[liberationtech] Syria Crackdown Aided by U.S.-Europe Spy Gear

Josh jdsaxe at gmail.com
Mon Nov 7 12:02:32 PST 2011 

Thanks for this alarming and interesting thread.

Perhaps it's worth pointing out that there are ways to mitigate against the
effectiveness of these surveillance technologies, but that there aren't
one-size fits all solutions.  It's important that activists have technical
expertise on hand to negotiate the risks of using network channels as a
medium for movement activities.

I think the technical issues are fairly subtle.  For example, Syrian
activists might browse the web through encrypted connections to web
proxies, but such encrypted traffic might be a "tell" to a surveillance
tool that could single out an IP address for additional scrutiny.  And if
an encrypted proxy is connecting back into the zone under surveillance
(making HTTP connections in plaintext, say, to a Syrian web site) an
intelligent tool may be able to use network transmission timings to
establish the IP address that's doing the web browsing and the content of
the traffic.  Speaking of timings, most activists probably aren't aware of
the extent to which side channels such as timings and "to" and "from"
addresses on packets can be used to reconstruct information about a
computer user even when their traffic is encrypted.

Also, email can be encrypted, but the mere fact of transmitted messages is
enough to reconstruct social networks and the network distance between an
unknown emailer and a known activist.  In other words, if I encrypt a
message to a friend of a known activist, the fact that my transmission is
encrypted, and the fact that I'm two hops removed from a known activist,
would be two good pieces of evidence to indicate that I am an activist
sympathizer or an activist myself.

I wonder if training and education about the dynamics of network
surveillance, for activists in places like Syria, aren't as important as
targeting the companies that sell the surveillance technologies.  IP is a
classic insecure channel and whether or not a government is known to be
scrutinizing IP traffic, it would be safer if activists understand how
their traffic can _potentially_ be monitored and how they might negotiate
risk.

Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20111107/71f1af46/attachment.html>

More information about the liberationtech mailing list