security photoRick Falkvinge over at the Private Internet Access blog makes an interesting point. He notes that when we complain about paywalls, we typically think of them in terms of the impact they have on journalism and the news industry. I would also add that in academia we debate about paywalled research articles and the wider social, cultural, political, and economic implications this might have.

But, Falkvinge points to the recent Krack Wi-Fi vulnerability to point to the dangers of paywalled IT standards. He writes:

In the case of the KRACK vulnerability, which was based on an IEEE standard locked up behind a corporate-level subscription paywall, we can trivially observe two things:

1) Ordinary open source coders did not see the specification, because of the paywall, and therefore did not discover the vulnerability in it.

Buy VPN2) For surveillance agencies like the NSA, who have unlimited budget for all intents and purposes, paywalls do not exist. (In the rare case where they can’t or don’t want to pay, they can walk in and take the documents anyway.)

As a result, the NSA and other surveillance agencies had ready access to the KRACK vulnerability for 13 years, which is how long it had been sitting behind that IEEE paywall in plain-but-commercial sight. (

He also mentions other instances of laws and regulations locked behind paywalls. He ultimately reaches the conclusion that “paywalls drive mass surveillance.” I think that might be a bit of an overstatement. However, I do worry about what happens when the “code” (both in terms of law and computer code, see Lawrence Lessig on this point) that runs society is increasingly only available to those who can pay.