Black Code: Inside the Battle for Cyberspace (35 page)

15
The cartels have also shown a ruthless ability:
The murders of bloggers by drug cartels in Mexico has been profiled in “Mexican Drug Gang Beheads ANOTHER Blogger and Dumps Body and Severed Head in Street with Bloody Warning Note,”
Daily Mail Online
, November 10, 2011,
http://www.dailymail.co.uk/news/article-2060057/Blogger-beheaded-Mexican-gang-left-note-warning-snitch.html
; and “Killings Grow More Gruesome as Mexican Drug Cartels Try to Out-shock,”
The National
, October 10, 2011,
http://www.thenational.ae/news/world/americas/killings-grow-more-gruesome-as-mexican-drug-cartels-try-to-out-shock
. The Citizen Lab’s Luis Horacio Najera is an exiled journalist from Mexico and winner of the 2010 International Press Freedom Award. He has been undertaking extensive research on the use of information and communication technologies by Latin American drug cartels and will be publishing his findings in 2013 as a Citizen Lab report.

1
Google’s ongoing acrimonious relationship with China:
Google’s announcement of the two policies is available on its blog at “Security Warnings for Suspected State-Sponsored Attacks,” June 5, 2012,
http://googleonlinesecurity.blogspot.ca/2012/06/security-warnings-for-suspected-state.html
; and “Better Search in Mainland China,”
Inside Search: The Official Google Search Blog
, May 31, 2012,
http://insidesearch.blogspot.sg/2012/05/better-search-in-mainland-china.html
.

2
“corporate sovereignty”:
Rebecca MacKinnon,
Consent of the Networked: The Worldwide Struggle for Internet Freedom
(New York: Basics Books, 2012). In
The Master Switch: The Rise and Fall of Information Empires
(New York: Random House, 2010), Tim Wu shows how all previous innovations of the information industry have followed a single path from being open and widely accessible to being dominated by a single corporation or cartel, and warns that the Internet may one day also follow this path of development.

3
Its vigorous opposition to the SOPA and PIPA bills:
The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) aim to curtail online copyright violations by granting the U.S. government new tools and powers to block users’ access to websites that sell copyright-infringing or counterfeit goods.

4
“unprecedented synthesis of corporate and public spaces”:
Steve Coll’s
New Yorker
essay “Leaving Facebookistan” (May 24, 2012) is available at,
http://www.newyorker.com/online/blogs/comment/2012/05/leaving-facebookistan.html
.

5
social media are less like town squares:
On private policing of online content, see Jillian C. York, “Policing Content in the Quasi-Public Sphere,” OpenNet Initiative, September 2010,
http://opennet.net/policing-content-quasi-public-sphere
.

6
they have had to balance the desire to penetrate markets:
On corporate social responsibility, see John Palfrey and Jonathan Zittrain, “Reluctant Gatekeepers: Corporate Ethics on a Filtered Internet,” in Deibert et al., eds.,
Access Denied
, 103–122. See also Colin M. Maclay, “Protecting Privacy and Expression Online: Can the Global Network Initiative Embrace the Character of the Net?,” in
Access Controlled
,
87–108; Ethan Zuckerman, “Intermediary Censorship,” in
Access Controlled
, 71–86; and Jonathan Zittrain, “Be Careful What You Ask For: Reconciling a Global Internet and Local Law,” in
Who Rules the Net
, eds. Adam Thierer and Clyde Wayne Crews (Washington: Cato Institute, 2003).

7
The same downloading of responsibilities can be seen in:
A larger discussion of the concerns associated with the Anti-Counterfeiting Trade Agreement is available in Michael Geist, “The Trouble with the Anti-Counterfeiting Trade Agreement (ACTA),”
SAIS Review
30.2 (2010).

8
stating that it archives content removal requests:
The Chilling Effects Clearinghouse is a joint project of the Electronic Frontier Foundation and Harvard University, Stanford University, University of California, Berkeley, University of San Francisco, University of Maine, George Washington University Law School, and Santa Clara University School of Law clinics. More on Chilling Effects can be found in,
http://www.chillingeffects.org/faq.cgi
.

1
In November 2012, Google released an update:
The Google Transparency Report can be found at
http://www.google.com/transparencyreport
.

2
Twitter’s report came out immediately:
The Twitter/Malcolm Harris case was profiled in Joseph Ax, “Occupy Wall Street Protester Whose Tweets Were Subpoenaed to Plead Guilty,”
Reuters
, December 5, 2012,
http://www.reuters.com/article/2012/12/06/us-twitter-occupy-idUSBRE8B504120121206
.

3
The EFF has investigated and ranked eighteen U.S. email, ISP, and cloud storage companies:
In “When the Government Comes Knocking, Who Has Your Back?,”
https://www.eff.org/pages/who-has-your-back/
, the Electronic Frontier Foundation “examined the policies of 18 major Internet companies – including email providers, ISPs, cloud storage providers, and social networking sites – to assess whether they publicly commit to standing with users when the government seeks access to user data.” See also Christopher Soghoian, “An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data
to the Government,”
Minnesota Journal of Law, Science & Technology
, 12, no.1 (2011): 191–237.

4
Thai-American citizen detained:
In August 2011, Anthony Chai, with the support of the World Organization for Human Rights, filed a lawsuit with a central California district court, charging Netfirm of violating (1) Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA); (2) the privacy provisions in California’s Business and Professions Code; and (3) the Declaration of Rights contained in California’s constitution. Chai is suing the company for US$75,000 in restitution and punitive damages. See Matthew Lasar, “Thai Censorship Critic Strikes Back at Snitch Web Host,”
Ars Technica
, August 29, 2011,
http://arstechnica.com/business/2011/08/thai–dissident-strikes-back-at-snitch-web-host/
. The OpenNet Initiative has documented Thailand’s cyberspace controls in “Thailand,” in
Access Contested
, eds. Ronald Deibert et al., 271–298.

5
The Chinese government requested information:
Rebecca MacKinnon discusses corporate social responsibility in the case of Yahoo! and Shi Tao in Shi Tao, Yahoo!, and the Lessons for Corporate Social Responsibility, Version 1.0, December 20, 2007,
http://rconversation.blogs.com/YahooShiTaoLessons.pdf
.

6
numerous demands by governments to eavesdrop on users:
Christopher Parsons investigates BlackBerry security, and government requests for its decryption keys, in “Decrypting Blackberry Security, Decentralizing the Future,”
Technology, Thoughts, and Trinkets
, November 29, 2010,
http://www.christopher-parsons.com/blog/technology/decrypting-blackberry-security-decentralizing-the-future
. The Citizen Lab’s announcement of the RIM Check project is at “Information Warfare Monitor (Citizen Lab and SecDev Group) Announces RIM Monitoring Project,” Information Warfare Monitor, October 21, 2010,
http://www.infowar-monitor.net/2010/10/information-warfare-monitor-citizen-lab-and-secdev-group-announces-rim-monitoring-project/
.

7
A June 2012 Human Rights Watch (HRW) report:
See in “In the Name of Security, Counterterrorism Laws Worldwide Since September 11,”
Human Rights Watch
, 2012,
http://www.hrw.org/sites/default/files/reports/global0612ForUpload_1.pdf
.

8
ATIS hosts a number of committees and subcomittees:
Ryan Gallagher discusses how networks of telecom companies and international government agencies, such as the Alliance for Telecommunications Industry Solutions (ATIS), are responsible for the harmonization of surveillance laws in “How Governments and Telecom Companies Work Together on Surveillance Laws,”
Slate
, August 14, 2012,
http://www.slate.com/articles/technology/future_tense/2012/08/how_governments_and_telecom_companies_work_together_on_surveillance_laws_.html
.

9
dozens of governments party to this agreement:
More information on the Council of Europe’s Convention on Cybercrime is available in Amalie M. Weber, “The Council of Europe’s Convention on Cybercrime,”
Berkeley Technology Law Journal
18, no.1 (2003).

10
would require ISPs and other telecommunication companies to store:
The proposed Communications Data Bill has been profiled in “UK’s Data Communication Bill Faces Tough Criticism,” BBC, June 14, 2012,
http://www.bbc.com/news/technology-18439226
; “Jimmy Wales, Tim Berners-Lee Slam UK’s Internet Snooping Plans,”
ZDNet
, September 6, 2012,
http://www.zdnet.com/uk/jimmy-wales-timberners-lee-slam-uks-internet-snooping-plans-7000003829
; “UK’s Web Monitoring Draft Bill Revealed: What You Need to Know,”
ZDNet
, June 14, 2012,
http://www.zdnet.com/blog/london/uks-web-monitoring-draft-bill-revealed-what-you-need-to-know/5183
; and Mark Townsend, “Security Services to Get More Access to Monitor Emails and Social Media,”
Guardian
, July 28, 2012,
http://www.guardian.co.uk/technology/2012/jul/28/isecurity-services-emails-social-media
.

11
From documents released under federal access to information laws:
See Christopher Parsons, “Canadian Social Media Surveillance: Today and Tomorrow,”
Technology, Thoughts, and Trinkets
, May 28, 2012,
http://www.christopher-parsons.com/blog/technology/canadian-social-media-surveillance-today-and-tomorrow/
.

1
Meet Koobface: A Cyber Crime Snapshot:
Between April and November 2010, the Information Warfare Monitor, led by Nart Villeneuve, conducted an investigation into the operations and monetization strategies of the Koobface botnet. See Nart Villeneuve, “Koobface: Inside a
Crimeware Network,”
Information Warfare Monitor
, 2010,
http://www.infowar-monitor.net/reports/iwm-koobface.pdf
. Other important studies on Koobface include Jonell Baltazar, Joey Costoya, and Ryan Flores, “The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained,”
TrendWatch
, July 2009,
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_real_face_of_koobface_jul2009.pdf
; Jonell Baltazar, Joey Costoya, and Ryan Flores, “The Heart of KOOBFACE: C&C and Social Network Propagation,”
TrendWatch
, October 2009,
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_pdf
; Jonell Baltazar, Joey Costoya, and Ryan Flores, “Show Me the Money! The Monetization of KOOBFACE,”
Trend Watch
, November 2009,
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/koobface_part3_showmethemoney.pdf
; and Jonell Baltazar, “Web 2.0 Botnet Evolution: KOOBFACE Revisited,”
TrendWatch
, May 2010,
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/web_2_0_botnet_evolution_-_koobface_revisited_may_2010_.pdf
. In January 2012, Jan Droemer and Dirk Kollberg reported on their own detailed investigation of the Koobface perpetrators in “The Koobface Malware Gang Exposed,” Sophos Lab, January 2012,
http://www.sophos.com/medialibrary/PDFs/other/sophoskoobfacearticle_rev_na.pdf?dl=true
.

2
Electrons may move at the speed of light, but legal systems crawl at the speed of bureaucratic institutions:
The lack of international co-operation around cyber security is discussed in Brian Krebs, “From (& To) Russia, With Love,”
Washington Post
, March 3, 2009,
http://voices.washingtonpost.com/securityfix/2009/03/from_to_russia_with_love.html
. See also Jeremy Kirk, “UK Police Reveal Arrests Over Zeus Banking Malware,”
Computer World
, November 18, 2009,
http://www.computerworld.com/s/article/9141092/UK_police_reveal_arrests_over_Zeus_banking_malware
; and Omar El-Akkad, “Canadian Firm Helps Disable Massive Botnet,”
Globe and Mail
, March 3, 2010,
http://www.globeandmail.com/news/technology/canadian-firm-helps-disable-massive-botnet/article1488838
.

3
Specialists working for Facebook, Jan Droemer, and other security researchers:
In January 2012, Facebook outed the identity of the Koobface perpetrators in “Facebook’s Continued Fight Against Koobface,” January 17, 2012,
https://www.facebook.com/note.php?note_id=10150474399670766
. See Riva Richmond, “Web Gang Operating in the Open,”
New York Times
, January 16, 2012,
http://www.nytimes.com/2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html?pagewanted=1&_r=2&mid=57&ref=technology
. Joe Sullivan, Facebook’s chief of security, stated: “People who engage in this type of stuff need to know that their name and real identity are going to come out eventually and they’re going to get arrested and they’re going to be targeted.” A week before Facebook released the identities of the Koobface perpetrators, Dancho Danchev independently released the identity of the leader of Koobface, Anton Nikolaevich Korotchenko of St. Petersburg, in “Who’s Behind the Koobface Botnet? – An OSINT Analysis,”
Dancho Danchev’s Blog
–
Mind Streams of Information Security Knowledge
, January 9, 2012,
http://ddanchev.blogspot.ca/2012/01/whos-behind-koobface-botnet-osint.html
. The public exposure and the release of the Sophos report led to immediate action by Koobface: its command-and-control servers stopped responding, and the gang started removing traces of themselves off the Net. Facebook’s “name-and-shame approach” was criticized by some in the security community for hampering an ongoing criminal investigation and jeopardizing the evidence. See Stefan Tanase, “Was the Koobface Expose the Right Move?,”
Threat Post
, January 19, 2012,
http://threatpost.com/en_us/blogs/was-koob-face-expose-right-move-011912
.