[liberationtech] Syria Crackdown Aided by U.S.-Europe Spy Gear

Jillian York jyork at cyber.law.harvard.edu
Mon Nov 7 12:11:31 PST 2011 

Sorry to be an EFF pusher this morning...EFF is working on Surveillance
Self Defense as well (https://ssd.eff.org/) - and we'd definitely love
everyone's input.

Josh - to your point ("I wonder if training and education about the
dynamics of network surveillance, for activists in places like Syria,
aren't as important as targeting the companies that sell the surveillance
technologies"), I think you're absolutely right.  It's hard to target the
right people sometimes, particularly in Syria...as the major activists are
very tech-savvy and the lesser-known activists are...lesser-known (e.g.,
anonymous, hard to reach out to).

I would also add that, last week I gave a brief talk in Brazil to a group
of bloggers about surveillance technology and people were shocked, *shocked
*that is going on.  Very few of them were aware of basic stuff like
HTTPS...including the bloggers from Mexico (which is obviously a hot spot
right now for 3rd party surveillance).  So this is definitely a need,
globally.

We will be translating the page when it's done, of course, but that's often
hardly the issue (re: Syria, lots of the best content gets translated at
the grassroots level already).

Best,
Jillian

On Mon, Nov 7, 2011 at 12:02 PM, Josh <jdsaxe at gmail.com> wrote:

> Thanks for this alarming and interesting thread.
>
> Perhaps it's worth pointing out that there are ways to mitigate against
> the effectiveness of these surveillance technologies, but that there aren't
> one-size fits all solutions.  It's important that activists have technical
> expertise on hand to negotiate the risks of using network channels as a
> medium for movement activities.
>
> I think the technical issues are fairly subtle.  For example, Syrian
> activists might browse the web through encrypted connections to web
> proxies, but such encrypted traffic might be a "tell" to a surveillance
> tool that could single out an IP address for additional scrutiny.  And if
> an encrypted proxy is connecting back into the zone under surveillance
> (making HTTP connections in plaintext, say, to a Syrian web site) an
> intelligent tool may be able to use network transmission timings to
> establish the IP address that's doing the web browsing and the content of
> the traffic.  Speaking of timings, most activists probably aren't aware of
> the extent to which side channels such as timings and "to" and "from"
> addresses on packets can be used to reconstruct information about a
> computer user even when their traffic is encrypted.
>
> Also, email can be encrypted, but the mere fact of transmitted messages is
> enough to reconstruct social networks and the network distance between an
> unknown emailer and a known activist.  In other words, if I encrypt a
> message to a friend of a known activist, the fact that my transmission is
> encrypted, and the fact that I'm two hops removed from a known activist,
> would be two good pieces of evidence to indicate that I am an activist
> sympathizer or an activist myself.
>
> I wonder if training and education about the dynamics of network
> surveillance, for activists in places like Syria, aren't as important as
> targeting the companies that sell the surveillance technologies.  IP is a
> classic insecure channel and whether or not a government is known to be
> scrutinizing IP traffic, it would be safer if activists understand how
> their traffic can _potentially_ be monitored and how they might negotiate
> risk.
>
> Josh
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>



-- 
jilliancyork.com | @jilliancyork | tel: +1-857-891-4244
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20111107/8d403d64/attachment.html>

More information about the liberationtech mailing list