Government-Mandated Parental Spyware Found To Be Leaking Personal Data At An Alarming Rate

from the dysfunctional-by-design dept

A few months ago, the South Korean government strongly suggested parents load their children's cell phones up with government-approved spyware. It recommended an app called "Smart Sheriff." The app provided plenty of reassurance for parents, if said parents were willing to let the government look over their children's shoulder while they browsed the web, chatted about kid/teen things or otherwise engaged with their devices.

It also claimed to block porn, alert parents to budding sexuality and otherwise ensure no amount of phone use was left unreported. And, if South Korean parents somehow felt the government might be overstepping its bounds a bit, cell phone providers were obliged to hassle parents about underuse of the government-approved spy app.

Now, it appears that everything the mandated spyware grabs, it also leaks in one form or another. Citizen Lab (the same entity that sniffed out the connection between malware provider Hacking Team and blacklisted governments) has audited Smart Sheriff and has found its security measures to be mostly terrible. Not only does the recommended app not protect the transmission of personal data, but it doesn't even live up to the government's own standards for data and information security.

Citizen Lab has uncovered a plethora of flaws that make Smart Sheriff even worse than it was when it was simply government-approved spyware.

We identified twenty-six vulnerabilities and design issues that could lead to the compromise of user accounts, disclosure of information, and corruption of infrastructure. The same issues were often present in multiple parts of the application and infrastructure. For example, we identified a potential attack against user accounts via the Smart Sheriff mobile application, then determined that it could also be made against the Web-based parental administration site. These multiple flaws suggest that the application was not fully examined for security issues before being released. Both audits were done in a limited window of time and without access to the original source code.

Smart Sheriff loads up on personal data during registration, demanding the phone numbers of both children and parents, along with the child's gender and date of birth. The information keeps flowing while in use, gathering data on apps installed and used, as well as browsing history. Then it transmits all of this information (some of it in plaintext) back to its storage, which is unencrypted. (This makes a certain sort of sense, considering the transmission of data is similarly unencrypted. Why lock it down in storage if you can't be bothered to arrange for its safe travel?)

What comes through as plaintext is the user's browser history. Visited sites are matched against a blocklist. (Strangely, no sites are actually blocked, as this function raised concerns about user privacy. But it still gathers the data, sends it in plaintext and stores it in unencrypted form. So these privacy concerns are sabotaged just as soon as they're addressed.) In order to match sites against its blocklist, the software edges around HTTPS protections to match the user to the site visited.

Beyond that, the software's authentication process can be decrypted by reverse engineering or decompiling the app. There's layer upon layer of inadequate security that adds up to a total catastrophe should anyone manage to make their way through any number of easily-prised doors.

The primary mechanism for authentication across the Smart Sheriff service is a device identifier that is derived using reversible obfuscation rather than industry-standard encryption. If an attacker is able to guess, enumerate, or intercept the device identifier of a phone with Smart Sheriff installed, the attacker can impersonate the application and undertake a range of attacks.

For example, using only the device identifier, an attacker can impersonate a user and request the parents’ phone number, children’s names, and their dates of birth. Moreover, an attacker can use the Smart Sheriff API to request a parent’s administration code (itself an insecure four-character string) and use it to take control of the account.

Basically, the app is good enough for government work, as the saying goes. The government desires its public to have more control over the actions of their children. This, in turn, allows the government to have more control over the parents. The "do something" do-goodery we see in our own legislators is echoed here. In response, a "good enough" solution is mandated, even if it's not actually good enough. No one in charge of these mandates seems to care too much about the security flaws and gaping holes -- not even the company that made the app.

After our disclosure, MOIBA released an update to Smart Sheriff (v1.7.6) that includes communication over HTTPS. However this version does not properly validate the credentials received and appears to accept a self-signed certificate, which minimizes the update’s effectiveness.

As Citizen Lab points out, the software does too much and too little, simultaneously, gathering the worst aspects of both. It fails to meet government guidelines on information security while going much further with surveillance and control than the government has actually mandated. The worst part of it is that the government has mandated use of the software, which gives citizens no option but to place its children's privacy in the hands of an entity that clearly has no respect for it. On top of that, it makes parental monitoring of children's cell phone use the new normal, which only makes it easier for the government to make further related demands down the road.

Filed Under: leaks, privacy, smart sheriff, south korea, spyware
Companies: citizen lab

Secretary Of State: We Must Have A Secure Internet; Homeland Security Secretary: A Secure Internet Makes Us All Less Safe

from the watch-out-for-the-buts dept

Secretary of State John Kerry gave a speech in South Korea this week about the importance of an "open and secure internet." Of course, that sounds a little hypocritical coming from the very same government that is actively working to undermine encryption, so it seems worth contrasting it with comments made from Secretary of Homeland Security Jeh Johnson, in which he whines about a secure internet making things better for terrorists. Kerry's speech is mostly good (with some caveats that we'll get to), in talking about the importance of not freaking out over moral panics and FUD:

Freedom. The United States believes strongly in freedom – in freedom of expression, freedom of association, freedom of choice. But particularly, this is important with respect to freedom of expression, and you believe in that freedom of expression here in Korea. We want that right for ourselves and we want that right for others even if we don’t agree always with the views that others express. We understand that freedom of expression is not a license to incite imminent violence. It’s not a license to commit fraud. It’s not a license to indulge in libel, or sexually exploit children. No. But we do know that some governments will use any excuse that they can find to silence their critics and that those governments have responded to the rise of the internet by stepping up their own efforts to control what people read, see, write, and say.

This is truly a point of separation in our era – now, in the 21st century. It’s a point of separation between governments that want the internet to serve their citizens and those who seek to use or restrict access to the internet in order to control their citizens.

That sounds good... until you compare it to Kerry's cabinet partner Johnson, who was doing exactly what Kerry said governments should not do:

“We are concerned that with deeper and deeper encryption, the demands of the marketplace for greater cybersecurity, deeper encryption in basic communications,” Johnson said on MSNBC’s “Morning Joe” on Friday. “It is making it harder for the FBI and state and local law enforcement to track crime, to track potential terrorist activity.”

Let's not even bother with the question of just what is "deeper and deeper encryption" or why we should have someone who clearly doesn't understand encryption in charge of Homeland Security. But it seems clear that Kerry and Johnson's views here are quite different. Kerry is saying that "governments will use any excuse they can" including bogus claims about "terrorism" and "criminals" -- and yet that's exactly what Johnson is doing.

Of course, later in his speech, Kerry starts enumerating a similar list for any country to use, should they want to control speech as well:

First, no country should conduct or knowingly support online activity that intentionally damages or impedes the use of another country’s critical infrastructure. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain. Fourth, every country should mitigate malicious cyber activity emanating from its soil, and they should do so in a transparent, accountable and cooperative way. And fifth, every country should do what it can to help states that are victimized by a cyberattack.

In other words, here are the guidelines for any other countries to attack freedom of expression and openness online. Just claim it violates one of the list above and the US can't complain. We've certainly seen it happen before. DDoS attacks launched based on claims that it's in "response" to a hacking attempt. Or Russia cracking down on dissidents by arguing that they must be infringing on copyright law.

Kerry's statement is the kind of thing that very few people would argue against. It seems obvious: of course we don't want attacks on critical infrastructure (though, the government likes to define "critical infrastructure" in a manner that best serves its own needs), or corporate espionage. But Kerry defines things in such a broad manner (including the bogus use of "theft" for "intellectual property") that it leaves the US wide open to abuse. Kerry was right at the beginning in arguing that governments will use any means necessary, so why give them this kind of opening? As we've seen for years, when the US beat up on China for not respecting our patents, China eventually "turned things around" by focusing on figuring out ways to use patents to block American companies from beating local Chinese firms in its market.

This isn't arguing that cyberattacks or infringement of intellectual property are good things -- just that giving foreign nations a "open internet, but..." allows them to make use of the "but..." portion to do all sorts of horrible things that suppress dissent and free expression, and then argue that they had to do it, because the US told them to do so. And, of course, it's not just foreign governments, but as Johnson's comments make clear, those at home as well. None of this means to encourage bad or illegal behavior online -- but to recognize that pushing for internet freedom means actually pushing for internet freedom, which is difficult to do when you immediately encumber it with your own set of conditions, and your colleagues are undermining the very foundation of a secure internet.

Filed Under: encryption, jeh johnson, john kerry, open internet, south korea

South Korea's New Law Mandates Installation Of Government-Approved Spyware On Teens' Smartphones

from the please-spy-on-our-behalf,-thx! dept

Considering the extent of its (most web-related) censorship efforts, South Korea must consider itself fortunate to be next-door neighbors with North Korea. Any time another censorship effort arrives, all the government has to say is, "Hey, at least we're not as bad as…" while pointing its index fingers in an upward/roughly northerly direction.

It blocks sites and web pages with gusto, subverting its own technological superiority by acting as a Puritanical parental figure. Not that it helps. Every time the government ropes off one area, citizens carve out another. Four years ago, it attempted to pass a law making government-approved computer security software installation mandatory, supposedly in hopes of heading up the enlistment of citizens' computers into botnet armies.

Now, it's telling parents they must install government-approved and crafted spyware on the smartphones of any children under the age of 19.

The app, "Smart Sheriff," was funded by the South Korean government primarily to block access to pornography and other offensive content online. But its features go well beyond that.

Smart Sheriff and at least 14 other apps allow parents to monitor how long their kids use their smartphones, how many times they use apps and which websites they visit. Some send a child's location data to parents and issue an alert when a child searches keywords such as "suicide," ''pregnancy" and "bully" or receives messages with those words.

Last month, South Korea's Korea Communications Commission, which has sweeping powers covering the telecommunications industry, required telecoms companies and parents to ensure Smart Sheriff or one of the other monitoring apps is installed when anyone aged 18 years or under gets a new smartphone. The measure doesn't apply to old smartphones but most schools sent out letters to parents encouraging them to install the software anyway.

No one appears to have taken a close look at the inner workings of "Smart Sheriff" at this point, but a similar app known as "Smart Relief" also allows parents to monitor their children's smartphone activities and sends alerts triggered by any of the 1,100+ words on its watchlist.

Some terms it monitors (both in text messages and searches) would obviously raise concerns in parents.

Threat, kill, shut up, violence, destroy, handicap, crazy, prostitute, garbage, thief, porn, suicide, pregnancy, inn, obscene, sex, sexual crime, sexual relationship, prostitution, motel, beer, rape, adultery, run away from home, outcast, invisible person, don't have friends, jealousy, lonely, stress, don't want to live, loser, complaint, help, worry, menstruation, adoption, divorce, rape, homosexual love, single parent, IS, terrorism, poison...

Other trigger terms seem to do nothing more than give parents a reason to lock their kids up until they're old enough to move out:

Girl I like, boy I like, dating, boyfriend, girlfriend, breakup…

This new mandate is obviously creating a chilling effect. Some have noted the Smart Sheriff app may give government agencies access to minors' communications, all under the pretense of helping parents out. Nearly 80% of South Korean schoolchildren (teens and elementary students) own smartphones. That's a whole lot of communications potentially being delivered to law enforcement and intelligence agencies (if not also to schools and service providers).

As a result, smartphones are now no longer viewed as essential equipment by teenagers.

To get around the regulations, some students say they will wait until they turn 19 to get a new phone.

"I'd rather not buy a phone," said Paik Hyunsuk, 17. "It's violation of students' privacy and oppressing freedom."

Open Net Korea, which has tracked South Korean censorship efforts for years, has a translation of the law's stipulations, which not only requires installation of government-approved spyware apps, but also stipulates cell phone providers actively hassle parents who don't seem to be taking the mandated monitoring seriously.

Article 37-8 (Methods and Procedures for Providing Means to Block Media Products Harmful to Juveniles, etc.)

(1) According to Article 32-7(1) of the Act, a telecommunication business operator entering into a contract on telecommunications service with a juvenile under the Juvenile Protection Act must provide means to block the juvenile’s access to the media products harmful to juveniles under the Juvenile Protection Act and the illegal obscene information under Article 44-7(1)1 of the ICNA (“Information harmful to juveniles”) through the telecommunication service on the juvenile’s mobile communications device such as a software blocking information harmful to juveniles.

(2) Procedures prescribed below must be followed when providing the blocking means under (1):

At the point of signing the contract:
a. Notification to the juvenile and his/her legal representative regarding types and features of the blocking means; and
b. Check on the installation of the blocking means.

After closing the contract:

Monthly notification to the legal representative if the blocking means was deleted or had not been operated for more than 15 days.

So, not only is it censorware and spyware, but it's also apparently nagware -- with telecom reps calling or emailing every month to remind parents to perform their duties as proxy surveillance operatives for the South Korean government.

Filed Under: mobile phones, smart sheriff, smartphones, south korea, spyware, teenagers, teens

Uber Having A Tough Week Overseas: France And South Korea Crack Down

from the can't-get-too-popular dept

It's been pretty clear for a while that Uber, the super popular (if sometimes controversial) car-hailing service, has often courted regulatory conflict as a sort of marketing strategy. In cities around the globe, often the best way to get the public to realize that Uber was a convenient alternative to dreaded taxis was to have the local taxi commission/transportation board/whatever announce that whatever the company was doing was illegal. This would cue a blog post or email from the company, and thousands of (previously) happy but (now) annoyed Uber users to flood the government with complaints. Frequently, this would lead to the bureaucrats backing down quickly, and Uber getting a ton of "free" publicity. However, it appears that some places are simply ratcheting up the legal attacks on the company.

Last year, we noted that South Korea was threatening to put Uber CEO Travis Kalanick in jail for offering an "illegal" taxi service, and it appears that the country isn't backing down. Kalanick and dozens of others (not just from Uber) have now been charged with operating an "illegal taxi ring" in South Korea. This round includes additional charges against Kalanick, who has wisely been staying out of South Korea for the time being, though the country plans to seek a warrant to have him arrested.

"We plan to summon Kalanick soon and check the transaction details of overseas bank accounts to conduct further investigation into those involved in the case," a police official said, speaking on condition of anonymity. "If Kalanick continues to disobey the summons, we plan to seek an arrest warrant against him."

Meanwhile, over in France, the police have raided Uber's offices:

French police raided Uber's office in Paris this week, as part of an investigation into its controversial UberPop service. According to French media reports, 25 officers raided Uber's headquarters for six hours on Monday, seizing emails, documents, and smartphones used by Uber drivers.

The company's low-cost UberPop service has been at the center of ongoing controversy in France, where authorities deemed it illegal under a new law that went into effect on January 1st. The law requires all chauffeurs to be licensed and insured — conditions that, according to French authorities, UberPop does not meet. Uber insists that the service is legal under French law, and has filed appeals with the European Commission. UberPop, which connects clients with non-professional drivers, remains available in France, though some 250 chauffeurs have been fined since the beginning of the year, according to FranceInfo.

Again, whether or not you approve of some of Uber's marketing practices (or its privacy or pricing policies), that shouldn't take away from the simple fact that it has actually created a tremendously useful service, enabling easier and often cheaper transportation for many people in a variety of urban areas. It's a powerful service, and it's difficult to see these recent legal attacks as anything more than blatant protectionism of existing taxi cartels that artificially keep prices high while providing generally sub-par service.

Filed Under: car hailing, france, ride haling, ride sharing, south korea, taxis, travis kalanick
Companies: uber

Korea Threatens To Put Uber's CEO In Prison For Offering An 'Illegal' Taxi Service

from the you're-not-in-the-us-any-more dept

Uber, the "hail a ride from your phone" company, has faced quite a few challenges lately, many of which it's brought on itself. Questions raised about its practices, its approach to privacy and its way of dealing with the competition are all worth exploring. Frankly, some of the criticism seems well-deserved, while other parts are clearly blown way out of proportion. Many of the problems seem to stem from the fact that Uber is a company that grew insanely fast and hasn't quite realized that people no longer view it as the scrappy startup it was not too long ago.

As we've pointed out for years, one of Uber's best marketing strategies was to enter a market -- have regulators freak out -- and then use the controversy as a marketing opportunity to drum up interest, and create enough public support to get regulators to fix the laws, allowing a useful service to thrive. And, in fact, most of the time, the regulations that Uber runs up against are really silly. They're often much more focused on limiting competition and keeping taxi fees inflated, rather than things like consumer safety.

However, while this tactic worked really well when it was small and scrappy, as a giant company (with a variety of scandals, overblown or not), it seems this strategy is having some trouble these days. Regulators have been pushing back much more strongly -- such as with new lawsuits, and it appears that regulators in other countries are taking the fight to a different level. Over in South Korea, prosecutors have now indicted Uber's CEO Travis Kalanick for "operating an illegal taxi service."

Of course, it's plainly ridiculous to make this a criminal offense. Whatever you think of the company's practices, you'd be hard pressed to find people who don't recognize that it and related services have actually made it much easier and cheaper for people to get around urban areas. The ability to quickly get a car (and to pay for it automatically) via a phone really does change the way people can get around. It also has been shown to decrease things like drunk driving by offering a very easy alternative. While some have said what Uber has done is "nothing new," like many great innovations the truly powerful part is in the little details: Uber made it super convenient. Whether or not it was new, that convenience made it powerful.

It seems that regulators would do well to figure out ways to adjust the laws to make sure that offerings like Uber can operate. Perhaps that requires safety/background checks and the like, but to outright declare the operations illegal -- even with the threat of prison time -- suggests serious problems with the regulations, rather than with Uber.

Filed Under: criminal, illegal taxi service, indictnment, ride sharing, south korea, travis kalanick
Companies: uber

To Avoid Government Surveillance, South Koreans Abandon Local Software And Flock To German Chat App

from the loss-of-trust dept

South Korea seems to have a rather complicated relationship with the Internet. On the one hand, the country is well-known for having the fastest Internet connection speeds in the world; on the other, its online users are subject to high levels of surveillance and control, as the site Bandwidth Place explains:

Under the watchful eye of the Korea Communications Standards Commission (KCSC), Internet use, web page creation, and even mapping data are all regulated. As noted recently by the Malaysian Digest, children under 16 are not permitted to participate in online gaming between midnight and 6 a.m. -- accessing the Internet requires users to enter their government-issued ID numbers. In addition, South Korean map data isn't allowed to leave the country, meaning Google Maps can't provide driving directions, and last year the KCSC blocked users from accessing 63,000 web pages. While it's possible to get around these restrictions using a virtual private network (VPN), those found violating the nation’s Internet rules are subject to large fines or even jail time.

A story on the site of the Japanese broadcaster NHK shows how this is playing out in the world of social networks. Online criticism of the behavior of the President of South Korea following the sinking of the ferry MV Sewol prompted the government to set up a team to monitor online activity. That, in its turn, has led people to seek what the NHK article calls "cyber-asylum" -- online safety through the use of foreign mobile messaging services, which aren't spied on so easily by the South Korean authorities. According to the NHK article:

Many users have switched [from the hugely-popular home-grown product KakaoTalk] to a German chat app called Telegram. It had 50,000 users in early September. Now 2 million people have signed up.

That's a useful reminder that fast Internet speeds on their own are not enough to keep people happy, and that even companies holding 90% of a market, as Kakao does in South Korea, can suffer badly once they lose the trust of their users by seeming too pliable to government demands for private information about their customers.

This seems like the type of lesson that the giant US internet companies and the NSA (along with its defenders) should be learning.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: chat, kcsc, south korea, surveillance
Companies: kakaotalk, telegram

Hollywood Goes After Korean Fans Subtitling Soap Operas, Pressing Criminal Charges

from the copyright-failure dept

We've written a few times in the past about the movie and TV industries irrationally freaking out over fans in other countries providing subtitles for works that aren't being released locally in that language. These are always labor-of-love efforts by fans who want to share the work more widely by providing the subtitles that the studios themselves refuse to offer. And yet, because of standard copyright maximalism, these efforts almost always end up leading to legal action.

The latest such example involves Fox, Warner Bros and four other Hollywood studios pressing criminal charges against 15 internet users in South Korea for daring to do the most horrible thing in the world: making their soap operas watchable in Korea by adding subtitles. And, of course, thanks to US pressure creating a ridiculous "free trade" agreement with Korea that includes ridiculously draconian copyright requirements, the punishment here can be extreme:

People who make subtitles without permission from the original authors or producers can be given a five-year jail term or fined up to 50 million won [about $50,000 US]

The police involved in this case, go on and on about the "harm" these fan subtitles are creating. They claim, without any evidence or numbers, that there was a massive decline in some cable broadcast revenue based on this and, also, that those poor professional Korean translators are being put out of work.

The [anonymous police] officer went on to say that a cable broadcast, which has aired U.S. dramas, held an emergency meeting recently after experiencing income loss following dwindling viewer ratings because of the massive spread of subtitled dramas on the Internet.

“Professional translators were also hit hard by the subtitle makers. I understand that the U.S. television drama producers took legal action against them to issue a warning to end such an illegal practice rather than making money through an out-of-court settlement fee,” he said.

This is positively insane. This is not what copyright is supposed to be about, and the fact that it's being considered a criminal action to add subtitles to US soap operas is simply ridiculous. While the potential fine is a lot lower than statutory rates in the US, just the fact that this is considered a "criminal" matter at all, rather than a failure by these Hollywood studios to adequately serve their market, really says an awful lot (and none of it good) about how distorted the debate over copyright has become.

Filed Under: copyright, criminal copyright, korea, soap operas, south korea, subtitles
Companies: 20th century fox, warner bros

Why Does South Korea Want To Turn Australia's ISPs Into Hollywood's Copyright Cops?

from the what-a-coincidence dept

Techdirt has been covering for a while how iiNet has doggedly fought attempts to make Australian ISPs liable for copyright infringement on their networks, and how Hollywood has been pressuring Australia's (relatively) new Attorney General into making that happen. The latest development, reported by Gizmodo Australia, is that KAFTA, the free trade agreement between Australia and South Korea, signed in April this year, mentions iiNet in the following section concerning its implementation (pdf):

Consistent with Australia's existing obligations in the Australia-US and Australia-Singapore FTAs, and to fully implement its obligations under KAFTA, the Copyright Act 1968 will require amendment in due course to provide a legal incentive for online service providers to cooperate with copyright owners in preventing infringement due to the High Court's decision in Roadshow Films Pty Ltd v iiNet Ltd, which found that ISPs are not liable for authorising the infringements of subscribers.

As that makes plain, this is specifically about overturning the court case that iiNet won, and forcing Australian ISPs to act as copyright police. That would be really terrible for iiNet, after all the effort and money it has put into fighting precisely this outcome, and bad news for the Australian public, which would doubtless find ISPs erring on the side of caution and taking down perfectly legal material.

But the interesting question has to be: why on earth does South Korea care about this? It seems unlikely that there is enough piracy of South Korean music or films going on Australia to justify the Korean government demanding a change to Australia's copyright laws as part of a free trade deal. The fact that this implementation requirement just happens to match exactly what Hollywood has been demanding for some time must raise the suspicion that the US has had a hand in this on behalf of its copyright industries. That's yet another reason for demanding real transparency during trade negotiations, so that such shabby deals can be exposed before it's too late to do anything about them.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: australia, copyright cops, hollywood, isp, kafta, south korea, trade agreements
Companies: iinet

Corporate Sovereignty Provisions Called Into Question Around The World

from the ISDS-is-*so*-twentieth-century dept

A couple of weeks ago, we noted that Germany just threw a big spanner in the TTIP works by calling for corporate sovereignty provisions to be excluded. Although perhaps the most dramatic repudiation of investor-state dispute settlement (ISDS), it's by no means the only one. Indeed, the tide really seems turning, as country after country calls into question the need to put corporations on the same level as entire nations. For example, according to this report from the Yonhap News Agency, South Korea wants to re-visit the corporate sovereignty chapter in its trade agreement with the US:

South Korea plans to hold talks with the United States to rework the investor-state dispute (ISD) clause in their two-year-old free trade pact that has long been cited by critics as being unfair, a government source said Sunday.

That's possible because of the following prescient move by South Korea at the time of the trade agreement's signing:

To receive parliamentary approval, Seoul forwarded a proposal to lawmakers that promised a "reevaluation" of the ISD clause down the line.

One country that has already "re-evaluated" ISDS, and found it wanting, is South Africa, as Techdirt explained at the end of last year. But the Lexology site reports that it could soon be joined by another major economy:

According to the Netherlands Embassy in Jakarta, Indonesia has informed the Netherlands that it has decided to terminate the Bilateral Investment Treaty between the two nations from 1 July 2015. The Embassy also states that "the Indonesian Government has mentioned it intends to terminate all of its 67 bilateral investment treaties".

Once more, it seems that painful experiences of corporate sovereignty played their part in the decision:

it would not be surprising if the Churchill Mining Plc v Indonesia cases (ICSID Cases ARB/12/14 and 12/40) have prompted more sweeping action by the Indonesian Government. Churchill and Planet Mining Pty began arbitration against the Indonesian government in May 2012 at ICSID in Washington. On 24 February 2014 the ICSID Tribunal rejected Indonesia's jurisdictional challenges leaving Churchill free to proceed with a claim for damages of not less than US$1.05bn, excluding interest. This decision has caused outrage in Indonesia.

That outrage is understandable, since it will be the Indonesian public that will have to foot the billion-dollar bill if the ISDS tribunal rules against Indonesia. In a way, the almost unfettered power of corporate sovereignty has become its own worst enemy. The possibility of making claims for billions of dollars has naturally caught the attention of both the public and politicians in the nations affected, prompting many to re-consider the wisdom of agreeing to this kind of one-sided bargain.

If Indonesia does indeed start terminating its 67 bilateral investment treaties, we can expect other countries to take note and consider following suit. One knock-on effect will be that US insistence on putting corporate sovereignty provisions in TPP will begin to look distinctly out of place in a world where prudent nations are starting to move away from them.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: corporate sovereignty, indonesia, isds, south africa, south korea, tafta, tpp, ttip

South Korea's Love Affair With Censorship Squanders Their Tech Superiority

from the boobies-are-verboten dept

Statistically, South Korea is a juggernaut when it comes to technology. According to the latest data from Akamai, the country's 22 megabits per second leads all countries in average downstream broadband speeds, and their broadband and TV bundle prices shame what's available here in the States (a 1 Gbps line can be had for around $30 in Seoul). Internet penetration rates are great, the startup culture is vibrant, and the country just announced that they're investing $1.5 billion on improved wireless technology they promise will deliver data at 1,000 times faster than existing 4G networks by 2020.

It's a shame then that, as The Economist points out, they manage to shoot themselves squarely in the foot with bad policy (not that the United States is one to talk) and a growing love affair with content censorship. As with all slippery slopes, the government's blocking of websites they deem inappropriate or offensive has magically ballooned year after year:

"Every week portions of the Korean web are taken down by government censors. Last year about 23,000 Korean webpages were deleted, and another 63,000 blocked, at the request of the Korea Communications Standards Commission (KCSC), a nominally independent (but mainly government-appointed) public body. In 2009 the KCSC had made just 4,500 requests for deletion. Its filtering chiefly targets pornography, prostitution and gambling, all of which are illegal in South Korea.

The article notes that some restrictions have been lifted, and an attempt to make it mandatory that citizens post their names and ID numbers on political comments online was thwarted. Still, at the same time the country has ramped up its surveillance and censorship of social media, which like website filtering has resulted in more and more content disappearing:

The KCSC set up a special sub-committee on social media in 2011, and the following year asked for 4,500 comments on Twitter, Facebook and the like to be removed—13 times more than in 2010. Last year the number of comments deleted increased again, to 6,400.

So the next time we're feeling ashamed by our immense mediocrity due to our own significant technology policy failures, we can at least be assured that we can still actually access most of the Internet with our overpriced and slow connections. For now.

Filed Under: broadbandkcsc, censorship, free speech, south korea
Companies: akamai