Bull/AMESYS system we sold him. We prefer using the Microsoft system for our critical infrastructure whoch is the army. We’re able to manufactures great tools and weapons and we can even sold them to dictators without blinking, but for our own needs, we’d rather relies on the armed arm of the NSA: Microsoft. The Open Bar contract has been exposed in Avril 2013, just some month before the Snowden revelations.

And we now know that Microsoft is a big part of Prism since the 9/11/2007. The fact that the french military’s head didn’t even thought about it is an issue. And I would suspect Microsoft to have used the NSA to spy and influence the deal.

The strategic angle a.k.a they do not trust us

In the diplomatic game, you can’t really rely only on the good behavious of your allies. Especially since allies or your allies can be your ennemies. For instance, Turkey is an ally of the US since it’s part of NATO. But I’m not sure all the Turkey’s allies are allies of the US.

Same goes for Pakistan.

So, a paranoid and schyzophrenic state like the US is spying on its allies. That’s standard diplomatic procedures, and that’s what embassies are for. However, in this specific cases, the NSA is going way further than a simple state spying. They’re spying everyone – I mean, we’re talking of about 7M phone calls from France in a month – that’s a lot.

Also, France has been criticizing the US on some key political and foreign issues such as Iraqi intervention, and the US stance toward the whole Israel/Palestinian SNAFU. So, they might be interested on some data, and since we host some movment which threatens US interests, they woudl suspect that France can host the next team for a suicide bombing toward US interests. That’s why they would want to spy on the French citizens.

The interesting part of it is: did the French government benefited of it? Or any other governement. Or companies. For now, there’s nothing in the documents leaked by Snowden that would give us a solid proof for that.

They knew it

I really think that the french government knew it and benefited from the NSA mass surveillance program. But, before jumping to this conclusion, we need to ellaborate a little bit on how it works.

The presentation in Le Monde, highlight a fact a lot of people forget about. When routing on the internet, you’re not going through the physical shortest route, but through the most efficient one.

I’m going for an analogy for those of you who do not know what routing is. If I want to go from Lyon to Bordeau by car, I can take the shortest path, made of – at best – national roads. You’re going to go accross a ot of villages, and smallest road. Or you can go through the fast highway. It will cost you some kilometers (and money, but that’s not the point) because there’s some kind of mountain in between, but you’ll arrive faster.

That’s the same thing for internet. The physical shortes path, is probably not the one you’re going to use. For instance for going from Latin America to Africa, the direct route is to jump to Europe (5Gbps) then to Africa (343Gbps), but in fact, you’re probably gonna do one more hop through US & Canada (2.918 Gbps), then Europe (4.972Gbps) and then Africa. Way more faster, way more efficient.

If you want more data, have a look at Telegeography it’s full of maps and data about the internet and telecomunication infrastructures.

Peer to beer?

Another thing are peering agreements. Peering agreements are what makes internet. It’s an agreement between two exchange node ran by companies or other organisations – let’s call them A and B. This agreement, determines how the traffic coming from the network A to the network B and vice-versa will be managed and paid. In most of the case, fair peering (which is: since traffic coming from A to B or from B to A are more or less equals or because both network will benefit from it, let’s peer for free), more info about Peering can be found on the Internet, but globally it’s an economic interest.

And it’s been, in France at least, a long-raging battle between all of the operators. For instance, France Telecom vs COGENT back in 2005 FT cut their peering with Cogent, in 2003 it’s a battle between France Telecom and Free, SFR and OVH battled around 2011 and a battle between Free vs Google is still raging as of today (and it’s standing for a long time).

Also, and a funnier part when you look at it with this NSA angle, is that we have here the ARCEP – an equivalent of the US FCC – which is in charge to regulate and document the Telecommunication infrastructure. In 2012, they tried to force each party involved with peering in France to document their formal agreement of peering – Owni did a great piece about it – and what’s fun was that, in fine, Verizon refused to collaborate with the state because it was too much of work. The very same Verizon who gave full access to its infrastructure to the NSA.

So, peering was done, back in the time, by private companies and by a public one. France Telecom (which then became Itineris, Wanadoo and Orange for its ISP part). They were building physical infrastructure with public money and were interconnecting it with US and UK infrastructure. I won’t believe that noone there suspected or saw anything like some weird and unauthorized traffic coming through their equipment, especially since the french intelligence services must have put some things in place to protect themselves and to spy on the people and other states.

Especially since most of the interconnexion toward Africa has been done by french industrial (such as Alcatel Lucent, a US-French consortium, but more on them later). There’s also a big road to middle-east going through Europe and Germany in particular (that’s why routing to and from Syria often transit through Germany Exchange node – Info from 2007)

However, the french net-isolationism (especillay the will of the local companies to push for their product and to refuse to peer with their US counterpart) has favored emergence of the Uk, DE and NL Exchange. Have a look at this map and you’ll note that France is quite low on the Exchange Node values, and datas found on Wikipedia don’t show the France as a big peering country.

Complacency

But who’s building those system? It appears that the previously mentionned Alcatel Lucent company is a good one. Have a look at the BlueCabinet wiki to understand why. They’re providing submarines cables, infrastructures to 130 countries – including Burma and China – they’re a mix between french and US interests and they’re involved in a lot of French and European infrastructure.

So, if the NSA is collecting data going through France and given that a big part of the interconnection infrastructure in France uses at least a part of Alcatel-Lucent technology and that trans-atlantic cables are at least partially deployed by the US-French consortium, you really think the french secret services would have ignored that the NSA will use and deploy tools to spy on us? Especially when the states add shares into this Company? It’s exactly the same issue when Frecnh governement claims they didn’t knew about Amesys solding arms of mass surveillance to Lybia. They’re lying.

You would argue that those tools don’t need to be deployed on the french soil, they need to be deployed in main Exchange node like in UK, NL or DE. And US also. But it does not cover the landline wiretapping exposed by Le Monde today. So, they have a tap inside the network on the french soil – because the cheapest route on phone network between France and France is to route through France. And since most of it has been deployed by public companies, or subsides of french public companies, or subsides of governmental and military contractor, they know about it.

Because if they do not, it is extremely worrying. It means that any foreign power can come in, wiretap our whole infrastructure and uses it against us without our knowledge. And that’s something I can’t rationalize enough to admit it as true. It can be done – and it has probably be done – for some specific wiretap and people, but not on a scale of 7.4M of phone calls a month. At least the trafic generated by the leak of data must have been noticed.

Now, let’s admit that french secret servcies knew about it. Why keep it secret then? An international scandal could profit for the state and could have lead to a stronger foreign policy and a bit more of defiance toward the US. It would have help defeat things like ACTA or the incoming TIPP, just because EU governement would have been suspicious enough, and it would have increased the power of France and developped for a better diplomatic situation reagrding the rest of the world.

They knew it, and they didn’t used that knowledge to gain power over the US and to empower themselves? From people whose job is to use information to take over other interests, they would have done a poor job.

So, they might have something to gain by keeping it silent. I would go for access to the data. Our national intelligence backbone is not as good as the UK or the US ones (see the reports about Thalès interception platform) and is essentially directed toward phone calls – we have a long history of illegal wiretapping used as political scandal and it didn’t lead to any change in the way wiretapping has been done since then.

I really think there is both cooperation and defiance into this spying affair between the NSA and French intelligence services. I also suspect that most of the intelligence services works in defiance of there own governement and in cooperation with both foreign intelligence services and companies.

And now what?

Nothing. Since everyone except citizens is wining on this mutual sharing of mass surveillance system informel deal I do not except things to change in a short term.

However, there is some good news. First, peering deals, and a lot of the necessary system to maintain internet, are out of reach of the different governement. The informal way that governs them doesn’t helps for regulation and controls by governement (that’s why they seek for it). You still have to keep your data out of big datacenter, but that’s not that hard (have a look at yunohost for hosting most of your data) the social networking part is the biggest and hardest one I think – alongside with search engine, but at least you have duckduckgo.

Second, a lot of governement, starting by South American one are really upsets and are starting to act. The Internet Governance summit held recently in Brazil also gave some hopes about the Internet still staying out of control. I’m not sure it will be followed by impact, because the NSA spying is possible due to some key infrastructures issues, but it’s a start.

I’m quite disapointed that the EU didn’t follow the Brazil on this, since we have some good infrastructure and technologies to help. But then again, I do not think those US/EU commercial agreement will cease for the benefits of citizens or sovereignity they have too much industrial and bank pressure on them.

But as always, nothing will come from the politicians. They must knew about the NSA spying in France and they even collaborate or they’re dangerously incompetent. They benefit from it because it’s a coercion measure (the same way CCTV cams are) and industrial groups earns money doing it. Even if they o have gag orders. They would have been motivated for your privacy, they would have fight those gag orders.

And that’s why nothing new will emerge from this meeting between the french foreign ministry and the – currently in shutdown – US embassy.

Posted on

Bring Moar Fire!!!!

TL;DR Oh,well. Fuck you, you should read and stop being a lazy asshole.

Acknowledgement

I am privileged. Whatever I can say about the state of the world, I’mborn in the best side of it. I can express myself without risking getting beaten up and torture. I can go in the street to buy my food without risking being shot by a sniper. I know that I’ll sleep in a safe place every night. I can have three (or more) meals a day (as long as I do not forget to eat).

And I won’t be insulted, assaulted, raped, considered as a minority, feels in danger by simply walking in a street.

All of that because I’m a white male. I was granted some privileges (and I did not asks for them) the day I was born around here at this period of time. And that sucks. I mean, the fact that I have privileges means that I have power over someone. And that sucks because it means some people (the ones I have power over) are not free, and then it hinder my freedom (if people around me can’t be free, then I can’t benefit of my freedom)

So yeah, being a privileged makes your life easier, but it sucks. I do not want it. And to get rid of it will take some time because the society I live in needs to change on a more global scale. And it starts by raising awareness of the situation (and then to change it and to abandon this power).

Facts & Statistics

If there’s no discrimination in education, then the skills are equally split across the whole population, so you should find educated and skilled people everywhere. Imean, if there’s 20% of people blue-skinned then, 20% of the people good at cooking should have their skin blue. Sounds OK to you?

So, if our educationnal system works fine and tend to develop interest and curiosity equally across the population. What it means is that the simple fact that I’ve met 5 women since I started my studies in technological background (one in a company, the four others were classmate) is either a statistical error, or a proof that the system is borked. I’ve met other woman in tech department I’ve worked in, but they were mostly in the "creative" one (design, integration, etc).

Hence, there’s something broken. I’ve quite an issue to spend a lot of time in a company, In the 13 years I’ve been working (yeah, started early), except the company I’ve spent my aprenticeship,I didn’t spend more than a year in a company. So it’s almost 8 of them. Of different size and of different background.

Never met a woman in the IT department. Sometimes I was the IT department, but even then, in the development teams I haven’t met a woman. The only womans in tech I’ve meet is from the hacker scene (and yeah, most of the timeIdidn’t knewbefore meeting in the meat, but that’s another topic).

So, when someone tells me about sexism that if it’s not broken, don’t try to fix it as an argument to not think about anti-harassment policy, I think they’re wrong. There is a problem.

And a wild politician appears

The other day (two or three days ago at time of writing), @_LaMarquise was assaulted in the street by some guy jerking of in public, and she tweeted about it. Some clever guy @romain_pp thinks it would be funny to joke about it. The thing is that this person happens to be one member of the French and Swiss Pirate Party, and, if I get those party right, anyone can speaks in the name of the party. It’s even written on the name of twitter account, and in the twitter background. So yeah, it was the speach of the Pirate Party.

The things gone a bit wild on twitter, most of the argumentation against @_LaMarquise was that she wasn’t rational. I’ll develop that a bit later, but basically I tend to think that you can’t expect for someone inshock to be rational.

She was also told that she is agressive, that she should not go public about private matters like agression (well, then why do people twitt about their personallife then?), that she was disturbing their life.

The Pirate Party did wrote a letter to @_LaMarquise. They did it in private (since I’m not able to find it online). Which I find weird for a Party who claims transparency at alllevel of society. However, computer system are nice, because it does not cost much to copy things and here is a copy of it (provided by the offended, I have no reason to doubt about her). In essence they say they regret what their member says, and they also regret the "buzz" around it. They do not take the opportunity to engage in a more active position, neither they’ve blamed their member.

Basically this letter is an attempt to shut the things down without aking a stance for or against sexism. If they’re against sexism, they should, at least, get rid of Romain, if not they did not need to write it. This letter prove that what’s important for them, is to avoid being drag into the mud not to defend some position.

What’s a shame is also that they tend to be the first to condemn such comportment in other party. There’s also an issue about freedom of speech, But I’ll get to that later.

About the violence

To live in fear of being assaulted or raped does not help to keep you head cold. As I said (and other said), keeping your head cold is a privilege of people in power, don’t forget that. Insurrection, and a need for a change, will lead to violence. That’s inevitable. This piece summarise it quite well, and the foreword is interesting:

Submission of the oppressed relate to established order. May he disturb this order by beaking its chains and by hitting the master, that is the scandal. In the master language which became the common language, the violent is notthe one who do violence, but by the villain who dares to rebell. – Igor Reitzman

When someone yells at you about something, you should listen to them, because this something is important for them (if not for you). You don’t imagine the French Revolutionnaries to ask kindly to Louis XVI if he would surrender the power. A lot of people don’t want to abandon power and you’ll have to forces them to do so.

It took me sometime to understand that, because it’s not pleasant to have people yelling at you. It’s irritating and you tend to answer agression with agression. I’m not sure I’m fully ok with that, but I try to understand why people are yelling now (also, I try to not answers quickly for it generally don’t help the situation, whatever the situation is).

So, yeah, some feminists will use violence, either physical, either verbal. And if it disturbs you it means that it’s working. You should asks and try to understand why they’re upset, not to calm themselves.

About freedom of speech

However, I’m against censorship. It means that I condemn the fact of suppressing speach. I want nazis to speak their mind, because that’s how you’ll find their ideas can be dangerous. And I want mysogyn to speak their mind, because that’s how you’ll know them. And it’s also the only way to discuss with them about those issue.

But freedom of speach goes both way. It’s not because someone is allowed to say something that they should not been contradicted, ashamed, punished or whatever. You have the right od so a sexist jokes. And I have the right to say it’s not funny. Heck, I even have the right to tell the world about it. If you don’t want that and if you want to be able to say whatever you want without consequences, then you’re defending censorship.

So yes, it makes me uncomfortable about what happened at Bsides (here’s the violet blue point of view and here’s the adainitiative one). Basically a prevention talk about sex and drugs, which had been announced late has been removed from schedule due to some fear of witch hunt by the BSides staff (whether or not the adainitiative initiate this isnot clear forme) under the pretext that there could have been rape survivor who could be put in a stress state (it seems that’s how PTST works) if they attend the talk, and that speaking about how drugs works and, especially, the GHB in a talk labbelled “sex +/- drugs: known vulns and exploits” is an incentive to rape.

The arguments is that, in hacking conferences, people giving talk named known vulns and exploits do that to encourage the exploitation of those vulnerabilities. Well, there’s a misconception here. Most of the talks about known vulns are more about how toprotect yourself against them than exploiting them.

In general, the vulns is being patched at the time of the speech, or at least, the people exploiting the software or system are working on it (if they taking their jobs seriously I mean). Of course some people will uses them to their own profits, but that’s not a majority.

And, in fact, people using vulns for their own profits, don’t want the vulns to be known. Going public about them is prevention and education, it’s not for arming people. This is how preventions works.

Now, should we do preventions in the tech community? Of course we should. There’s an history of sexual agression and rape in tech conferences. If you don’t speak about it, you can’t educate people and you won’t changes them. The adainitiative says that they organises their own camp to discuss about it. But it’s like doing a drug prevention talk in a straight edge camp, you won’t help drug addicts to manage their addiction.

So yes, we must educates our fellow hackers, especially in occasion where there’s alot of drugs, alcohol and sleep deprivation, because it changes your perceptions of things. So talking about it is a necessity. And, if the talk happens tobe offensive, then people should says it and condemns it,but you can’t know that until the talk happens.

There’s still the problem with rape survivors and the PTST syndrom. I can understand why people who survived an agression and/or a rape don’t want to be exposed to some talking about it (hey, one should manage their pain as they see fit). And it seems there’s a custom about trigger warning, which I do not fully understand yet (seems to work a bit like the PEGI labels for video games)

End

Mmm, I might have missed some points somewhere. Or I can be wrong about some stuff.