[liberationtech] Fwd: Haystack
Yosem Companys
ycompanys at gmail.com
Sat Aug 21 08:40:37 PDT 2010
I think it may be helpful if someone would offer to summarize the
debate, so Austin can weigh in. Unfortunately, we don't have a way of
archiving discussions, so he can't go back and read them.
Thanks all,
Yosem
On Fri, Aug 20, 2010 at 8:20 PM, Patrick Meier
<meier.patrick01 at gmail.com> wrote:
> Hi Gabe,
> Glad to know that Austin shared a copy of the license with you as well. I
> met up with him two weeks ago and had some interesting conversations. He is
> very approachable and kudos to him for joining this list serve to respond to
> some of the concerns that have been expressed.
> Very glad that this list serve is a space for constructive conversation and
> debate.
> All best,
> Patrick
>
> On Aug 20, 2010, at 16:01, Gabe Gossett <Gabe.Gossett at wwu.edu> wrote:
>
> I just had a an email exchange and phone conversation with Austin. He will
> is in the process of joining the list (waiting on approval) and shared proof
> with me that he is indeed licensed by Office for Foreign Assets Control. I
> felt like he made a good case for what he is doing and why he is doing it
> that way. I am not a programmer (distance librarian here), though, so some
> others on this list might want to address other questions to him once he
> joins. I believe that he would like to make an effort to clear up some of
> the questions with Haystack and perhaps once he is on the list we can all
> address our concerns to him at the same time (I guess a number of us have
> emailed him today). He told me that he feels like he is in a rough spot on
> this, so let’s give him a fair chance to discuss our concerns.
>
>
>
> -Gabe
>
>
>
>
>
>
>
> From: Jim Youll [mailto:jyoull at alum.mit.edu]
> Sent: Friday, August 20, 2010 3:44 PM
> To: Gabe Gossett
> Cc: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
>
>
>
> opinion: not much to debate about Haystack. A reason to periodically review,
> going forward, is to propagate concerns until its promoter and those with
> concerns* can publicly square up questions and answers. There is nothing
> special about the questions that need to be asked. Otherwise, the product
> gets a free pass.
>
>
>
> No security product should get a free pass. Every security product in use
> today - and taken seriously - has been subjected to significant open review.
> "Effective... as far as we know" is the strongest claim you will hear from
> respected crypto/privacy/security professionals.
>
>
>
> - - -
>
>
>
> * "Critics" implies "cranks" sometimes in this context so I won't use the
> word. There exists a large, well-qualified audience of concerned experts for
> all crypto/privacy/security technologies. I'm not one of them, just an
> admirer. They deserve to be heard, and their words given serious weight.
>
>
>
> On Aug 20, 2010, at 1:54 PM, Gabe Gossett wrote:
>
> I followed the link below to the story below about Haystack being granted a
> US license, which goes to Austin Heap’s blog. So I tried to find anything
> more substantial about this government license and found nothing, including
> nothing at the Treasury Dept. website. In fact, the Office of Foreign
> Assets Control (cited in the post) has a page where they have listed all of
> the actions they have taken in the past
> year: http://www.ustreas.gov/offices/enforcement/ofac/actions/index.shtml
>
>
>
> According to Heap’s blog post, dated April 14, “Today, the Censorship
> Research Center (“CRC”) announced that it has received critical United
> States Government authorizations required to export anti-filtering
> technology to Iran.” But CRC is listed nowhere.
>
>
>
> Making this appear even more bogus is that, according to a NY Times story
> published more than a month before this blog post, the Treasury Department
> issued exemptions for “a general license for the export of free personal
> Internet services and software” in Iran, among other countries. This is a
> general license for any company. So when Austin’s blog post claims that
> “The CRC is the only organization licensed to export such software to
> Iran,” it is very misleading. Basically, from what I can find at this
> point, there is no evidence that the US government has given Haystack any
> form of approval, much less vetting.
>
>
>
> I sent Austin an email asking for proof that Haystack works. We’ll see if
> we hear anything.
>
>
>
> -Gabe
>
>
>
> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu] On
> Behalf Of Evgeny Morozov
> Sent: Thursday, August 19, 2010 11:47 PM
> To: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
>
>
>
> I would like to add another thread to this fascinating discussion: as some
> of you may know, Haystack has also been granted a US government license to
> legally distribute their software in Iran (that is, they are not subject to
> the usual set of sanctions-related restrictions on the export of technology
> to the country). I also believe that Hillary Clinton mentioned Haystack - at
> least in passing - in one of her speeches.
>
> Whatever the merits of Haystack's technology - and I must confess that I'm
> in with the most skeptical members of this thread - such endorsement by the
> US government may have also given Iranians a false sense of security and at
> least some nominal assurance that Haystack has been properly vetted on its
> technological merits. (Since it was US Treasury that granted them a license,
> one cannot be 100% sure that such vetting actually did take place).
>
> This is not to necessarily bash Haystack, but to point out the
> inefficiencies of the current sanctions regime on Iran and the kind of
> unintended consequences it creates.
>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> On Aug 20, 2010, at 16:01, Gabe Gossett <Gabe.Gossett at wwu.edu> wrote:
>
> I just had a an email exchange and phone conversation with Austin. He will
> is in the process of joining the list (waiting on approval) and shared proof
> with me that he is indeed licensed by Office for Foreign Assets Control. I
> felt like he made a good case for what he is doing and why he is doing it
> that way. I am not a programmer (distance librarian here), though, so some
> others on this list might want to address other questions to him once he
> joins. I believe that he would like to make an effort to clear up some of
> the questions with Haystack and perhaps once he is on the list we can all
> address our concerns to him at the same time (I guess a number of us have
> emailed him today). He told me that he feels like he is in a rough spot on
> this, so let’s give him a fair chance to discuss our concerns.
>
>
>
> -Gabe
>
>
>
>
>
>
>
> From: Jim Youll [mailto:jyoull at alum.mit.edu]
> Sent: Friday, August 20, 2010 3:44 PM
> To: Gabe Gossett
> Cc: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
>
>
>
> opinion: not much to debate about Haystack. A reason to periodically review,
> going forward, is to propagate concerns until its promoter and those with
> concerns* can publicly square up questions and answers. There is nothing
> special about the questions that need to be asked. Otherwise, the product
> gets a free pass.
>
>
>
> No security product should get a free pass. Every security product in use
> today - and taken seriously - has been subjected to significant open review.
> "Effective... as far as we know" is the strongest claim you will hear from
> respected crypto/privacy/security professionals.
>
>
>
> - - -
>
>
>
> * "Critics" implies "cranks" sometimes in this context so I won't use the
> word. There exists a large, well-qualified audience of concerned experts for
> all crypto/privacy/security technologies. I'm not one of them, just an
> admirer. They deserve to be heard, and their words given serious weight.
>
>
>
> On Aug 20, 2010, at 1:54 PM, Gabe Gossett wrote:
>
> I followed the link below to the story below about Haystack being granted a
> US license, which goes to Austin Heap’s blog. So I tried to find anything
> more substantial about this government license and found nothing, including
> nothing at the Treasury Dept. website. In fact, the Office of Foreign
> Assets Control (cited in the post) has a page where they have listed all of
> the actions they have taken in the past
> year: http://www.ustreas.gov/offices/enforcement/ofac/actions/index.shtml
>
>
>
> According to Heap’s blog post, dated April 14, “Today, the Censorship
> Research Center (“CRC”) announced that it has received critical United
> States Government authorizations required to export anti-filtering
> technology to Iran.” But CRC is listed nowhere.
>
>
>
> Making this appear even more bogus is that, according to a NY Times story
> published more than a month before this blog post, the Treasury Department
> issued exemptions for “a general license for the export of free personal
> Internet services and software” in Iran, among other countries. This is a
> general license for any company. So when Austin’s blog post claims that
> “The CRC is the only organization licensed to export such software to
> Iran,” it is very misleading. Basically, from what I can find at this
> point, there is no evidence that the US government has given Haystack any
> form of approval, much less vetting.
>
>
>
> I sent Austin an email asking for proof that Haystack works. We’ll see if
> we hear anything.
>
>
>
> -Gabe
>
>
>
> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu] On
> Behalf Of Evgeny Morozov
> Sent: Thursday, August 19, 2010 11:47 PM
> To: Liberation Technologies
> Subject: Re: [liberationtech] Fwd: Haystack
>
>
>
> I would like to add another thread to this fascinating discussion: as some
> of you may know, Haystack has also been granted a US government license to
> legally distribute their software in Iran (that is, they are not subject to
> the usual set of sanctions-related restrictions on the export of technology
> to the country). I also believe that Hillary Clinton mentioned Haystack - at
> least in passing - in one of her speeches.
>
> Whatever the merits of Haystack's technology - and I must confess that I'm
> in with the most skeptical members of this thread - such endorsement by the
> US government may have also given Iranians a false sense of security and at
> least some nominal assurance that Haystack has been properly vetted on its
> technological merits. (Since it was US Treasury that granted them a license,
> one cannot be 100% sure that such vetting actually did take place).
>
> This is not to necessarily bash Haystack, but to point out the
> inefficiencies of the current sanctions regime on Iran and the kind of
> unintended consequences it creates.
>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
More information about the liberationtech
mailing list