The Scots Law Student

The SLS : Life and trials of learning law in Scotland

Month: October, 2008

Blogging in extreme circumstances

While the content of the scotslawstudent is not something particularly worrying to me, and I’m known to write this in as insecure places as on the bus there are other situations where reporting is heavily repressed and there are few ways for the rest of the world to be informed about what is going on in the area – this is seen in the problems in Zimbabwe currently where everything including spending US dollars has been outlawed – and it can be that the only way that news gets out can be from the eyewitness accounts recorded by people using blog software.

My case

The scotslawstudent is an anonymous blog – I chose this to allow me to post on topics without being immediately identifiable. It means that I can post my grades etc without fear of being mocked in public. It’s hosted at wordpress.com which is a free blog host. Believe it or not this wasn’t a cost saving move, WordPress.com provides its blogs with a great deal of bandwidth which is more than I would be able to get from other anonymous hosts. I operate a full web site under a group name which uses WordPress software so I’m familiar with it and that made me go for WordPress.com

The registration details of the site point to scotslawstudent and the emails link to scotslawstudent@googlemail.com, my handle for this blog, which does not reveal my identity to people with access to the details I gave at sign up for the blog or the email. This keeps my identity safe from people giving the site a rudimentary look over.

I don’t feel that my privacy is under attack enough to take more steps than simply not giving my name out in the posts and when signing up so I stopped at this point. However, for some people, the information they are posting may be very much more important and sensitive than the musings about my education that I do. For this there are many other modes and means of posting to the Internet.

Further steps

Watch what you post

Admittedly, this isn’t entirely something which I don’t do. It’s mainly common sense – if you know a secret and no one else except, for example, your boss knows it you will become an obvious suspect if the secret appears on the Internet. If you fail to keep your posting anonymous – perhaps to the point of using your name or initials, then you have severely limited the amount of trust you can put on your own anonymity.

Use a web cafe

Mainly the issue that a wannabe secret blogger will need is to keep himself away from the blog which he is posting to. For example, in many ways the best way to do this is to use busy web cafes and to pay in cash. This will mean that the post will come from a public place and there will, potentially, be a lot of noise on the line to cover the post. Any court orders to identify the poster will only trace back to the IP of the web cafe, and if the web cafe uses a NAT router to split its connection among many systems may even only trace back to the single connection with no opportunity to trace to the individual terminals. The Chinese government, for one, has realised this and is now implementing measures to photograph all users of web cafes as they sit down. I think that’s fairly dodgy sounding particularly given the use that anonymous web cafes can be to people who want to get their message out. There are caveats on using a web cafe, not least if the user also drops by personally identifying material – though I doubt many whistleblowers will take advantage of the opportunity to google their names or the like – but even merely checking their own emails can be enough to allow someone who is supervising the web cafe to track a poster down. Timing is a useful method of identifying users of a computer system – I’ve used it myself to identify misuse of a school’s computer systems – and if the web cafe is empty but one at the time a whistleblower posts a scorching piece of evidence onto a blog from an IP address belonging to that then it’s elementary to connect you to the post.

In an oppressive regime this could land a blogger in a great deal of trouble. The UK currently has not touched bloggers but the US, all of places, has taken huge measures to stop the actions of corporate whistleblowers and there are notorious breaches of what we Europeans would call basic human rights around the world, even in countries which are not traditionally considered to be the Third World.

Use an anonymous proxy

Another way to get yourself some distance from the post is to use a proxy server. A proxy is a piece of network hardware which bounces (technically retransmits) anything which it receives, applying its own identification to the message in the process. This means that a user who posts to a blog from a proxy will be recorded as posting to the blog as if they were sitting at a keyboard at the proxy server.

Proxy servers can be searched for just like any other resource on the Internet – with Google. A search for “proxy server” will reveal long lists of computers which can be connected to by changing some settings in your browser. These servers are dotted around the world and as any Scot who receives a form letter from English solicitors knows the act of simply pointing out a jurisdictional difference is enough to stop casual pursuers in their tracks. It is generally a very good idea, if you are posting from a country under a repressive regime, to choose a proxy well away from your location to increase the difficulty in getting your details. Generally, although this is not an absolute tip, a proxy registered as anonymous will be safe enough to use from home.

Use Tor

The natural evolution of this idea of putting a far away computer between a poster and the blog is to put more than one computer between the poster and the blog, and to vary the computers that are used. This is done automatically by using a system called The Onion Router, this is a remarkable system which is nearly entirely volunteer run. In this case the poster connects to the network of individual computers around the world which then route the message between themselves. As long as the message goes through a number of different computers in different countries the original poster is nigh unrecoverable without extremely high amounts of work. The amount of traffic which goes through the network also helps itself in creating a large “haystack” for someone to search through to track down a particular poster.

A poster needs to be very careful that they are actually routing their data through the Tor system, for example this involves installing the Tor system and configuring any applications which the poster wants to keep anonymous. This can be as simple as activating a Firefox extension or configuring the programs individually. Tor has the disadvantage of being quite slow and low bandwidth, it’s far more than needed for web browsing or email or chat but not enough for downloading large files, which is also unfair to the network as a whole, remember that downloading files over Tor ties up resources which can be used for vitally important tasks.

Use encryption

There are two main ways to use encryption when blogging – the first is to encrypt the messages you transmit and the second is to encrypt the transmission itself.

Text encryption is not a new phenomenon, Julius Caesar was apparently the first person to use it on a large scale, and computers are extremely good at it. Currently the general standard is RSA encryption which uses the public key system – actual usage of this is fairly technical and beyond the scope of this article.

Encrypting the transmission itself is known as “end to end” encryption, and this is most commonly associated with the little padlock you see at the bottom of the page when you go to Amazon. However, it can be used for much more than protecting your details. It can also be used to protect your message from being eavesdropped on and it’s this mode which is very useful. It can be used to protect the entire connection between a poster and a blog or it can be used to protect the connection between a poster and a mailbox, used to get a message out of a country where it can be posted along the free parts of the Internet. There are various ways to do this, ranging from SSH tunnelling to just activating a “secure mode” on a webmail service. It depends on the care the user involved is taking.

Use hushmail

Hushmail.com is a high security webmail service using public key encryption – so basically a combination of hotmail and PGP, this means that the system keeps email on the system encrypted. It’s not got the same attitude to protecting its users and will respond to court orders with apparently docile acceptance, so not strong enough protection to keep a poster safe from government action, although the difficulty of a foreign government getting one in the relevant jurisdiction could keep someone safe from action for a foreseeable period of time.

Use mail redirects

A good way to hide a post is to email it around the internet, this is the equivalent difference of dropping a letter into a post box or hand delivering it. When a letter that’s been posted arrives at the recipient the sender no longer posses that letter and the person who has to make the delivery is an unrelated postman whereas if the sender hand delivers it they have taken a journey, potentially out of the ordinary, and have kept possession of the letter all the way through the process. If the police, for example, spot the sender as he arrives to deliver the letter then they have a great of information about him, whereas if the letter was posted then the observer only knows the identity of the postman.

Mail redirects work by sending a message between various computers on the Internet, it means that the message is bounced between countries and at each leg of the journey the identity of the two computers is the only identifying information which the message contains – at the end of the journey the message does not reveal any information about its source except the final computer to send it on. Obviously all the jumps mean it’s a slow process and it’s quite risky, some emails never actually do reach their destination and disappear on one of the hops but it’s very private if it’s done correctly.

Legacy note – invisiblog.com

There used to be a blog system online which worked from the very simple foundation of mail redirection and public key encryption. To sign up to invisiblog.com a user would simply email the site with their public key and then this would start a blog titled with the last 16 digits of their key. As long as the key was specifically created for the new blog there could be no way to track the poster down with the information provided. The blog is then posted to by emailing messages to the site, again using mail redirection, signed with the same key. The blog could be read by any one with a web browser but even the owners of the blog only knew the public key of the person who was writing the posts in the first place.

This comes undone should the poster’s computer be seized which would reveal the private key of the poster, and therefore create a massive presumption that the owner of the computer was the one making the posts. However, generally very few methods will withstand the physical seizure of the equipment used to make the posts and it should be considered to be a very difficult stage of affairs to get past.

This site has since stopped operating since 2005 and there does not appear to be a similar system running on the Internet at this time. I would be interested in seeing a system like it running in future even though I personally have no use for it.

Super technical note – use other ways of connecting

Optical fibre has changed the way the world works nowadays and connecting the continents together with it has made the world seem a great deal smaller. However, although it is the main way of transmitting data in the world today does not make it the only one. There are many, many ways to communicate in the world – letter, phone to name two.

In some cases it may be best to simply get the information out of the country and have it published from elsewhere. This is particularly easy if the person lives near to a border. The real reach of the government may well extend beyond the physical borders of the country, but as far as international law is concerned it is strictly limited to within the geographic limits.

In extreme circumstances, potentially, if a person comes across sensitive information and has a radio operator licence and know people outside of the country, not bound by the same repressive rules as he is, then it’s a work of an evening to send a message, encrypted or not, to that other person and to have them post it online for him. This clearly has its own, not inconsiderable worries and assumes a lot of other factors which may or may not exist in the situation.

The Electronic Frontier Foundation has written at great length on being a blogger in states where it is not a government supported action. It provides great detail on the methods of avoiding detection and how to blog about sensitive topics. Blogging in extreme situations is an extremely risky move and if the situation has deteriorated to the point where the only reporting in an area then things are very bad. It’s a conscientious decision and a very important one, hopefully one I will never have to make, in terms of keeping human rights alive in a region where they cannot be checked up on.

None of this advice is provided personally and should not be expected to provide protection from a repressive regime. It is a fact that much more care will be needed when trying to avoid the attention of a regime than in theory on a blog. Although these notes are useful to people wishing to abuse the systems mentioned this is not the purpose of the article and the use of these techniques in illegal activity is not supported by neither the author of this blog, nor the people who design and run the services provided. Services which are provided for the benefit of humanity to provide those in difficult situations a safe and protected way to broadcast their experiences simply should not be misused by those seeking to gain advantage. The design of many of the services is such that it does not really benefit anyone in carrying out illegal activity.

This post was adapted from materials provided by the EFF and personal experience.

http://w2.eff.org/Privacy/Anonymity/blog-anonymously.php

http://www.torproject.org/

http://www.hushmail.com/

http://www.gnupg.org/

Times Law Student Competition

Every year since 2006 the Times newspaper has sponsored a competition for law students – this is open to all A-level, LLB, LML, LLM and Diploma/LPC students throughout Britain.

Even though the contest is open to older students with more qualifications the contest appears to have been friendly to students at university for the last few years. The idea is to write an academic, engaging essay on a topic of the Times’ choosing. It’s is always a hot button, topical issue – the contention between human rights and counter-terror actions, for example. This year, to commemorate the Mosley v The Sun libel case it is “Should people in the public eye have a right to privacy?”

Presumably, given the fallout which has hit the Express and the Sun this year alone, this is a legal issue which the Times is very interested in itself.

New students shouldn’t be put off by their inexperience – the very first case I and many other student were introduced to on starting law school was the case of Douglas v MGM which is a hugely important privacy case involving the wedding photos of Michael Douglas and Catherine Zeta Jones, you’ve already been exposed to it and remember that the Times site also provides a very useful basic foundation to the subject to build on, your university’s law library will as a matter of course have textbooks on the subject and it is just a case of reading ahead to get the material you need.

The format is a short essay – no more than 1000 words, only about twice as long as this post – which is double spaced and emailed to One Essex Court on the subject of privacy law as it affects public figures. It is to include legal authority, remember that in law it is equally important who said something as it is what the content actually is, and discussion and is written just like any other piece of coursework.

The difference between the Times law student competition and your coursework is that the entrants to the Times competition are competing for up to £3500 for the first prize, £2,500 for the second and a prize of £1,500 for the third. Even after this, three runners-up will still walk away with £1,000 each – a nice wodge of book money. There’s also an awards dinner for the winners which is a highlight of any student’s essay writing career.

Anyway, I once listened to a former director of BBC Scotland describe the job of a lawyer in a media organisation and it sounds like one of the better positions that a practicing lawyer can get a hold of and there’s probably a benefit as far as informing a group of newspaper men dealing with reformed defamation laws, and a highly respected Chambers, that you know your way around both a pen and the law as it relates to privacy, isn’t there?

Law students have until the 28th November 2008 to enter their views on the subject.

Useful links

[TimesOnline Article] http://business.timesonline.co.uk/tol/business/law/article4944261.ece
[One Essex Court] http://www.oeclaw.co.uk/

Mooting

I’ve just had my first round of the law’s school’s internal law moot competition for this year.

What is mooting?

Mooting is a style of student debating – it was originally used in Inns of Court to train pupil barristers and advocates. The name comes from the moot problem which the competitors argue over– a problem which doesn’t matter but we discuss it anyway for the practice.

It’s good because it lets real trainee advocates and barristers practice their presentation and preparation skills without the risk of actually consigning a real person to years in jail. It’s all the stages of a regular court appearance, the finding and locating cases, constructing a legal argument to support your client and then presenting it in front of an arbiter while another person argues exactly the same point on the opposite side.

Why do I moot

I personally joined up in first year because it sounded very cool, in a geeky law student way. I didn’t sign up to law school for the essay assignments after all –I’m not concerned about the money I can earn from being a fully qualified lawyer yet, since that’s in the future and I’m still learning but I do, and have always, loved public speaking. When you combine that with my long lasting interest in law and my interest in how it works it’s completely natural and inevitable that I’d join my mooting society.

Having actually done it, last year my one and only question was on a topic that forced me to read ahead an entire semester and I suddenly discovered that not only was this really interesting it was also extremely helpful to my own.

This year it was a look over a topic I’d studied from the very start of my studies – criminal –and it was fascinating to go back and, instead of roughly scanning it within the limits of the accredited course from the Law Society and learning those cases and principles that were potentially going to turn up in the exam but not one paragraph further because I was working on other subjects at the same time. The moot problem gave me an incentive to go back and really read my textbook with more care than I previously did.

I very quickly discovered that you only study the rough edges of the course when you sit in your hour long lectures in your first, painful months of student life and that coming back and looking at the textbooks – reading them in a very focused, time conscious way is a great way to pick up an entirely different understanding of the law which will stick with you.

Why should you moot

Mooting is a much a game as it is a performance art. It’s a pubic speaking opportunity played by people who hope to become professionals – therefore there’s huge potential for the quality of your competition to be utterly astonishing. The level at the beginner stage is safe enough to step up into and since the scoring is more to do with the style of your presentation and ability to keep some rules in your head than any understanding of the law involved. Occasionally, with a sympathetic judge, a good understanding of the principles involved will carry you through but nevertheless – you aim to win on style while your opponents should be happy with the consolation prize of winning on the law.

There’s more money in it than high school debating as well, just as law firms like to show largess to student competitions you can see sponsored contests where the competitors walk away with both money and a nod in the job market. Speaking as someone who once won a handful of Argos vouchers for a national inter-school competition I’ll never get over the prizes of law competitions.

What it’s good for

Mooting should not always be seen as an educational experience – even though it’s a particularly good one and you’ll never, ever forget the points you’ve forcibly scored into your brain – because it’s also extremely good fun. It’s innately social – you’re working with another law student at close quarters for a long time and you make good friendships through it.

You work astonishingly hard when you’re preparing a moot. I’m not the most dedicated worker the world has ever seen yet as soon as I’m introduced to the social sanction of letting my well prepared partner down in the moot court it’s hard to separate me from my books.

It boosts your presentation skills, while most obviously it’s a crash course at presenting orally for up to 15-20 minutes at a time you also have to prepare a bundle for yourself and the judge and the presentation of these is another issue which is worth looking into. The bundle needs artfully juggled as you tell the judge where your next quote is coming from and this is a useful preparation skill in itself. Too often I find myself only reading the basic principle from a textbook or journal article and not looking to the primary source to give my argument support, it’s a terrible academic technique and it’ll never succeed in mooting, so you stop it very quickly.

It boosts your presentation skills – this bears repeating. You talk, present, on a technical point of law for a double figures of minutes (at least 10 minutes) periods of time. This is an eternity to spend on your feet and it teaches you skills, including simply the stamina to keep going, which you can’t pick up talking in other ways. If you want to become an advocate or a barrister, this is something you need to look at improving and training. The small sized group and competitive nature means that there is little problem standing up and talking, so it’s good for people who suffer from performance nerves. Genuinely, in the years I have been mooting there is no one present who is looking for you to mess up. Both of the teams are too focused on their own points, the clerk is more concerned about court behaviour and timing and the judge has a fairly hard interactive role to perform to cheer for any individual’s mistakes.

If you attend a university with a good society it’s altogether a fantastic social experience and I think, although this blog stays out of details, that my own society is lead by a number of very talented and very nice people who look after new members in particular extremely well. If you attend law school in Glasgow you have a one in three chance of getting to experience this.
Remember, the societies attached to your law school are even more important than the lectures. You can catch up on nearly all the material covered in lectures on your own time from books but you’ve only got the short time you’ve got in university to attend the clubs and societies. Don’t miss out on the extra bits, they’re often very useful and they can be fantastically good fun.