Putting network specifications behind subscription paywalls gives the NSA and other surveillance agencies a decisive advantage against the freedom of the Internet. That is the inescapable conclusion of the recent KRACK vulnerability.

There’s been a lot of debate about paywalls lately – not the least about whether so-called “journalism” of mainstream media is supposed to survive, as it consumes much more resources than the amateurs who are often (but not always) doing a better job at actual journalism. However, paywalls are controversial in more contexts than just mainstream legacy media – they’re also highly controversial with Elsevier’s lockup of research papers (more in piece on this a little later), locking up building codes and similar that laws refer to (do you need to pay to read the law?), and for technical specifications that concern security.

In short, there has never been a better case to be made for the old slogan that “information wants to be free”. That’s free as in flight, as in uncaged, as in unrestricted; not the twisted typical commercial “free” which means something more like “have-our-great-offer-completely-free just-pay-this-small-sum-first some-restrictions-apply not-valid-or-legal-in-all-states”.

In the case of the KRACK vulnerability, which was based on an IEEE standard locked up behind a corporate-level subscription paywall, we can trivially observe two things:

1) Ordinary open source coders did not see the specification, because of the paywall, and therefore did not discover the vulnerability in it.

2) For surveillance agencies like the NSA, who have unlimited budget for all intents and purposes, paywalls do not exist. (In the rare case where they can’t or don’t want to pay, they can walk in and take the documents anyway.)

As a result, the NSA and other surveillance agencies had ready access to the KRACK vulnerability for 13 years, which is how long it had been sitting behind that IEEE paywall in plain-but-commercial sight.

Therefore, from this one clear example and the logic it highlights, we can observe that paywalls drive mass surveillance, as they are tilting the playing field heavily in the favor of the surveillance agencies.

Privacy remains your own responsibility.