EFF: We've always been at war with EastAsia

As a populist organization, the EFF is frequently Orwellian. That's demonstrated in their recent post about the "Declaration of Independence of Cyberspace", where they say:

"The Declaration resounds eerily today. We live in an era where net neutrality is threatened by corporations that want to remove competition and force customers to pay more to have equal access to some sites."

This is self-contradictory. The Declaration says, unequivocally, that governments should not regulate cyberspace ("You have no sovereignty where we gather"), and should not make it into a public utility. The current EFF position is exactly the opposite, that government needs to regulate cyberspace as a public utility.

It is like that bit in 1984 where Orwell's government changes allegiances, going from being an ally with Eastasia to becoming their enemy, and then claim that they had always been at war with Eastasia. They made the change in mid-rally. Orwell describes how the mob quickly switched their beliefs, agreeing that they'd always been at war with Eastasia.

When I read 1984, I thought this was a bit over the top, that the mob would not behave so illogically. But we see the EFF mob today acts exactly that way today. The EFF mob truly believes "The Declaration resounds eerily today" despite all evidence to the contrary. That Declaration was about "Governments", yet the EFF mob will now easily believe "we've always been at war against Corporations".

EFF, Animal Farm version

In celebration of "Banned Books Week", the EFF has posted a picture of their employees sitting around "reading" banned-books. Amusingly, the person in the back is reading "Animal Farm", a book that lampoons the populist, revolutionary rhetoric the EFF itself uses.

Orwell wrote Animal Farm at the height of World War II, when the Soviet Union was our ally against Germany, and where Stalin was highly regarded by intellectuals. The book attacks Stalin's cult of personality, showing how populist "propaganda controls the opinion of enlightened in democratic countries". In the book, populist phrases like "All animals are equal" over time get amended with such things as "...but some animals are more equal than others".

The hero worship geeks have for the EFF is a modern form of that cult of personality. Computer geeks unquestioningly support the EFF, even when the EFF contradicts themselves. There are many examples, such as supporting coder's rights while simultaneously attacking "unethical" coders. The best example, though, is NetNeutrality, where the EFF wants the government to heavily regulate Internet providers like Comcast. This is a complete repudiation of the EFF's earlier position set forth in their document "Declaration of Independence of Cyberspace".

So I thought I'd amend that document with updated EFF rhetoric:

• You [governments] are not welcome among us, but corporations are even less welcome.
• You have no some sovereignty where we gather.
• You have no moral right to rule us to excess.
• We did not invite you then, but we invite you now.
• Do not think that you can build it, as though it were a public construction project. Thanks for building cyberspace, now please run it like a public utility.

EFF: some are more equal than others

George Orwell's Animal Farm was about how revolutionary principles are quickly morphed to service those in power. For example, when the animals on the farm rebelled, they stated the principle that "All Animals Are Created Equal", but when the pigs took power, that was amended to include "...But Some Are More Equal Than Others".

That's a good description of the EFF, the Electronic Frontier Foundation. They have no fixed set of principles that they fight for, but instead change their principles according to whatever is popular at the moment, whatever will get them the most donations and influence.

An example of this is the "Declaration of Independence of Cyberspace", a document abjuring all regulation of the Internet, with forceful statements like "You have no sovereignty where we gather". This document was a reaction to how the telephone network was regulated as a public utility, which killed innovation. The pride it expresses in the Internet is that it invented itself, not merely without government's help, but despite government's hostility (e.g. the GOSIP regulations).

But today, the EFF has changed it's stance, calling for government to regulate cyberspace as it does other public utilities. For example, they have setup a website https://www.dearfcc.org/ asking you to lobby government for more regulation.

The same is true for other stances by the EFF. For example, they claim to support the rights of coders, but have had as one of their board members (Lawrence Lessig) somebody who championed that idea that code should be regulated, and have come out against 'bad' code like 0day exploits. Their excuse is that they haven't actually explicitly called for laws against 0days -- but that was their excuse back when they started championing Net Neutrality (that calling for net neutrality wasn't technically the same as calling for regulation).

This poses a quandary for me. On one hand, the EFF fights for many of the things I fight for, so I should work with them even if I don't agree 100%. On the other hand, their malleable principles makes me feel that I could just as easily end up like Snowball (the pig who gets eaten).

Thanks EFF for outlawing code

The EFF has been at the forefront calling cyberweapons "unethical" and "dangerous". As a result of such rhetoric by the EFF and many others, the next NDAA (National Defense Authorization Act for 2014) will likely contain provisions to regulate cyberweapons. The text of the law is at the bottom of this post.

This demonstrates the Orwellian nature of EFF's populism. They don't stand for principle but for popularity. They abandon their principle that the Internet is sovereign when they promoted Net Neutrality. They abandon their principle that code is free speech by suggesting that some code needs to be regulated.

The text of the NDAA, below, calls for the president to implement export controls on code:

 SEC. 946. CONTROL OF THE PROLIFERATION OF CYBER WEAPONS.
(a) Interagency Process for Establishment of Policy- The President shall establish an interagency process to provide for the establishment of an integrated policy to control the proliferation of cyber weapons through unilateral and cooperative export controls, law enforcement activities, financial means, diplomatic engagement, and such other means as the President considers appropriate.
(b) Objectives- The objectives of the interagency process established under subsection (a) shall be as follows:
(1) To identify the types of dangerous software that can and should be controlled through export controls, whether unilaterally or cooperatively with other countries.
(2) To identify the intelligence, law enforcement, and financial sanctions tools that can and should be used to suppress the trade in cyber tools and infrastructure that are or can be used for criminal, terrorist, or military activities while preserving the ability of governments and the private sector to use such tools for legitimate purposes of self-defense.
(3) To establish a statement of principles to control the proliferation of cyber weapons, including principles for controlling the proliferation of cyber weapons that can lead to expanded cooperation and engagement with international partners.
(c) Recommendations- The interagency process established under subsection (a) shall develop, by not later than 270 days after the date of the enactment of this Act, recommendations on means for the control of the proliferation of cyber weapons, including a draft statement of principles and a review of applicable legal authorities.

Who will fight for me?

Recently on Dave Aitel's popular mailing list this question was posed:
does the EFF have our best interest at heart? The answer is clearly
no: I think the EFF has lost it's way and I doubt it can be set
correctly.

The catalyst that set off the discussions and this blog post come from
a March EFF blog entitled
"Zero-day exploit sales should be key pointin cyber-security debate".
 For those of you who do not follow US
federal politics, there are a lot of bills in play aimed at cyber
security reform and bringing organizations under the government
umbrella of protection. As someone who distrusts authority, I don't
like this. This increases government meddling in our lives while doing
nearly nothing to actually protect us.

The EFF has made a 180 degree turn on this issue. Originally, the EFF
was founded on libertarian principles of individualism opposing
government regulation, claiming that cyberspace should be sovereign.
Now the EFF wants to collectivize the Internet and impose its "ethics"
on coders, claiming we have a moral obligation hand over 0day
vulnerabilities for the common good.

That statement is beyond naive and shows a lack of understanding of
the process used to find vulns. Vulns are discovered because people
are looking for them. People look for them because they expect to be
rewarded. Removing the reward, and we'll no long look for vulns. If
the military stops buying weaponized vulns from researchers like me,
then I stop finding them -- I uninstall WinDbg and ignore program
crashes instead of spending two days trying to reproduce the problem
and weaponize an exploit.

These exploits are the munition of choice for the upcoming cyberwar.
The EFF naively believes in unilateral disarmament, that the US stops
buying these weapons even though Russia, China, Israel, North Korea,
and Iran continue. It's irrational to believe this makes the Internet
"safer".

In a related argument, the EFF describes exploit sales as "security
for the 1%" using the ugly class warfare rhetoric of the #Occupy
movement. It's a paranoid conspiracy theory that bankers are out to
get you, and it's a paranoid conspiracy theory that exploit
sellers/buyers are out to get you. Yes, I know it sucks that some
people have more money than you and more security than you, but
attacking them and curtailing their freedom's won't make you any
better off. The actual selling of weaponized exploits is only a small
part of what vuln discovers do -- the vast majority of our efforts
filters out quickly to everyone else, both to vendors to help them fix
bugs, but also to everyone else to educate them on which products are
more reliable. Sure, people like me do things that you may not like,
but trying to curtail our freedoms will do more to stop the things you
do like.

The big thing the EFF has done with posts is to reduce funding. We
used to unquestioningly support the EFF because they promised to
support freedom of all of us. Now it has become obvious that they
really don't, that they are more of the standard partisan group,
promoting the interests of some at the expense of others. The obvious
basis of the EFF's posts have nothing to do with electronic liberties,
but everything to do with a partisan attack against the American
military specifically.

This was just a long way of saying the EFF is dead to me.