By Eben Moglen & Mishi Choudhary
Manu Joseph is widely considered to be a particularly accomplished novelist. As an Internet policy analyst, however, he has trouble telling fact from fiction.
Writing in the New York Times on 16 September, Mr Joseph – newly reborn as an admirer rather than a skeptic of Mark Zuckerberg’s altruism – hotly defends Mr Zuckerberg’s “Internet.org” scheme. He accuses of gluttony those of us who think the world’s poor deserve the same security and openness of the Internet as the world’s rich. We use all the broadband in India, Mr Joseph says; therefore we can afford to condescend to the poor by demanding for them the same Internet we use and that they, he says, will never be able to afford, unless they get the shoddy equivalent offered by Zuckerberg.
It was not always thus. Writing in the same newspaper a mere six months ago, in mid-April, Mr Joseph caustically described the Zuckerberg scam as it really is: “The goal of Internet.org is to bring cheap Internet to all, as long as they use Facebook.”
Not just use Facebook, Mr Joseph might have gone on to explain – in the sense of live their social lives under its ever-present deep inspection surveillance – but also agree to put all their traffic through its servers. They must surrender their data security (of banking, buying, or whatever else they do on the Net) because Zuckerberg’s “man in the middle” attack breaks it. They must give up any idea of anonymity or personal privacy in any of their online life. Zuckerberg’s Internet.org service – recently renamed Free Basics – is a way of bugging the entire Internet, not just Facebook itself, for hundreds of millions of users, because that kind of rotten service is all, being poor, we can “afford” to give them. Mr Joseph knew that in April.
But what a difference six months makes. Reborn as a Facebook-enthusiast and Zuckerberg-admirer, Mr Joseph now tell us that “the minority of Indians who consume most of the nation’s bandwidth [want] to pass legislation that would deny free Internet access to the poor.” Ghosts, in Mr Joseph’s novels, have been known to do some remarkable things; apparently now they also write his columns. He should not let them.
Requiring Indian telecommunications network operators to preserve the integrity of the Net, and the equality of all its users, does not deny free Internet access to the poor. It would, however, prevent Zuckerberg from ripping off the Indian poor and calling it charity. We do indeed think that would be a good thing, as have the nations around the world (including the Netherlands, Canada and Chile) that have banned the practice. Needless to say, Mr Joseph does not remind anyone that he used to think so too.
Zuckerberg’s “Free Basics” is a scam against its supposed beneficiaries for several reasons. First, rather than offering “the Internet,” his service requires its users to route all their traffic to “free websites” through his servers, where the users’ identities are logged so that their traffic can be paid for by the spy, rather than by them. So the first actual charge is that the poor will be comprehensively surveilled by Facebook, losing any shred of personal privacy, while the rich using the real Internet do not route all their traffic through Facebook.
Second, Zuckerberg destroys the security of his users, the benefited poor. As announced, Zuckerberg’s service prohibited all use of the secure web protocol HTTPS (the one that lights up the little lock image on the status bar of your browser). HTTPS, and its authentication mechanism, are the only reasons that online banking and e-commerce are safe for consumers. So not only were the Indian poor to lose all chance of anonymity on the Net with respect to Zuckerberg, but they were also to abandon any possibility of common safety in the Net.
Naturally, these technical details eluded Mr Joseph, whose newfound sentimental attachment to Internet.org has nothing to do with facts. But ever since the required insecurity of the Internet.org architecture came to wide notice late this summer, observers around the world have been watching the desperate charm offensive of the Facebook crowd.
This has included flying groups of Indian reporters business class to California at Facebook’s expense to hear presentations about the wonders of Zuckerberg’s Schweitzer-like commitment to human welfare. They’ve been dancing as hard and as fast as they can, hoping to defuse all opposition this week, before Prime Minister Modi visits the Facebook campus. Some of their dancing, apparently, has been done for Mr Joseph, and it has worked. But they didn’t make it to deal time before the wheels fell off the car.
Facing inevitable exposure of the full-Monty cynicism behind this “humanitarian” gesture, as the world press and policy communities caught on, Zuckerberg has resorted to rewriting the script during the premiere. So Facebook admitted that this is no charity, just a commercial offer to buy the Indian poor’s de-anonymized traffic at a cheap rate. And, to confuse the issue of his destruction of their security, Zuckerberg announced also a “technical fix.”
Traffic between users and the Facebook middleman will now be encrypted using HTTPS, and will then be forwarded on to the actual website provider, semi-securely. All users’ supposedly-secure data will exist in unencrypted form on the Facebook servers (momentarily, we are assured). But the user will be unable to authenticate the identity of the website to which the data is then forwarded by the Zuck in the middle, because HTTPS authentication of the destination is broken.
This half-measure sounds, or is intended by the conman to sound, like half-security. But it isn’t. As any specialist or common sense will tell you, the chain of a web transaction is no stronger than its weakest link. No one using “Free Basics” will ever be able to assure herself that the bank or store or government services website she thinks she’s using is genuine, because the architecture still breaks the “authentication” pathway between the user and the remote system.
Zuckerberg’s greed to absorb the world’s web traffic in order to mine the data of people around the world continues to destroy all security on the Net for those poor enough to need subsidized Internet service. The poor deserve the same sanitation, health care, drinking water, primary and secondary education, and network communications as the rich. It is the responsibility of society to provide them.
As our organization, SFLC.in, has shown, Indian telecommunications network operators have made immense super-competitive profits from mispriced data services in India, made possible in large measure by the pervasive political corruption indulged in by the prior Congress Party government. Fair regulatory pricing of telecommunications tariffs in India would allow the Indian poor access to data service, as they now have access to mobile telephony, at prices they can afford.
India’s first BJP government made that happen, and its second could provide Indians with an Internet that reflects the world’s largest democracy’s commitment to equality and human dignity. It has no need of the supposedly-humanitarian assistance of a dataminer and conman. Nor do we need this sudden, surprising outburst of Mr Joseph’s ill-informed and recently-converted condescension.
Prof. Eben Moglen is the Founding-Director of Software Freedom Law Center (also a professor of law and legal history at Columbia University) and Mishi Choudhary is the Executive Director at SFLC.IN