Dev Update week beginning :safe: 24 november 2014

Hi all,

Here’s the transcript of Monday’s developers weekly meeting. Feel free to use the thread for questions on issues you want to know more about!

Transcript Dev Update Monday 24 november 2014

Cheers Ben

You guys seem to have found a good format for dev updates that both gives insights into what is happening on a weekly basis without being a huge burden to write about. Well done, I am enjoying it.

Very thankful as well, love seeing the progress

These updates are so exciting!

Yay for the coming API

Seriously!

That will mark the beginning of some crazy cool apps!!

Interesting that Paige is working on a warrant canary:

A warrant canary is a method by which a communications service provider informs its users that the provider has not been served with a secret United States government subpoena.

If the canary has not been updated in the time period specified by the host, users are to assume that the host has been served with such a subpoena.

The intention is to allow the provider to warn users of the existence of a subpoena passively, without disclosing to others that the government has sought or obtained access to information or records under a secret subpoena

Be aware that in most European countries including the UK, failure to update a warrant canary after a warrant has been served is considered a violation of the injunction imposed, and very severe penalties will be applied personally to those nominated in the injunction (treason charges usually). Unlike in the US, there are no rights to appeal, and in some cases you cannot even legally tell your lawyer without breaching it.

You guys have this right to free speech you see. We have no such rights in any European country: free speech is tolerated up to the sovereign’s displeasure

Niall

Yeah agreed, if the original idea is that one is not allowed to disclose that the state or government is involved currently with your business e.g.observing or investigation it would be foolish to think that an indirect way of revealing exactly this what is forbidden would be tolerated by the lawmaker(s). This is exactly what they thought of or why they came up with a law to begin with to not allow to disclose information. No matter how tricky or sophisticated you might want to reveal this information, they are not that stupid to let you get away with it when it is exactly conflicting with what they intended doing. Don’t be stupid and believe in fairy tales. Warrant canaries are just laughable. They are not that stupid.

Warrant canaries are:

negative pronouncements to thwart the nondisclosure requirements of court orders and served secret warrants

So in Europe it’s not illegal to post a canary, but illegal when failing to update or remove the canary? bizzaro

It would be quite a tricky prosecution. Much easier to prosecute someone saying “we’ve been nobbled” than someone who at some time after being nobbled, removes, loses, forgets to copy during a rework etc, a notice saying “we’ve not been nobbled”.

Many of the gagging orders prevent you from doing anything or failing to do anything which could convey the fact you’'ve been served with a gagging order. Some even prevent you telling your business colleagues, or your lawyer, or even your wife.

BTW breaching an injunction isn’t illegal. An illegal act requires due process and your potential day in court. No, breaching a gagging order is an extra-judicial act - you see instant, prespecified, and very severe consequences with no right of appeal, no right to ask for explanation, and no right to discuss or negotiate.

I appreciate that is probably a bit alien to the American mindset. We don’t get rights here you see. We exist and have anything at all due to the monarch’s sufferance. Technically, at any time she or he can strip any assets from you for any reason, take your husband or wife as their own instead, and of course lock you up. They can of course also do the reverse and gift you assets, or pardon you. They are, after all, the reigning monarch.

If you remember Princess Diana, a fun fact was that her first affair the guy in question Hewitt actually faced the death penalty by hanging, drawing and quartering under UK law at the time, and that his relations would be stripped of all their assets and thrown into abject poverty. They shortly changed the law thereafter, no one had paid attention to it in decades, and besides a medieval execution and purge of family would look really, really bad internationally.

You don’t see any European monarch actually enforce any of those powers, usually at least. But we technically speaking are little different here to some Middle Eastern autocracy, it’s just they make use of their powers, and here they don’t (usually).

Niall

I think we are under the same arrangement in Australia. We had a vote to become a republic sometime back which was defeated. We have crown lands here as you would know (similar to public lands in the US I’d guess)…a lot which have been converted to freehold.

Crown lands for me are the only place where you can go and feel truly free to wander where you like. It’s an interesting concept whereby you have layers of ‘leases’ that can be granted on top of crown land such as ‘Pastoral leases’ ‘Mineral leases’ etc.

I hold a ‘miners right’ and as long as I send a ‘notice of entry’ to the pastoral lease holder, I can traverse anywhere I like. So if I travel from Adelaide to say Port Augusta 300kms away, it’s all pastoral land to the north. A reliable 4WD, a tent and plenty of water…that’s as close to freedom as it gets in this place.

Well seeing as we are speaking about Australia …

As much as the Americans get very upset about <insert current president here> being some sort of dictator and/or terribly immoral and/or a dire threat to “freedom” and/or <insert presidential conspiracy theory here>, they are constitutionally incapable of putting someone like Gough Whitlam in charge. It is simply impossible in America, they haven’t been able since at least the 1970s and many would argue more like since Roosevelt to elect leaders that actually change anything.

And I guess that’s the enormous benefit of European style states. Our liberty constantly lives on a knife edge, guarded by no bit of paper, just our wits and the will of the people. And that lets us elect, from time to time, leaders who actually really change stuff whether for better or worse, because we have more confidence in ourselves to stop them when they go too far.

And that’s partially why ancient and “backwards” European style states have kept up with America. We may not have the same dynamic go forth economy given all our socialist welfare state and 60% income taxes and such, but by god our government actually does stuff and the citizenry hence believe that government can actually run a large chunk of public goods for society. Our big worry is when it does too much stuff too quickly, not that it does nothing at all.

I guess what I’m saying is that rights by fiat due to some bit of paper saying you have them probably aren’t as truly valuable as rights you constantly worry about being taken from you because there is no legal recourse otherwise. Hones the senses, as it were.

Niall

ned14,

I would argue that we will never see another Giant of the calibre of Gough in Australian politics - his government was destroyed by the people / organisations that really run the joint and successive Labor leaders have been timid in comparison (it goes without saying that the conservatives are not even under consideration and can be generally grouped with the anti-democratic forces). The last Labor government tried to introduce a tax on Super Profits by the mining companies - the miners fought back so ferociously with their friends in the media (mostly Murdoch) that they forced the Government to make changes so that the tax that was eventually introduced actually raised LESS money than it cost to implement . .

Australia is not far behind the US in terms of Corporatist Hegemony.

MaidSafe and Cryptocurrencies are a bright spot in an otherwise very gloomy looking future.

Regards,
Phil.

Hey Niall,
Can you post a reference to the EU laws you’re speaking of? I’m pulling the canary because of this but there is an accompanied blog post which I still want to publish - it just needs some updating to reflect this.

I wonder why EFF doesn’t disclose any of this in their canary FAQ.
Seems like businesses which are not solely operational in the US specifically indicate US gag’s in their canaries, ie. Apple.

Another interesting thing I just discovered upon looking deeper is Moxie Marlenspike’s refusal to issue a warrant canary for WhisperSystem’s servers. He doesn’t specify whether the servers are located in US or not, but this makes me think they’re probably not.

Now the bigger question becomes: freedom of speech in the US or freedom to not get killed by cops in EU?

The EU wide law is the Data Retention Directive. That is implemented in custom variants by each country, so it isn’t actually a law itself, rather guidelines for each country who may diverge substantially from the guidelines. The UK’s implementation is the Regulation of Investigatory Powers Act 2000 which provides very wide warrantless data retrieval powers and gagging being able to publicise the event. These powers were expanded by the Data Retention and Investigatory Powers Act 2014 which if I read it correctly, could allow the government to seize TOR nodes and operate them on your behalf for sustained periods of time. This power isn’t unusual, other European governments have already made use of it by seizing TOR nodes.

The canary only works because the US is very unusual in that you cannot be compelled to lie under oath. You can be compelled to be silent, but not to lie. I think that’s simply a happy accident by the founding fathers. It is definitely unusual.

However to be honest Paige a canary is a gimmick anyway. Much more valuable is making public a threat matrix which shows in a single place all the threats which can be exerted on the SAFE network by adversaries. You then aim to plug those threats.

For example, in the UK it is illegal not to supply your encryption keys to the government. If they got the Maidsafe github keys and forcibly took over our servers and gagged us from telling anyone, they could, pretending to be us, modify the code base to subvert the network and push it out as authentic updates. That is but one threat entry in the matrix. Another might be that we can’t afford our own data center so we rent them, well that leaves us wide open to governments fiddling with our servers and we’d have no idea. Or they could trap all packets entering and exiting the main internet junctions and build a pattern - this is how they subvert TOR et all.

They’re a US based entity just like the FSF and therefore US focused almost to the point of ignoring anywhere else. Also acquiring competent legal advice on foreign law is orders of magnitude more expensive. So they don’t bother commenting on elsewhere.

If the servers are in country X then the laws of country X apply irrespective of the owning or renting company. Also if you don’t own your own data center you can’t control who fiddles with your servers, or know that someone has.

Collecting a single page of canaries for those who supply servers to Maidsafe might be a very good idea. And those providers who won’t provide a canary. For example, all our email is handled by Google, in there are all the passwords to our servers in the emails. It’s a cinch for a government to pull and we’d never know, hell Google even provide a web form which gives you a zip archive of everything Google has on a person.

Statistically you’re two orders of magnitude more likely to get killed by your cops than here. You may have noticed British police don’t even bother carrying guns and when someone dies it’s national news and there is a judicial inquiry. It’s about thirty per year for the whole of the UK, and most of those are suicides whilst in custody or people choking on their vomit whilst intoxicated. Police actually killing someone is between zero and one per year average compared to well over a thousand in the US annually.

Niall

…and bringing the system in-house would do nothing to change this scenario I expect.

Can you think of a way around this, prior to launch?

Once launched, can you envisage a native SAFE repo system that could overcome this weakness…it’s a terrible thing to have hanging over the network.

No. Even after launch this will be a difficult thing to overcome, but while they are building using the old system I don’t think its possible to get away from this.

However, I’m not sure this is a serious threat at this point. One of the biggest defenses that we have to big government is that they are really pretty bound to the conventional way of doing things. If someone goes to a bureaucrat and tries to tell them about Project Safe, the first response is likely to be “that sounds impossible” and then “have they actually done anything yet?”

These kinds of people are the ultimate skeptics, they are financially and emotionally invested in the conventional system and are unlikely to care enough to try and take the time to understand how profoundly SAFE could change the game.

Now after launch, (and depending on how powerful the initial launch is maybe pretty quickly after launch) this would become more of a concern.

My thought would be to have multiple actors involved, who are all mutually checking each other for transparency and openness. Don’t have it be a “Warrant Canary” per se. Just a set of watchdogs, who are all watching each other for transparency.

If Maidsafe were to be served with an injunction and start to be forced to do objectionable things, they would need to impose a veil of secrecy over the process. If these groups were watching for that, and trumpeted that to the skies, that would be a pretty effective warrant canary, and might also serve some other purposes in terms of promoting long-term openness.

Again, get multiple interest groups, some in the US, some in other places (perhaps countries which are not likely to cooperate with a US or EU extradition order) involved and it becomes very difficult to suborn everyone involved.

Why not host the central code repository on the SAFE network itself after release? It is after all a file system. Not sure if it’s possible with Git, but it is for example definitely possible with Mercurial (my favourite source control system).

wasn’t this the problem that pods were meant to address?

I really can’t envisage DIrvine crumpling so easily given his drive/vision and the potential humanitarian benefits this project could bring - .just can’t see it. I can however imagine him waving from the balcony of the Ecuadorian embassy alongside Julian Assange…lol…Never Surrender!..FREEDOM!!!
Seriously though, if security is a concern, then put the code on a pen drive and I will hide it in a cleverly disguised bean tin safe amongst the other tins in my cupboard.