[liberationtech] Activists aim to punch holes in online shields of authoritarian regimes (Jim Youll)
Douglas Schuler
douglas at publicsphereproject.org
Fri Feb 26 17:55:35 PST 2010
I thought I'd share three patterns from our Liberating Voices book
that I think are relevant. They don't definitively answer these issues
but I think they help provide some insights. Also, we now *finally*
have the site set up so that people can comment on the patterns.
Alternative Media in Hostile Environments (http://www.publicsphereproject.org/drupal/node/252
)
Memory and Responsibility (http://www.publicsphereproject.org/drupal/node/210
)
Techno-Criticism (http://www.publicsphereproject.org/drupal/node/238)
Thanks!
-- Doug
On Feb 26, 2010, at 1:11 PM, Jim Youll wrote:
> There is am important place for optimism in the world. But too
> often, notes of concern about technology are shot out of the sky as
> fun-killers.
>
> I hope not to be remembered as a fun-killer. I am worried about
> vulnerable people who trust well-meaning others because all hope for
> a desired outcome.
>
> Again, this is not about "outwitting." Techies used to look for
> subtle ways to subvert laws by reading laws as if they were code.
> But laws don't work that way.
> Paul Ohm had a nice post about this problem last year:
> http://www.freedom-to-tinker.com/blog/paul/being-acquitted-versus-being-searched-yanal
>
> The anti-slavery movement in the US succeeded under cover of
> darkness and private communications. Messages, purchases, travels,
> and communication habits were not logged and stored forever. There
> was little back-trail to trip participants up at any moment via data
> mining, no computers to seize, scan, and give up their secrets and
> the identities of everyone they'd talked to. Anti-slavery activists
> had the ability to free themselves of many past ("criminal") deeds
> the moment those deeds were concluded. Repudiation of past deeds is
> nearly impossible today when communication, travel, or money are
> involved even incidentally in those deeds.
>
> There is no equivalent in a world where our movements are tracked by
> following cell phones and credit card charges, where even this
> message will be archived forever and could be called up in a data
> mining search that will correlate it with my telephone calls, online
> habits, flight itineraries, and god knows what else. I'm a citizen
> of a "free"(-ish) country.
>
> http://current.newsweek.com/budgettravel/2008/12/whats_in_your_government_trave.html
>
> It is exceedingly hard - and may be impossible right now - to
> communicate, plan, or publish through online technology without
> creating unknown and unknowable risks. I would never "assume" that
> those who might trust a piece of software to keep them or their
> loved ones from being imprisoned, tortured, or killed, are wholly
> aware of the risks involved, because they cannot be. We are at an
> ugly watershed moment in which it is simply not possible to credibly
> and completely understand the risks involved in using a computer for
> risky activities. We haven't even figured out how to make online
> banking completely safe, and now we're talking about lives and
> organizations that could be taken down by one "investigation."
> Forget the stealth surveillance - what happens when they just grab a
> person's computer or cell phone and start reading?
>
> When surveillance meant guys in black coats and hats hanging around
> outside the apartment of a suspected troublemaker, at least a social
> misfit had a chance to know something was up.
>
> Technology may present the appearance of privacy or safety, but
> cannot completely deliver it. No technology can, today. None will
> for some time. This is dangerous because it masks the real security
> condition (unknowable) and merely asserts one of many possible
> security conditions - the one hoped-for by the developer. When
> software is deployed into an unknown environment that could have
> already been compromised, we cannot say whether it is safe to use or
> not.
>
> Governments are pretty clever when they choose to be. They just
> don't advertise it.
>
> Here's an apparent Chinese government effort to keep an eye on the
> Dalai Lama:
>
> http://government.zdnet.com/?p=4498
> http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
>
>
> ... and Google, a company full of smart people that presumably
> spends a lot of time and money keeping its secrets safe. Google was
> successfully attacked by (apparent) agents of government. Google
> also has loads staff with the skills to discover such an attack.
> Ordinary people don't have comparable resources.
>
> http://www.ft.com/cms/s/0/a6f5621c-1f21-11df-9584-00144feab49a.html
>
> I regret that my note evoked the word "deride" in your post today.
> Feeling good about safety is not the same as living in safety. Even
> if one accepts the concept of "less safe," I wonder if there is any
> useful measure of "how risky" a given online action may be. The
> ecosystem is made of vulnerable operating systems on vulnerable
> hardware on monitored networks and I think we may find that there
> are only two possible answers in many situations: "completely safe,"
> and "not safe at all." For many, "somewhat less safe" may have no
> meaning. What would "half as safe as not posting to the blog," mean?
>
> It is assuredly the case that some people running "safety" software
> are using computers or network that are so completely compromised
> that the software provides no benefit whatever, and the false sense
> of security actually leaves them more vulnerable, not less, than if
> they assumed the computer was not safe. In other cases, we must
> consider the unknowable risks to an individual and many others -
> perhaps entire movements - if a single computer (not necessarily an
> "important" computer) is seized and its memory dumped.
>
> When the risks of technologies cannot be plainly known, privileged
> developers - and hopeful people everywhere - must be extraordinarily
> careful not to make things worse.
>
> While the abundance of hopeful thinking in the "freedom through
> technology" movement is helpful to keep the movement alive, we must
> consider unintended consequences, even when those consequences make
> it plain that some "hoped for" property of technology cannot safely
> deliver what is promised.
>
> I'm saddened that these concerns are considered derisive. I have the
> highest regard for human life. Technologists claim they can protect
> strangers in unknown environments from agents of government. This is
> an extraordinary claim. We must be very careful not to implement
> "hopeful" technologies. Both oppressive and freedom-seeking
> technologies exist wholly in the cold worlds of data, networks,
> policy, and surveillance. Computers that serve the state do not feel
> hope. They will not be swayed by hope, nor by outrage. They could,
> in fact, help an oppressive state kill people, stop movements,
> monitor troublemakers, and solidify its strength by leaking
> information that - kept apart from technology - might have instead
> helped disassemble it.
>
> best,
> - jim
>
> On Feb 26, 2010, at 11:33 AM, Gabe Gossett wrote:
>
>> I do think that the point about people’s lives being on the line is
>> a very important one to take into consideration. I also think,
>> however, that that folks living under oppressive regimes are fairly
>> aware that they are never entirely safe from being discovered by
>> government Internet goons. It would be surprising to me if they
>> had too much confidence in any one piece of software to keep their
>> communications private. Can we really think anyone in opposition
>> to the government in Iran has a false sense of security ever? So I
>> would actually claim that is naïve to think that the users of these
>> hole punching technologies don’t have some idea of what they are
>> risking.
>>
>> One point that I find a little irritating in the article being
>> referenced here are claims that we’ve never seen something like
>> this before. Yes, it is true we have never seen the Internet “arms
>> race” (an inaccurate way to phrase it—more like cat and mouse)
>> exactly like this, but the basic movements look an awful lot like
>> many of the information circuits in defiance of oppressive regimes
>> in times past. For example, the anti-slavery movement in the
>> United States South was also very much a deadly game of cat and
>> mouse focused on technological advances and state governments
>> trying to control the new information circuits created by those
>> advances. The people on the front lines in the past working to
>> subvert oppressive governments usually knew the risks of seeking
>> and disseminating forbidden information, I think that it is safe to
>> assume the same for modern folks.
>>
>> It is a good idea to make users aware of the risks they are
>> incurring by letting them know that the applications aren’t
>> perfect. It’s not very useful to deride the noble endeavor.
>>
>> One last point I’ll make is that government goons are notorious for
>> lacking creativity. We might not be able to count on it, but it is
>> possible for a few creative folks to confound large, well-equipped,
>> systems.
>>
>> Gabe Gossett
>> Librarian
>>
>>
>> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu
>> ] On Behalf Of Justin Reedy
>> Sent: Thursday, February 25, 2010 4:16 PM
>> To: liberationtech at lists.stanford.edu
>> Subject: Re: [liberationtech] Activists aim to punch holes in
>> online shields of authoritarian regimes (Jim Youll)
>>
>> Hi all,
>>
>> Sorry to be posting a response about this a few days late, but
>> since I hadn't seen any replies about it yet, I wanted to say many
>> thanks to Jim Youll for that interesting and thought-provoking post
>> about Internet programs trying to get around authoritarian regimes.
>> Fascinating stuff, Jim. It's all to easy to think that every bit
>> helps -- that it is beneficial to take any possible steps to help
>> people get around Internet monitoring and blocking in repressive
>> regimes. It is sobering to realize that lives and livelihoods may
>> rest on the success or failure of programs like Tor and Haystack,
>> and that governments have capabilities (online and off-line) that
>> we may not fully understand.
>>
>> I'm a newbie to this list and this research area in general, so
>> forgive me if this was painfully obvious to everyone, but I thought
>> Jim's points served as a helpful reminder that technology needs to
>> be combined with many other efforts to help people living under
>> repressive regimes.
>>
>> Cheers,
>> -Justin
>>
>> -------------------------------------------------------
>> Justin Reedy
>> Doctoral student
>> Department of Communication
>> University of Washington
>> jreedy (at) uw.edu or jsreedy (at) gmail.com
>> -------------------------------------------------------
>>
>>
>>
>> On Fri, Feb 19, 2010 at 9:26 AM, <liberationtech-request at lists.stanford.edu
>> > wrote:
>>
>>
>> ---------- Forwarded message ----------
>> From: Jim Youll <jyoull at alum.mit.edu>
>> To: Yosem Companys <companys at stanford.edu>
>> Date: Fri, 19 Feb 2010 09:11:32 -0800
>> Subject: Re: [liberationtech] NEWS: Activists aim to punch holes in
>> online shields of authoritarian regimes
>> I've joined your group virtually before I've had a chance to meet
>> any of you in person, so I hope I'm not speaking out of turn. If I
>> am, I ask a one-time indulgence.
>>
>> The forwarded article does a better job of voicing concerns about
>> the real-world risks of these technologies than most, but
>> unfortunately pushes them down in significance. Jon Zittrain's
>> comment at the top sounds low-key but I believe it is not. He's
>> polite to call uninformed technologists "naive."
>>
>> It's well and good to be a 'cyber warrior' on the sidelines,
>> building "shields" (governments consider them weapons) for those
>> who will put their lives on the line trusting your tech. But it's
>> not an arms race. The battle is asymmetrical because governments
>> have powers that citizens do not.
>>
>> When the goal is the provision of government-evading technology for
>> the masses, technology cannot overcome one basic problem: that the
>> "good guys'" strategies must be wide open to all - friends and
>> enemies alike - and on the Internet nobody knows who's who. But
>> government countermeasures are nearly always secret, and they stay
>> secret. I'm not talking about open vs. closed source, but about the
>> real-world implementation requirements that turn technology that's
>> good in theory, into technology that's risky in practice.
>>
>> Tor and other routing protocols are not panaceas. I have worried
>> for a long time that Tor is going to get people killed, if it
>> hasn't already. There's no way to know, is there? A governments'
>> playbook and actions are secrets and stay that way.
>>
>> Internet technologists in particular have for too long believed -
>> wrongly - that "if only the information could get out" then the
>> world can be fixed. In practice, that doesn't work very well as a
>> general rule. In limited situations, absolutely - I've been
>> involved in projects that went both ways. It's dangerous to ignore
>> the limits to efficacy and safety of new inventions that are a
>> consequence of the asymmetric power relationship between
>> governments and citizens. Experimenting on the non-expert and
>> hopeful without informed consent is at least irresponsible, and in
>> some cases immoral. Is a click-through notice sufficient to create
>> truly "informed consent" given the stakes for those with the
>> greatest need for the believed benefits of these technologies?
>>
>> Even if you're not trying to evade Chinese death-vans, merely
>> attempting to end-run a blockade (perhaps in a friendly place,
>> Australia, let's say) there are risks, including the risk of being
>> the operator of an end-node that emits a few plaintext packets of
>> something that arouses the interest of your government. I'm not a
>> lawyer, but am I wrong to believe that the "Open WiFi" isn't
>> particularly effective these days?
>>
>> Finally, how many compromised Tor nodes are required on a network
>> before Tor is wholly ineffective? How much traffic does a
>> government allow - rather than blockade - in order to mask both
>> counter-capabilities and scope of surveillance? These aren't
>> paranoid questions - these are the kinds of questions serious
>> cryptographers study every day in their own work over the
>> implementation of products and protocols that are orders of
>> magnitude simpler and easier to manage than something as big and
>> "for the world" as Tor or Haystack.
>>
>> regards,
>> - jim
>>
>>
>> On Feb 18, 2010, at 8:05 AM, Yosem Companys wrote:
>>
>>
>> Activists aim to punch holes in online shields of authoritarian
>> regimes
>> By John Boudreau
>>
>>
>>
>> jboudreau at mercurynews.com
>>
>> Posted: 02/15/2010 07:32:00 PM PST
>>
>> http://www.siliconvalley.com/latest-headlines/ci_14407148?
>> source=email
>> It is the Internet version of David vs. Goliath — computer savvy
>> activists who launch guerrilla tech attacks to punch holes in
>> online shields erected by governments to control what their
>> citizens do online.
>>
>> One of the newest cyber-warriors is Austin Heap, a 25-year-old San
>> Francisco software developer who helped launch Haystack, a program
>> to help Iranians wiggle past government filters as tensions between
>> authorities and the opposition movement surge.
>>
>> "It's an arms race," said Rebecca MacKinnon, an expert on Chinese
>> censorship who is familiar with efforts to open up the Internet in
>> Iran as well as other authoritarian countries. "There is no
>> precedence for this."
>>
>> Heap is not alone. He's one of a growing number of online activists
>> building software tools designed to serve as virtual slingshots to
>> take on government censorship. Experts in the field, though,
>> caution that programs devised to assist dissidents and others
>> trying to elude authorities online are not fail-proof in the never-
>> ending battle of wits and technology between authoritarian regimes
>> and savvy geeks.
>>
>> "There is no silver bullet," said Jonathan Zittrain, co-director of
>> Harvard's Berkman Center for Internet & Society. Anyone who
>> purports otherwise, he added, risks sounding naive.
>>
>> Call to action
>>
>> The tension between online free speech and government crackdowns
>> hit the headlines again last week. During the 31st anniversary of
>> Iran's Islamic Revolution, the government reportedly shut down
>> phone and Internet services, though videos of protesters still made
>> their way onto YouTube. The Iranian government also said it was
>> shutting down Google's Gmail service and would roll out its own e-
>> mail service.
>>
>>
>> Heap's call to action, though, came last summer after the disputed
>> Iranian presidential election triggered mass protests.
>>
>> Heap, who was working for a San Francisco nonprofit at the time,
>> joined netizens around the country working to help Iranians report
>> on what was happening on the ground through the social-networking
>> sites Twitter and Facebook. He posted online instructions on how to
>> use "proxy servers" — such as routing an Internet request through
>> another computer to access a blocked Web site. "Thousands and
>> thousands of people around the world turned their computers at home
>> into proxy servers for people in Iran," Heap recalled.
>>
>> "Somebody had to make a more sustainable and scalable method of
>> getting around the Iranian censorship,'' he said. "These proxy
>> servers weren't going to cut it. We couldn't do this on a massive
>> scale."
>>
>> By August, Heap and others eventually launched a nonprofit to
>> support their work of making and maintaining the Haystack program
>> aimed specifically at Iranians trying to maneuver around the
>> authorities online. The co-founder and executive director of the
>> group sees his mission as providing a basic human right —
>> unfettered freedom of expression online.
>>
>> Liberties in U.S.
>>
>> "We never wake up in the morning and wonder if our cell phones will
>> work, what will happen when I load Gmail, whether or not I can send
>> a text message," he said. "I do not have a lot of respect for an
>> organization that is trying to control people violently and telling
>> them what they can and can't do online."
>>
>> His desire to provide the help others have unimpeded access to the
>> Internet is deeply personal.
>>
>> The Internet expanded his world as a teen growing up in Ohio, where
>> he lived in a small town in which students could get "time off to
>> show off a pig at the county fair."
>>
>> "That was not my thing," Heap said. "The Internet was a way for me
>> to connect to smart people. It was my way to connect with the world."
>>
>> He moved to San Francisco about two years ago and joined the ranks
>> of those devoted to liberating the Internet from authoritarian
>> interference full time some seven months ago. He quickly garnered
>> the attention of others engaged in the cause.
>>
>> 'Eye of hurricane'
>>
>> "Austin happened to find himself at the center of a human network
>> and became a clearinghouse of information about what was going on
>> (in Iran) and information about how to get information," Zittrain
>> said. "For people who come forward and find themselves in the eye
>> of a hurricane — there is no other feeling like it: 'Wow, I made a
>> difference.' And that, of course, is what we all want to say.''
>>
>> Haystack, Heap said, works on two levels. It encrypts online
>> communication and then cloaks it to appear like normal Web traffic.
>>
>> Jacob Appelbaum, a San Francisco programmer with the longtime open
>> source Tor Project, a cloaking program used by corporations and
>> free speech activists alike, said closed systems like Haystack
>> concern him. He said it has no peer review the way the Tor Project
>> does, which has been created and vetted by programmers around the
>> world over many years.
>>
>> "He has not opened it up for research," Appelbaum said. "No one has
>> seen a copy of his specifications. There is no way we can
>> understand if the claims that are made (by Haystack) are true."
>>
>> At worst, a faulty program could put its users in Iran at risk, he
>> said. "That very much concerns me," Appelbaum added. "When people's
>> lives are at risk, it's not a good idea to be arrogant."
>>
>> But Heap countered that worries about Haystack are part of the
>> larger debate between those who advocate open-source development as
>> a way to pick the brains of a worldwide community and others who
>> embrace a private source code for faster development and security.
>>
>> Chess match
>>
>> But many experts say this ever-changing chess game — a deadly one,
>> at that — requires many different tools to combat increasing
>> sophistication of governments determined to clamp down on what
>> citizens can access and not online.
>>
>> "These tools are essential," MacKinnon said. "It's very good that
>> more and more groups are working on these tools."
>>
>> In fact, it can be perilous to rely on a small, though trusted,
>> technology.
>>
>> "It wouldn't be good if people had to depend on just one or two
>> tools," MacKinnon said. "What if something happens to the
>> developers? What if it goes down or a government figures out a way
>> to block it or disable it? It's important to have alternatives."
>>
>> For those on the front lines, another cyber-weapon is more than
>> welcome.
>>
>> Haystack is a "great tool," said Mana Mostatabi, online community
>> manager for United 4 Iran, an organization that promotes human
>> rights in the Persian country. However, she added that her group
>> will "wait and see how it develops."
>>
>> The online free-speech movement is relatively young, she added. The
>> more tools available for activists, the better, Mostatabi said.
>>
>> "It's not that one is right and one is wrong," she said. "You are
>> going to see more and more of these."
>>
>> Contact John Boudreau at 408-278-3496.
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--------------------------------------------------------------------------------
Public Sphere Project
http://www.publicsphereproject.org/
Liberating Voices! A Pattern Language for Communication Revolution
(project)
http://www.publicsphereproject.org/patterns/
Liberating Voices! A Pattern Language for Communication Revolution
(book)
http://mitpress.mit.edu/catalog/item/default.asp?ttype=2&tid=11601
Douglas Schuler
douglas at publicsphereproject.org
------------------------------------------------------------------------------
Public Sphere Project
http://www.publicsphereproject.org/
Liberating Voices! A Pattern Language for Communication Revolution
(project)
http://www.publicsphereproject.org/patterns/
Liberating Voices! A Pattern Language for Communication Revolution
(book)
http://mitpress.mit.edu/catalog/item/default.asp?ttype=2&tid=11601
More information about the liberationtech
mailing list