Here’s one thing that’s already changed post GE14

In 2015, I was invited to a variety program on Astro to talk about cybersecurity.

This was just after Malaysian Airlines (MAS) had their DNS hijacked, but I was specifically told by the producer that I could NOT talk about the MAS hack, because MAS was a government linked company, and they couldn’t talk bad about GLCs.

Then half-way through the interview they asked me about government intervention, and I said something to the effect of “Governments are part of the problem and should refrain from censoring the internet”, that sound-bite never made it to TV because it was censored.

This was some stupid variety show called VBuzz, on a Tamil TV channel (of all places), tucked away in the Astro labyrinth of channels, and even then they were absolutely piss scared of being critical of anything even remotely close to the government. My statement wasn’t even directed at the Malaysian government, it was directed at government intervention in general, but alas, they feared too much and censored it out.

To be fair, I’m 100% certain the station would not have been in any trouble if they just broadcasted all of what I said (I’ve been more critical on other mediums like the blog and radio), but the producers chose to err on the side of caution.

When I asked why it was censored, they said it was because of the ‘law’. When I pressed her to give the actual law in question, and her response (quite nonchalantly) was that it was an un-written law!

Then…GE14 happened and….

Two days ago, on Astro Awani (LIVE!!), a commentator openly criticized directly the SPR commissioner, a Government Agency….and Astro didn’t censor now. Far more critical than what I said, and Far worse, but somehow magically the media found their spine that day.

It’s now a viral clip of how press freedom actually looks like, and hopefully this refreshing change will permeate through all of Malaysian media.

#PotongSteam

I haven’t blogged in a while because I’m busy studying (yes, studying) for my OSCP certification.

But what happened over the week, was just to mind-blowingly stupid to ignore.

Here’s what happened….

A Taiwanese company released a game titled Fight of Gods, which as the name implies, has Gods fighting among themselves. But the developers didn’t ‘just’ use Greek, Roman or Norse Gods — they went a step further and used Jesus and Buddha (but not Muhammad or Allah). Gods fighting among themselves isn’t anything new in videogames or comics, who do you think Thor from the Avengers is based on, or Hercules from Disney, or just watch any Justice League episode with Wonder Woman, the real difference here is that games don’t typically use Jesus or Buddha.

Most gamers brushed off the game as a lousy game wrapped in a theatrical package, but the media picked up the story and the game garnered more publicity than was warranted. So much publicity, that the Malaysian government decided to take action, but how do you take action against a game developer in Taiwan?

Well if you can’t have the goose, you can have the gander.

You see, gamers these days download games from online stores, the most famous of which is the Steam Store. It’s like the KLCC, MidValley and Sunway Pyramid of online games — and it was in this store that Fight of Gods was sold, for a mere RM11 per download. (early bird price, of course!)

And the government in its almighty wisdom, decided to go-ahead block the entire store, not just one game from the store, or even one category — it blocked the entire store, which caused the infamous #potongsteam hashtag on twitter. For my non-Malaysian readers, potong means cut in malay, so the hash-tag just meant cut steam. But ‘steam’ is also slang for erection, and #potongsteam roughly translates to losing an erection (nice play on words!)

Steam (the company, not the erection) promptly removed the Game from the Malaysian store, and ban was quickly lifted, granting Malaysians access to their games again. Phew!

To be fair to the government, it was merely responding to calls from local leaders from all religions, including the Malaysian Consultative Council of Buddhism, Christianity, Hinduism, Sikhism and Taoism (MCCBCHST). Whose deputy president Datuk R.S. Mohan Shan explicitly asked for the ban.

So that’s what happened, so let’s dissect the issues one at a time, and like the mosquito in the nudist colony, it’s tough to figure out where to start.

The over-reaction

The government has a long-standing tradition of over-reaction, it has blocked medium just because SarawakReport used it, and contemplated blocking youtube. So blocking entire platforms, because of specific content is actually quite normal for our friends in the MCMC. I personally believe the government would want to block facebook and twitter, but realize the political a backlash would be too big to handle.

A full platform block, like blocking steam, penalizes both gamers and game developers, who have nothing to do with Fight of Gods. It has too much collateral damage.

But the over-reaction does more than just that — #potongsteam wouldn’t have been a hashtag if the government had just reacted like normal human beings. The over-reaction creates more publicity for a game, publicity which benefits no one else, except the creators.

In essence, the over-reaction causes the exact opposite effect that the government intended, this happens so much on the internet, there’s actually a term for this — the Streisand effect.

The effectiveness of the ban

I’m not based in Malaysia anymore, so I’m unsure how the government blocked steam, but if it used it’s typical DNS blockers — those are easily bypassed.

So easy, I expect most Malaysians have already bypassed this already.

In fact, I think, most Malaysian gamers, probably disabled the bypass, just to take a snapshot of ban, and post some snarky comment on twitter. Only to resume bypassing the ban shortly afterwards.

The more the government uses this crappy banning mechanism, the less people it’ll effect.

So…not just over-reaction, it was an ineffective over-reaction.

Banning Games

But it would be irresponsible of me if we didn’t confront the actual issue at hand — should the government ban games just because it offends people?

So, before I proceed, here’s a disclaimer, I’m a Christian, and I’m no Troll. But just because I’m Christian doesn’t mean I have a right to ask for a ban of everything offensive to Christianity.

Ok, let’s go.

Which do you think is more offensive to Christians and Buddhist? A game that has Jesus and Buddha dueling it out with violent (yet unrealistic) fight moves, or a game that encourages you to have sex with a prostitute (to gain health points) and then kill her to get your money back?

One is an unknown game selling at RM11 with fewer downloads than I have socks, and the other is Grand Theft Auto, a game with 30 million downloads and cost nearly RM200.

So do we get to ban Grand Theft Auto as well? and the 100’s of other violent, misogynistic but still fun games out there?

How about The DaVinci Code, a book that purports to be historically accurate and basically runs down Christianity for being a man-made religion hell-bent on destroying the children of Mary Magdalene? If some Muslims can claim to be offended by Hannah Yeoh’s book, the certainly Christians have a good case with the DaVinci Code.

Should we ban popular books and movies too? Just because it offends some particular group?

If we’re happy for the government to ban games because it offends us, why can’t the government ban events because it offends some other people? Oh, like I don’t know, an event called Jerusalem Jubilee in Melaka, or god-forbid the better beer festivals.

Christians just asked to ban the sale of a game that might have been sold to non-Christians. What basis for complain then would we have when the Muslims of PAS ask for the banning of the better beer festival? Draft for me, a specific law, that allows for the banning of Fight of Gods, but not the banning of the better beer festival — go ahead, I dare you!

In today’s ultra sensitive world, with micro-aggressions and trivially upset people, there’s a long list of things that offend people, certainly we can’t have the government banning something just because if offends. Logic dictates we raise the bar a bit higher than offensive content before we ban something.

But even putting aside all of that, what did the ban actually do?

NOTHING!

Well maybe the 50+ Malaysians that would have downloaded the game now can no longer do so. What else? Nothing.

The game still exists, it still offends you, it’s still out there for download (if you block Mid-Valley people will just get their games from the pasar malam).

And even if gamers downloaded the game, how does a private citizen, playing a game in their home offend you?

I worry that part of the applause we gave the government for banning this game, is going to come back and bite us in the ass, because we just let the government set precedent on what banning content online looks like — and the next time the use their banning powers, it might not be as pleasant

Facebook giving China a censorship tool?

The New York Times reported this week that Facebook has ‘quitely developed’ a censorship tool, specifically for the Chinese government to suppress content on their platform. The piece writes:

“the social network quietly developed software to suppress posts from appearing in people’s news feeds in specific geographic areas, according to three current and former Facebook employees, who asked for anonymity because the tool is confidential. The feature was created to help Facebook get into China, a market where the social network has been blocked, these people said. Mr. Zuckerberg has supported and defended the effort, the people added” – New York Times

The report goes on to say, that Facebook intends to grant that capability to a 3rd-party, who will “have full control to decide whether those posts should show up in users’ feeds“.

In short, they’re creating a censorship on demand for China, in exchange for access to the worlds largest market.

Censorship in an encrypted world

While Facebook have neither confirmed nor denied this, this will give China special priviledge to the platform, one that no other nation currently has. Today, most governments face an all-or-nothing approach to censorship on encrypted sites like Facebook, Google and Wikipedia. China famously censor of all Wikipedia on days leading up to the anniversary Tianamen square massacre, simply because they have no ability to censor specific pages.

If I were browsing for chicken curry recipes on Wikipedia, while you were researching political dissent on the same site, our traffic would look identical to anyone ‘sniffing’ along the line. These ‘in transit’ censorship attempts are failing, and for Governments like China, a ‘block the whole damn thing’ approach is the only alternative.

This new tool however, will grant them granular control, to block specific posts and news on the social network,because the censorship now will occur at source, rather than in-transit. It is a radical shift in the way censorship will be performed on the internet, not just in China, but across the world.

It’s also worthwhile to note, that other governments have tried these ‘all-or-nothing’ approaches as well, including Brazil who famously blocked all of Whatsapp (also owned by Facebook) for 72 hours, because a Judge was ‘unhappy’ that Whatsapp responded via email and in English. Fortunately for Brazilians, the ban didn’t last that long.

Whatsapp is a private communications tool, and Facebook is a social network–the similarity is that they both use encryption and this is problematic for governments. In the case of Whatsapp, the two ends of the encrypted channel belong to users, and Whatsapp would be unable to provide any content of communications within that channel–even if it wanted to. In the case of Facebook, since one end belongs to the company–it is able to provide some control.

But I’m digressing. Let’s get back to Facebook and censorship in China–but first let’s take a look at Facebook. Continue reading

Anonymity and IP addresses

anonymous_guy_fawkes

This week, I’ll put the final touches on my move from Malaysia to Singapore.

So, I felt it would a good idea to read through some Singaporean tech articles to see how tech events played out on the little red dot, and offer some unsolicited  and completely useless advice on them.

It wasn’t easy shifting through a boat-load of gadget reviews masquerading as tech journalism (I guess some things are the same in every country), but underneath the hundreds of phone reviews and fiber broadband comparison, I found a little interesting report on illegal downloads.

The Singapore Straits time reports that:

A local law firm that started proceedings to go after illegal downloaders in Singapore on behalf of two Hollywood studios said it will cooperate with the local authorities to ensure no abuse of process.

It follows a rare intervention by the Attorney-General’s Chambers (AGC) in civil applications made by Samuel Seow Law Corp (SSLC) in the High Court last month.

“We will work with the local authorities to ensure that there will be no unnecessary alarm to consumers who receive the letters of demand we plan to send out,” Mr Samuel Seow, managing director of SSLC, told The Straits Times yesterday.

This is just a re-hashed version of what happened last year in Singapore, when the same law firm went after downloaders of another movie, the difference is that this time they’ll be doing it under the watchful eyes of the AGC.

There is something to be said here about copyright-trolling, the abuse of power and the bullying tactics usually involved. But, we’ll leave that discussion for another day.

Today, I want to explore a little bit about anonymity and how many people have a mistaken notion about what it is. Continue reading

The Internet is slow because of illegal downloads

Let’s start with the quote that set off the rage in my heart—

“You can see today that our Internet is slow. Not because it itself is slow but because a lot of people are using it,” he said

The government agency chief blamed this on illegal downloads hogging Internet bandwidth here, adding that this does not happen in countries like Germany due to stricter enforcement.

“In Germany, the Internet is fast because if you download illegally, you will be charged by the authorities.

“You can’t download illegal movies, songs and pictures there, you need to pay but we here, anything also we download illegally right up to the pictures of our grandfathers.

“That is why the Internet highway is slow but we blame the government. The government has created proper Internet highways but we don’t know how to use it. Millions have been spent on this by the government,” he explained.

So apparently, Datuk Ibrahim Saad, the  National Civics Bureau (BTN) chief  thinks that the internet is slow in Malaysia (it’s not that slow), because illegal downloads are hogging up the pipelines.

Let’s start with his first sentence, an substitute the word ‘internet’ with the name of any Malaysian highway you choose, personally I like to use the LDP:

You can see today that our LDP is slow. Not because it itself is slow but because a lot of people are using it

Hmmm, I guess in his infinite wisdom that makes sense to the BTN chief, but to me that just sounds like the highway wasn’t built properly.

Let’s go to the 2nd statement:

In Germany, the Internet is fast because if you download illegally, you will be charged by the authorities.

“You can’t download illegal movies, songs and pictures there, you need to pay but we here, anything also we download illegally right up to the pictures of our grandfathers.

“That is why the Internet highway is slow but we blame the government

Now we come to the crux of the issue. If Malaysians weren’t illegally downloading, they’d have faster internet.

Here’s 4 reasons why he’s wrong. Continue reading

Hate Speech is defined by private companies

FirstAmendmentYou don’t have a right to freedom of speech.

Obviously true if you’re Malaysian, but even Americans only enjoy a liberty in freedom of speech and not an absolute right.

The difference is clear, liberties are protections you have from the government, while rights are something you have from everyone.

So if someone threatened your right to live, the government is obligated to intervene and protect that right, because your right to live is a protection you have from everyone, whether it be a common criminal, abusive husband or Ayotollah Khomeini.

On the other hand you only have a liberty in freedom of speech (at least in an American context), which means that the government can’t prevent you from speaking, or penalize you for something you said.

However, the government is under no obligation to ensure your speech gets equal ‘air-time’, a newspaper may decline to publish your article, an auditorium may elect to deny you their roster, and online platforms like Facebook may choose to remove your post–all of which do not violate your freedom of speech, because freedom of speech is protection only from the government (state actors) and not from private entities.

And like all liberties and rights, freedom speech is not absolute. Under strict conditions even the US government can impose limits to what they’re citizens can say, or penalize them for things they have said.

In the case of freedom of speech, a liberty defined in their first amendment, those strict conditions are very strict indeed. In order for the government to infringe on the freedom of speech, it must demonstrate a imminent danger that will result in a serious effect.

In other words the government must be able to prove that if the speech were given freedom, there would be an imminent threat of something serious. Both the imminence and seriousness must be proven, failing which the government cannot infringe on that speech. This is indeed a very tall hurdle to climb, and based on my cursory research no case has ever reached this limit. Continue reading

Court rules Hacking Team documents still confidential

internet censorshipUnder the current hype of the FBI ordering Apple to ‘install backdoors’ on their iPhones, a bit of interesting news seems to have slid under the radar.

A court in Singapore ruled that e-mails from the Hacking Team breach, published by the hacker Phineas Fisher via a torrent download, and available freely on Wikileaks–were still confidential in nature.

The news hits close to home, after all, I’ve written a 2,000 word article on it back in July, and have been harping on the issue over the past weeks, even going on BFM radio for an interview.

So was I using confidential information in my tech evangelism?!

Well, probably not, but this does raise some interesting questions.

Here’s the facts of the case. Continue reading

Keith’s on BFM Talking about spyware–again!!

Keith_on_BFM_Tech_TalkToday, I was on BFM talking about Hacking Team, the audio for which is below, and more comments and thoughts below that.

 

This is my last ditch attempt to get a conversation started about the use of surveillance software by the Government—and these conversations should take place a the higher (and more powerful) levels of goverment. Talking about it to myself on this blog isn’t taking it anywhere.

If we want change we’re going to have to get the Government involved. I know, it sounds pretty depressing that we have to get the government involved, but unfortunately they’re the people we need to convince to have a proper discussion here. There’s a whole bunch of links below for more details.

I had a really great time during the interview and encourage you to listen, if for nothing else than for the smooth sultry acoustic aphrodisiac that is my voice.  But if you’re a lazy, like Garfield on rainy Sunday after a banana leaf meal, then here’s a quick FAQ on the matter.

Question 1: What is Spyware?

Spyware is software built to spy on computer users. In the past we used the term to describe relatively harmless ad cookies and software in ‘search toolbars’ to spy on users browsing and surfing habits. But this isn’t about that.

This is about a far more pervasive and invasive tool, that sucks up all the information in a computer to report back to its master. This is spyware on a different level, if personal data was dust in the air, this is the Dyson Vacuum cleaner that sucks it all up.

Question 2: How does Spyware work?

Spyware infects your computer by exploiting vulnerabilities and flaws in the software already installed on it. This includes things like Adobe Flash, Java and even the Operating systems (iOS, Windows, Mac OS, Android). Once a computer is infected it begins sending back screenshots, personal communications, e-mail messages, sms, whatsapp conversation to the command and control server.

A newer feature of spyware is the remote control capability that allows the attacker to take photos with your smartphone camera, or record using your inbuilt microphone, all without your knowledge.

Question 3: Does the Malaysian Government but Spyware?

YES.

Based on all the evidence we’ve seen, from the discovery of Command and Control Servers for Finfisher (a specific spyware model) within our borders, to the thousands of e-mails and documents in the Hacking Team breach that point to 3 agencies buying it, there is little room for doubt that at least some Government Departments have purchased spyware from both Gamma and Hacking Team.

Oh, and Paul Low also semi-admitted it 😉

Question 4: Every other government buys it, why should we be worried.

The purchase of spyware isn’t the issue, what we should focus on is the context of usage in Malaysia.

  • Why is the PMO buying spyware when it doesn’t have any investigative authority?
  • Why did the Government outsource the operations of the surveillance software to  a private 3rd-party? Is it legal to empower contractors with this capability?
  • Why does the Government continue to deny the usage of spyware on both a policy and technical level? If the Government truly didn’t buy spyware, then an investigation must be launched on Miliserv Sdn. Bhd. who bought it using their name.
  • Does the law permit certain ‘features’ of the spyware, including remote control that can capture intimate pictures of an individual and private conversations that should be off-limits to government surveillance?

Question 5: Don’t we need this to combat terrorist?

Yes and No. ISIS is not your father’s Al-Qaeda, their tactics are mass-propaganda followed by lone-wolf attacks. These attacks usually require no funding from head-office and very little formal communication between ISIS and the individuals. By definition self-radicalization and lone-wolves don’t communicate much with the outside world.

Hence, surveillance doesn’t help because there is nothing to surveli. There are still legitimate uses for spyware, but not all the time, and definitely not by the PMO and MACC. We shouldn’t be writing blank cheques to the Government for surveillance, and we shouldn’t be intimidated by terrorist–otherwise they would already have won.

Here’s a bunch of links I think might be useful.

  1. My initial post on the Finfisher spyware found in Malaysia (link)
  2. My second post on Finfisher, the one after CitizenLab released the infection file,  where I concluded it was indeed spying. (link)
  3. A post at security.my dissecting the file (link)
  4. The original post from Citizenlab about the infection file (link)–page 107 (a second link)
  5. Phineas Fisher hacks Gamma (link)
  6. Phineas Fisher hacks Hacking Team (link)
  7. My exceptionally long post about Hacking Team’s software in Malaysia (link)
  8. My rebuttal to Dato Seri Azalina Othman, that Malaysia did indeed buy from Hacking Team (link)
  9. Paul Low’s response that the MACC did indeed buy Hacking Team Software (link)
  10. Further proof Malaysia bought spyware (if you ever needed it)
  11. 5 Questions we need to ask about spyware (link)
  12. My rebuttal on why surveillance doesn’t work with ISIS tactics (link)
  13. The MACC Act (link), for other acts including the Criminal Procedure Code, check out the AG’s website (link).
  14. My previous kick-ass BFM interview (link)

Or visit https://www.keithrozario.com/tag/spyware for all my post relating to spyware 🙂

 

Netflix is setting back Piracy and Security

copying_is_not_piracy

Malaysian rejoiced last month when Netflix announced that they would be coming to our shores. We were all salivating over the massive amount of content we would finally have access too…except that it wasn’t so massive.

Malaysia would enjoy less than 20% of what was available to Netflix users in the US or even in the UK, and that looked like an especially lousy deal since we were paying the same amount for our subscriptions.

I wasn’t that interested in the news, after all, I had already subscribed to Netflix for more than 2 years, and used a VPN to enjoy US and even UK content. I loved Netflix because it had a lot of interesting content, but what really sealed the deal for me was Pocoyo and Dora the explorer…I’m a father of a 2-year-old, and having a video on demand service that lets me address my toddlers demand was a life-saver.

Netflix was far more effective than youtube for videos for my kid, first of all, the content was pure, and I could be sure that nobody was messing with it or adding commentary, but more importantly, it had no adverts, and when you have a 2-year-old the last thing you want them to watch is adverts. Continue reading

Medium blocked: Collateral Censorship vs. Collateral Freedom

Website Blocked

So the buzz around twitter is that Medium.com has been blocked by the Malaysian Authorities, and guess what? It’s true.

It was expected, after all Medium is where the ‘infamous’ Clare Rewcastle Brown uploads her articles to circumvent censorship of her own site, the equally diabolical SarawakReport.org.

Medium is like twitter without the character limits, and it’s quite a cool site to just browse around and look for interesting articles to read, The platform claims to be “community of readers and writers offering unique perspectives on ideas large and small”.

A lot of successful writers and bloggers have taken to Medium to host their content, including Stephen Levy, the author of In the Plex, one of my favorite books on Google. He’s using it (and only it) to start a Tech Hub  for his content, and placing it alongside millions of other articles contributed by both professional and amateur writers.

So it made sense for SarawakReport to take their content to Medium. After all, most of their readership is Malaysian, and since Malaysian ISPs ‘censored’ their content, using a neutral ‘un-censored’ platform like Medium was a perfect solution—well almost perfect!

It’s a phenomenon called ‘collateral freedom’, and for a while SarawakReport readers, and Malaysian internet users enjoyed that collateral freedom, Medium was free and un-censored, which made Sarawark also free and un-censored as long as it was on the platform. Continue reading