[liberationtech] Fwd: Haystack

Fri Aug 20 17:20:03 PDT 2010

Hi Gabe,

Glad to know that Austin shared a copy of the license with you as well. I met up with him two weeks ago and had some interesting conversations. He is very approachable and kudos to him for joining this list serve to respond to some of the concerns that have been expressed.

Very glad that this list serve is a space for constructive conversation and debate. 

All best,
Patrick

On Aug 20, 2010, at 16:01, Gabe Gossett <Gabe.Gossett at wwu.edu> wrote:

> I just had a an email exchange and phone conversation with Austin.  He will is in the process of joining the list (waiting on approval) and shared proof with me that he is indeed licensed by  Office for Foreign Assets Control.  I felt like he made a good case for what he is doing and why he is doing it that way.  I am not a programmer (distance librarian here), though, so some others on this list might want to address other questions to him once he joins.   I believe that he would like to make an effort to clear up some of the questions with Haystack and perhaps once he is on the list we can all address our concerns to him at the same time (I guess a number of us have emailed him today).  He told me that he feels like he is in a rough spot on this, so let’s give him a fair chance to discuss our concerns.
> 
>  
> 
> -Gabe
> 
>  
> 
>  
> 
>  
> 
> From: Jim Youll [mailto:jyoull at alum.mit.edu] 
> Sent: Friday, August 20, 2010 3:44 PM
> To: Gabe Gossett
> Cc: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
> 
>  
> 
> opinion: not much to debate about Haystack. A reason to periodically review, going forward, is to propagate concerns until its promoter and those with concerns* can publicly square up questions and answers. There is nothing special about the questions that need to be asked. Otherwise, the product gets a free pass. 
> 
>  
> 
> No security product should get a free pass. Every security product in use today - and taken seriously - has been subjected to significant open review. "Effective... as far as we know" is the strongest claim you will hear from respected crypto/privacy/security professionals.
> 
>  
> 
> - - - 
> 
>  
> 
> * "Critics" implies "cranks" sometimes in this context so I won't use the word. There exists a large, well-qualified audience of concerned experts for all crypto/privacy/security technologies.  I'm not one of them, just an admirer. They deserve to be heard, and their words given serious weight.
> 
>  
> 
> On Aug 20, 2010, at 1:54 PM, Gabe Gossett wrote:
> 
> 
> 
> 
> I followed the link below to the story below about Haystack being granted a US license, which goes to Austin Heap’s blog.  So I tried to find anything more substantial about this government license and found nothing, including nothing at the Treasury Dept. website.  In fact, the Office of Foreign Assets Control (cited in the post) has a page where they have listed all of the actions they have taken in the past year: http://www.ustreas.gov/offices/enforcement/ofac/actions/index.shtml
> 
>  
> 
> According to Heap’s blog post, dated April 14, “Today, the Censorship Research Center (“CRC”) announced that it has received critical United States Government authorizations required to export anti-filtering technology to Iran.”   But CRC is listed nowhere. 
> 
>  
> 
> Making this appear even more bogus is that, according to a NY Times story published more than a month before this blog post, the Treasury Department issued exemptions for “a general license for the export of free personal Internet services and software” in Iran, among other countries.  This is a general license for any company.  So when Austin’s blog post claims that “The CRC is the only organization licensed to export such software to Iran,”  it is very misleading.  Basically, from what I can find at this point, there is no evidence that the US government has given Haystack any form of approval, much less vetting.
> 
>  
> 
> I sent Austin an email asking for proof that Haystack works.  We’ll see if we hear anything.
> 
>  
> 
> -Gabe
> 
>  
> 
> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Evgeny Morozov
> Sent: Thursday, August 19, 2010 11:47 PM
> To: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
> 
>  
> 
> I would like to add another thread to this fascinating discussion: as some of you may know, Haystack has also been granted a US government license to legally distribute their software in Iran (that is, they are not subject to the usual set of sanctions-related restrictions on the export of technology to the country). I also believe that Hillary Clinton mentioned Haystack - at least in passing - in one of her speeches. 
> 
> Whatever the merits of Haystack's technology - and I must confess that I'm in with the most skeptical members of this thread - such endorsement by the US government may have also given Iranians a false sense of security and at least some nominal assurance that Haystack has been properly vetted on its technological merits. (Since it was US Treasury that granted them a license, one cannot be 100% sure that such vetting actually did take place). 
> 
> This is not to necessarily bash Haystack, but to point out the inefficiencies of the current sanctions regime on Iran and the kind of unintended consequences it creates.
> 
>  
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

On Aug 20, 2010, at 16:01, Gabe Gossett <Gabe.Gossett at wwu.edu> wrote:

> I just had a an email exchange and phone conversation with Austin.  He will is in the process of joining the list (waiting on approval) and shared proof with me that he is indeed licensed by  Office for Foreign Assets Control.  I felt like he made a good case for what he is doing and why he is doing it that way.  I am not a programmer (distance librarian here), though, so some others on this list might want to address other questions to him once he joins.   I believe that he would like to make an effort to clear up some of the questions with Haystack and perhaps once he is on the list we can all address our concerns to him at the same time (I guess a number of us have emailed him today).  He told me that he feels like he is in a rough spot on this, so let’s give him a fair chance to discuss our concerns.
> 
>  
> 
> -Gabe
> 
>  
> 
>  
> 
>  
> 
> From: Jim Youll [mailto:jyoull at alum.mit.edu] 
> Sent: Friday, August 20, 2010 3:44 PM
> To: Gabe Gossett
> Cc: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
> 
>  
> 
> opinion: not much to debate about Haystack. A reason to periodically review, going forward, is to propagate concerns until its promoter and those with concerns* can publicly square up questions and answers. There is nothing special about the questions that need to be asked. Otherwise, the product gets a free pass. 
> 
>  
> 
> No security product should get a free pass. Every security product in use today - and taken seriously - has been subjected to significant open review. "Effective... as far as we know" is the strongest claim you will hear from respected crypto/privacy/security professionals.
> 
>  
> 
> - - - 
> 
>  
> 
> * "Critics" implies "cranks" sometimes in this context so I won't use the word. There exists a large, well-qualified audience of concerned experts for all crypto/privacy/security technologies.  I'm not one of them, just an admirer. They deserve to be heard, and their words given serious weight.
> 
>  
> 
> On Aug 20, 2010, at 1:54 PM, Gabe Gossett wrote:
> 
> 
> 
> 
> I followed the link below to the story below about Haystack being granted a US license, which goes to Austin Heap’s blog.  So I tried to find anything more substantial about this government license and found nothing, including nothing at the Treasury Dept. website.  In fact, the Office of Foreign Assets Control (cited in the post) has a page where they have listed all of the actions they have taken in the past year: http://www.ustreas.gov/offices/enforcement/ofac/actions/index.shtml
> 
>  
> 
> According to Heap’s blog post, dated April 14, “Today, the Censorship Research Center (“CRC”) announced that it has received critical United States Government authorizations required to export anti-filtering technology to Iran.”   But CRC is listed nowhere. 
> 
>  
> 
> Making this appear even more bogus is that, according to a NY Times story published more than a month before this blog post, the Treasury Department issued exemptions for “a general license for the export of free personal Internet services and software” in Iran, among other countries.  This is a general license for any company.  So when Austin’s blog post claims that “The CRC is the only organization licensed to export such software to Iran,”  it is very misleading.  Basically, from what I can find at this point, there is no evidence that the US government has given Haystack any form of approval, much less vetting.
> 
>  
> 
> I sent Austin an email asking for proof that Haystack works.  We’ll see if we hear anything.
> 
>  
> 
> -Gabe
> 
>  
> 
> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Evgeny Morozov
> Sent: Thursday, August 19, 2010 11:47 PM
> To: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
> 
>  
> 
> I would like to add another thread to this fascinating discussion: as some of you may know, Haystack has also been granted a US government license to legally distribute their software in Iran (that is, they are not subject to the usual set of sanctions-related restrictions on the export of technology to the country). I also believe that Hillary Clinton mentioned Haystack - at least in passing - in one of her speeches. 
> 
> Whatever the merits of Haystack's technology - and I must confess that I'm in with the most skeptical members of this thread - such endorsement by the US government may have also given Iranians a false sense of security and at least some nominal assurance that Haystack has been properly vetted on its technological merits. (Since it was US Treasury that granted them a license, one cannot be 100% sure that such vetting actually did take place). 
> 
> This is not to necessarily bash Haystack, but to point out the inefficiencies of the current sanctions regime on Iran and the kind of unintended consequences it creates.
> 
>  
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20100820/aeeecc23/attachment.html>