[liberationtech] Deconstructing the security risks narrative of Haystack

Fri Sep 17 12:23:56 PDT 2010

Some people asked about my involvement in Haystack. I was not part 
of Haystack's team/board/advisers. I was contacted unofficially 
by a board member about 4 to 5 months ago. I expressed my serious concerns
to him. He asked me if I can find an expert to review Haystack. I introduced 
Austin to an expert on circumvention tools. He never followed up.
 Later I was given a prototype to send to Iran. I only ran it locally and
 never sent it to anyone. I have not met Babak, Austin 
or Dan. I only talked to Babak once after I saw Austin's interview in 
Newsweek and was upset by all the misleading statements. I have contacted 
and talked to Dan after read his resignation letter on libtech. He is a great guy.

You might wonder why I dedicated my previous posts 
trying to reduce the fear of Haystack's security risk, a project which I 
was highly critical of. Let me explain: 

I have been active in Persian social media space  for 
the past few years and am highly indebted to the service provided by 
the anti-filter community. For one, forty percent of the visitors to my 
website visit the website using anti-filtering tools. I have personally 
helped some of the anti-filtering  projects in terms of distribution
 or feedback on their usability. I know that circumvention tool projects, 
commercial or non-profit, are by in large dependent on the government
 funding. The government funding is highly policy driven. If Iran's nuclear 
issue is on the top of the news, this translates to various sorts of
 "democracy funds" and some of those funds end up in the hand of 
circumvention community. There is pretty much no other easy 
way of funding these projects for their service to countries like Iran. 

When I was following Evgeny Morozov's blog posts, once 
he changed the narrative of "Austin Heap misled people" to "Haystack puts 
people at risk", I exactly knew where he was going with this. The first 
narrative would have been enough to take down Austin Heap but not 
necessarily Haystack as an organization. Evgeny wanted to bring down 
Haystack in a way that he could take the battle to the next step: going 
after the State Department and other potential government players 
(his latest article in Slate confirms my suspicion). I believe this can 
be very damaging and would appeal to Evgeny to consider all the 
intended or unintended consequences before moving further with this. 
Going after the US government can scare away all sort government
 players from touching circumvention tools projects and would damage 
the level of funding for all circumvention tools. Of course, people 
who created Haystack, particularly Austin Heap, and the hype around 
it are primarily responsible for what has happened but I care less
 about them or for that matter who gets the blame. I care about 
what the damage would be to the fundings for circumvention tools 
projects.

I will stop writing on this issue because I don't have much time for the next
 few days to follow the discussions on the board or to respond. 

To Appelbaum and O'Brian: I might have disagreements with you on the 
risk of the Haystack prototype, but I agree with many of 
other points your have raised and believe Haystack gone 
unchecked could have been dangerous. Also, I will be happy to help 
you with Tor to expand its reach in Iran. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20100917/a8d28a59/attachment.html>