[liberationtech] NEWS: Activists aim to punch holes in online shields of authoritarian regimes

[Jim Youll]

I've joined your group virtually before I've had a chance to meet any of you in person, so I hope I'm not speaking out of turn. If I am, I ask a one-time indulgence.

The forwarded article does a better job of voicing concerns about the real-world risks of these technologies than most, but unfortunately pushes them down in significance.  Jon Zittrain's comment at the top sounds low-key but I believe it is not. He's polite to call uninformed technologists "naive."

It's well and good to be a 'cyber warrior' on the sidelines, building "shields" (governments consider them weapons) for those who will put their lives on the line trusting your tech. But it's not an arms race. The battle is asymmetrical because governments have powers that citizens do not.

When the goal is the provision of government-evading technology for the masses, technology cannot overcome one basic problem: that the "good guys'" strategies must be wide open to all - friends and enemies alike - and on the Internet nobody knows who's who. But government countermeasures are nearly always secret, and they stay secret. I'm not talking about open vs. closed source, but about the real-world implementation requirements that turn technology that's good in theory, into technology that's risky in practice.

Tor and other routing protocols are not panaceas. I have worried for a long time that Tor is going to get people killed, if it hasn't already. There's no way to know, is there? A governments' playbook and actions are secrets and stay that way.

Internet technologists in particular have for too long believed - wrongly - that "if only the information could get out" then the world can be fixed. In practice, that doesn't work very well as a general rule. In limited situations, absolutely - I've been involved in projects that went both ways. It's dangerous to ignore the limits to efficacy and safety of new inventions that are a consequence of the asymmetric power relationship between governments and citizens. Experimenting on the non-expert and hopeful without informed consent is at least irresponsible, and in some cases immoral. Is a click-through notice sufficient to create truly "informed consent" given the stakes for those with the greatest need for the believed benefits of these technologies?

Even if you're not trying to evade Chinese death-vans, merely attempting to end-run a blockade (perhaps in a friendly place, Australia, let's say) there are risks, including the risk of being the operator of an end-node that emits a few plaintext packets of something that arouses the interest of your government. I'm not a lawyer, but am I wrong to believe that the "Open WiFi" isn't particularly effective these days? 

Finally, how many compromised Tor nodes are required on a network before Tor is wholly ineffective? How much traffic does a government allow - rather than blockade - in order to mask both counter-capabilities and scope of surveillance? These aren't paranoid questions - these are the kinds of questions serious cryptographers study every day in their own work over the implementation of products and protocols that are orders of magnitude simpler and easier to manage than something as big and "for the world" as Tor or Haystack.

regards,
- jim


On Feb 18, 2010, at 8:05 AM, Yosem Companys wrote:

> Activists aim to punch holes in online shields of authoritarian regimes
> By John Boudreau
> 
> jboudreau at mercurynews.com
> 
> Posted: 02/15/2010 07:32:00 PM PST
> 
> http://www.siliconvalley.com/latest-headlines/ci_14407148?source=email
> It is the Internet version of David vs. Goliath — computer savvy activists who launch guerrilla tech attacks to punch holes in online shields erected by governments to control what their citizens do online.
> 
> One of the newest cyber-warriors is Austin Heap, a 25-year-old San Francisco software developer who helped launch Haystack, a program to help Iranians wiggle past government filters as tensions between authorities and the opposition movement surge.
> 
> "It's an arms race," said Rebecca MacKinnon, an expert on Chinese censorship who is familiar with efforts to open up the Internet in Iran as well as other authoritarian countries. "There is no precedence for this."
> 
> Heap is not alone. He's one of a growing number of online activists building software tools designed to serve as virtual slingshots to take on government censorship. Experts in the field, though, caution that programs devised to assist dissidents and others trying to elude authorities online are not fail-proof in the never-ending battle of wits and technology between authoritarian regimes and savvy geeks.
> 
> "There is no silver bullet," said Jonathan Zittrain, co-director of Harvard's Berkman Center for Internet & Society. Anyone who purports otherwise, he added, risks sounding naive.
> 
> Call to action
> 
> The tension between online free speech and government crackdowns hit the headlines again last week. During the 31st anniversary of Iran's Islamic Revolution, the government reportedly shut down phone and Internet services, though videos of protesters still made their way onto YouTube. The Iranian government also said it was shutting down Google's Gmail service and would roll out its own e-mail service.
> 
> 
> Heap's call to action, though, came last summer after the disputed Iranian presidential election triggered mass protests.
> 
> Heap, who was working for a San Francisco nonprofit at the time, joined netizens around the country working to help Iranians report on what was happening on the ground through the social-networking sites Twitter and Facebook. He posted online instructions on how to use "proxy servers" — such as routing an Internet request through another computer to access a blocked Web site. "Thousands and thousands of people around the world turned their computers at home into proxy servers for people in Iran," Heap recalled.
> 
> "Somebody had to make a more sustainable and scalable method of getting around the Iranian censorship,'' he said. "These proxy servers weren't going to cut it. We couldn't do this on a massive scale."
> 
> By August, Heap and others eventually launched a nonprofit to support their work of making and maintaining the Haystack program aimed specifically at Iranians trying to maneuver around the authorities online. The co-founder and executive director of the group sees his mission as providing a basic human right — unfettered freedom of expression online.
> 
> Liberties in U.S.
> 
> "We never wake up in the morning and wonder if our cell phones will work, what will happen when I load Gmail, whether or not I can send a text message," he said. "I do not have a lot of respect for an organization that is trying to control people violently and telling them what they can and can't do online."
> 
> His desire to provide the help others have unimpeded access to the Internet is deeply personal.
> 
> The Internet expanded his world as a teen growing up in Ohio, where he lived in a small town in which students could get "time off to show off a pig at the county fair."
> 
> "That was not my thing," Heap said. "The Internet was a way for me to connect to smart people. It was my way to connect with the world."
> 
> He moved to San Francisco about two years ago and joined the ranks of those devoted to liberating the Internet from authoritarian interference full time some seven months ago. He quickly garnered the attention of others engaged in the cause.
> 
> 'Eye of hurricane'
> 
> "Austin happened to find himself at the center of a human network and became a clearinghouse of information about what was going on (in Iran) and information about how to get information," Zittrain said. "For people who come forward and find themselves in the eye of a hurricane — there is no other feeling like it: 'Wow, I made a difference.' And that, of course, is what we all want to say.''
> 
> Haystack, Heap said, works on two levels. It encrypts online communication and then cloaks it to appear like normal Web traffic.
> 
> Jacob Appelbaum, a San Francisco programmer with the longtime open source Tor Project, a cloaking program used by corporations and free speech activists alike, said closed systems like Haystack concern him. He said it has no peer review the way the Tor Project does, which has been created and vetted by programmers around the world over many years.
> 
> "He has not opened it up for research," Appelbaum said. "No one has seen a copy of his specifications. There is no way we can understand if the claims that are made (by Haystack) are true."
> 
> At worst, a faulty program could put its users in Iran at risk, he said. "That very much concerns me," Appelbaum added. "When people's lives are at risk, it's not a good idea to be arrogant."
> 
> But Heap countered that worries about Haystack are part of the larger debate between those who advocate open-source development as a way to pick the brains of a worldwide community and others who embrace a private source code for faster development and security.
> 
> Chess match
> 
> But many experts say this ever-changing chess game — a deadly one, at that — requires many different tools to combat increasing sophistication of governments determined to clamp down on what citizens can access and not online.
> 
> "These tools are essential," MacKinnon said. "It's very good that more and more groups are working on these tools."
> 
> In fact, it can be perilous to rely on a small, though trusted, technology.
> 
> "It wouldn't be good if people had to depend on just one or two tools," MacKinnon said. "What if something happens to the developers? What if it goes down or a government figures out a way to block it or disable it? It's important to have alternatives."
> 
> For those on the front lines, another cyber-weapon is more than welcome.
> 
> Haystack is a "great tool," said Mana Mostatabi, online community manager for United 4 Iran, an organization that promotes human rights in the Persian country. However, she added that her group will "wait and see how it develops."
> 
> The online free-speech movement is relatively young, she added. The more tools available for activists, the better, Mostatabi said.
> 
> "It's not that one is right and one is wrong," she said. "You are going to see more and more of these."
> 
> Contact John Boudreau at 408-278-3496.
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20100219/b29f7609/attachment.html>