[liberationtech] Deconstructing the security risks narrative of Haystack

Evgeny Morozov evgeny.morozov at gmail.com
Fri Sep 17 12:39:57 PDT 2010 

Just to add my two cents: when I interviewed Mehdi last week - before  
we got the code - he told me that after testing Haystack he did NOT  
communicate any concerns over the software's security to the CRC  
advisory board. I double-checked that with him and have it in my  
notes. So it is not at all clear to me what his "serious concerns"  
were - they clearly were not about security.

Not asking questions about the US government's role in all of this  
doesn't seem like a good idea to me either.

Evgeny

On Sep 17, 2010, at 3:23 PM, Mehdi Yahyanejad <yahyanejad at gmail.com>  
wrote:

>
> Some people asked about my involvement in Haystack. I was not part
> of Haystack's team/board/advisers. I was contacted unofficially
> by a board member about 4 to 5 months ago. I expressed my serious  
> concerns
> to him. He asked me if I can find an expert to review Haystack. I  
> introduced
> Austin to an expert on circumvention tools. He never followed up.
>  Later I was given a prototype to send to Iran. I only ran it  
> locally and
>  never sent it to anyone. I have not met Babak, Austin
> or Dan. I only talked to Babak once after I saw Austin's interview in
> Newsweek and was upset by all the misleading statements. I have  
> contacted
> and talked to Dan after read his resignation letter on libtech. He  
> is a great guy.
>
>
> You might wonder why I dedicated my previous posts
> trying to reduce the fear of Haystack's security risk, a project  
> which I
> was highly critical of. Let me explain:
>
> I have been active in Persian social media space  for
> the past few years and am highly indebted to the service provided by
> the anti-filter community. For one, forty percent of the visitors to  
> my
> website visit the website using anti-filtering tools. I have  
> personally
> helped some of the anti-filtering  projects in terms of distribution
>  or feedback on their usability. I know that circumvention tool  
> projects,
> commercial or non-profit, are by in large dependent on the government
>  funding. The government funding is highly policy driven. If Iran's  
> nuclear
> issue is on the top of the news, this translates to various sorts of
>  "democracy funds" and some of those funds end up in the hand of
> circumvention community. There is pretty much no other easy
> way of funding these projects for their service to countries like  
> Iran.
>
> When I was following Evgeny Morozov's blog posts, once
> he changed the narrative of "Austin Heap misled people" to "Haystack  
> puts
> people at risk", I exactly knew where he was going with this. The  
> first
> narrative would have been enough to take down Austin Heap but not
> necessarily Haystack as an organization. Evgeny wanted to bring down
> Haystack in a way that he could take the battle to the next step:  
> going
> after the State Department and other potential government players
> (his latest article in Slate confirms my suspicion). I believe this  
> can
> be very damaging and would appeal to Evgeny to consider all the
> intended or unintended consequences before moving further with this.
> Going after the US government can scare away all sort government
>  players from touching circumvention tools projects and would damage
> the level of funding for all circumvention tools. Of course, people
> who created Haystack, particularly Austin Heap, and the hype around
> it are primarily responsible for what has happened but I care less
>  about them or for that matter who gets the blame. I care about
> what the damage would be to the fundings for circumvention tools
> projects.
>
> I will stop writing on this issue because I don't have much time for  
> the next
>  few days to follow the discussions on the board or to respond.
>
>
> To Appelbaum and O'Brian: I might have disagreements with you on the
> risk of the Haystack prototype, but I agree with many of
> other points your have raised and believe Haystack gone
> unchecked could have been dangerous. Also, I will be happy to help
> you with Tor to expand its reach in Iran.
>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list