Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Activists aim to punch holes in online shields of authoritarian regimes (Jim Youll)

Douglas Schuler douglas at publicsphereproject.org
Fri Feb 26 17:55:35 PST 2010


I thought I'd share three patterns from our Liberating Voices book  
that I think are relevant. They don't definitively answer these issues  
but I think they help provide some insights. Also, we now *finally*  
have the site set up so that people can comment on the patterns.

Alternative Media in Hostile Environments (http://www.publicsphereproject.org/drupal/node/252 
)

Memory and Responsibility (http://www.publicsphereproject.org/drupal/node/210 
)

Techno-Criticism (http://www.publicsphereproject.org/drupal/node/238)

Thanks!

-- Doug



On Feb 26, 2010, at 1:11 PM, Jim Youll wrote:

> There is am important place for optimism in the world. But too  
> often, notes of concern about technology are shot out of the sky as  
> fun-killers.
>
> I hope not to be remembered as a fun-killer. I am worried about  
> vulnerable people who trust well-meaning others because all hope for  
> a desired outcome.
>
> Again, this is not about "outwitting." Techies used to look for  
> subtle ways to subvert laws by reading laws as if they were code.  
> But laws don't work that way.
> Paul Ohm had a nice post about this problem last year:
> 	http://www.freedom-to-tinker.com/blog/paul/being-acquitted-versus-being-searched-yanal
>
> The anti-slavery movement in the US succeeded under cover of  
> darkness and private communications. Messages, purchases, travels,  
> and communication habits were not logged and stored forever. There  
> was little back-trail to trip participants up at any moment via data  
> mining, no computers to seize, scan, and give up their secrets and  
> the identities of everyone they'd talked to. Anti-slavery activists  
> had the ability to free themselves of many past ("criminal") deeds  
> the moment those deeds were concluded. Repudiation of past deeds is  
> nearly impossible today when communication, travel, or money are  
> involved even incidentally in those deeds.
>
> There is no equivalent in a world where our movements are tracked by  
> following cell phones and credit card charges, where even this  
> message will be archived forever and could be called up in a data  
> mining search that will correlate it with my telephone calls, online  
> habits, flight itineraries, and god knows what else. I'm a citizen  
> of a "free"(-ish) country.
>
> 	http://current.newsweek.com/budgettravel/2008/12/whats_in_your_government_trave.html
>
> It is exceedingly hard - and may be impossible right now - to  
> communicate, plan, or publish through online technology without  
> creating unknown and unknowable risks. I would never "assume" that  
> those who might trust a piece of software to keep them or their  
> loved ones from being imprisoned, tortured, or killed, are wholly  
> aware of the risks involved, because they cannot be.  We are at an  
> ugly watershed moment in which it is simply not possible to credibly  
> and completely understand the risks involved in using a computer for  
> risky activities. We haven't even figured out how to make online  
> banking completely safe, and now we're talking about lives and  
> organizations that could be taken down by one "investigation."  
> Forget the stealth surveillance - what happens when they just grab a  
> person's computer or cell phone and start reading?
>
> When surveillance meant guys in black coats and hats hanging around  
> outside the apartment of a suspected troublemaker, at least a social  
> misfit had a chance to know something was up.
>
> Technology may present the appearance of privacy or safety, but  
> cannot completely deliver it. No technology can, today. None will  
> for some time. This is dangerous because it masks the real security  
> condition (unknowable) and merely asserts one of many possible  
> security conditions - the one hoped-for by the developer. When  
> software is deployed into an unknown environment that could have  
> already been compromised, we cannot say whether it is safe to use or  
> not.
>
> Governments are pretty clever when they choose to be.  They just  
> don't advertise it.
>
> Here's an apparent Chinese government effort to keep an eye on the  
> Dalai Lama:
>
> 	http://government.zdnet.com/?p=4498
> 	http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
>
>
> ... and Google, a company full of smart people that presumably  
> spends a lot of time and money keeping its secrets safe. Google was  
> successfully attacked by (apparent) agents of government. Google  
> also has loads staff with the skills to discover such an attack.  
> Ordinary people don't have comparable resources.
>
> 	http://www.ft.com/cms/s/0/a6f5621c-1f21-11df-9584-00144feab49a.html
>
> I regret that my note evoked the word "deride" in your post today.   
> Feeling good about safety is not the same as living in safety. Even  
> if one accepts the concept of "less safe," I wonder if there is any  
> useful measure of "how risky" a given online action may be. The  
> ecosystem is made of vulnerable operating systems on vulnerable  
> hardware on monitored networks and I think we may find that there  
> are only two possible answers in many situations: "completely safe,"  
> and "not safe at all." For many, "somewhat less safe" may have no  
> meaning. What would "half as safe as not posting to the blog," mean?
>
> It is assuredly the case that some people running "safety" software  
> are using computers or network that are so completely compromised  
> that the software provides no benefit whatever, and the false sense  
> of security actually leaves them more vulnerable, not less, than if  
> they assumed the computer was not safe. In other cases, we must  
> consider the unknowable risks to an individual and many others -  
> perhaps entire movements - if a single computer (not necessarily an  
> "important" computer) is seized and its memory dumped.
>
> When the risks of technologies cannot be plainly known, privileged  
> developers - and hopeful people everywhere - must be extraordinarily  
> careful not to make things worse.
>
> While the abundance of hopeful thinking in the "freedom through  
> technology" movement is helpful to keep the movement alive, we must  
> consider unintended consequences, even when those consequences make  
> it plain that some "hoped for" property of technology cannot safely  
> deliver what is promised.
>
> I'm saddened that these concerns are considered derisive. I have the  
> highest regard for human life. Technologists claim they can protect  
> strangers in unknown environments from agents of government. This is  
> an extraordinary claim. We must be very careful not to implement  
> "hopeful" technologies. Both oppressive and freedom-seeking  
> technologies exist wholly in the cold worlds of data, networks,  
> policy, and surveillance. Computers that serve the state do not feel  
> hope. They will not be swayed by hope, nor by outrage. They could,  
> in fact, help an oppressive state kill people, stop movements,  
> monitor troublemakers, and solidify its strength by leaking  
> information that - kept apart from technology - might have instead  
> helped disassemble it.
>
> best,
> - jim
>
> On Feb 26, 2010, at 11:33 AM, Gabe Gossett wrote:
>
>> I do think that the point about people’s lives being on the line is  
>> a very important one to take into consideration.  I also think,  
>> however, that that folks living under oppressive regimes are fairly  
>> aware that they are never entirely safe from being discovered by  
>> government Internet goons.  It would be surprising to me if they  
>> had too much confidence in any one piece of software to keep their  
>> communications private.  Can we really think anyone in opposition  
>> to the government in Iran has a false sense of security ever?  So I  
>> would actually claim that is naïve to think that the users of these  
>> hole punching technologies don’t have some idea of what they are  
>> risking.
>>
>> One point that I find a little irritating in the article being  
>> referenced here are claims that we’ve never seen something like  
>> this before.  Yes, it is true we have never seen the Internet “arms  
>> race” (an inaccurate way to phrase it—more like cat and mouse)  
>> exactly like this, but the basic movements look an awful lot like  
>> many of the information circuits in defiance of oppressive regimes  
>> in times past.  For example, the anti-slavery movement in the  
>> United States South was also very much a deadly game of cat and  
>> mouse focused on technological advances and state governments  
>> trying to control the new information circuits created by those  
>> advances.  The people on the front lines in the past working to  
>> subvert oppressive governments usually knew the risks of seeking  
>> and disseminating forbidden information, I think that it is safe to  
>> assume the same for modern folks.
>>
>> It is a good idea to make users aware of the risks they are  
>> incurring by letting them know that the applications aren’t  
>> perfect.  It’s not very useful to deride the noble endeavor.
>>
>> One last point I’ll make is that government goons are notorious for  
>> lacking creativity.  We might not be able to count on it, but it is  
>> possible for a few creative folks to confound large, well-equipped,  
>> systems.
>>
>> Gabe Gossett
>> Librarian
>>
>>
>> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu 
>> ] On Behalf Of Justin Reedy
>> Sent: Thursday, February 25, 2010 4:16 PM
>> To: liberationtech at lists.stanford.edu
>> Subject: Re: [liberationtech] Activists aim to punch holes in  
>> online shields of authoritarian regimes (Jim Youll)
>>
>> Hi all,
>>
>> Sorry to be posting a response about this a few days late, but  
>> since I hadn't seen any replies about it yet, I wanted to say many  
>> thanks to Jim Youll for that interesting and thought-provoking post  
>> about Internet programs trying to get around authoritarian regimes.  
>> Fascinating stuff, Jim. It's all to easy to think that every bit  
>> helps -- that it is beneficial to take any possible steps to help  
>> people get around Internet monitoring and blocking in repressive  
>> regimes. It is sobering to realize that lives and livelihoods may  
>> rest on the success or failure of programs like Tor and Haystack,  
>> and that governments have capabilities (online and off-line) that  
>> we may not fully understand.
>>
>> I'm a newbie to this list and this research area in general, so  
>> forgive me if this was painfully obvious to everyone, but I thought  
>> Jim's points served as a helpful reminder that technology needs to  
>> be combined with many other efforts to help people living under  
>> repressive regimes.
>>
>> Cheers,
>> -Justin
>>
>> -------------------------------------------------------
>> Justin Reedy
>> Doctoral student
>> Department of Communication
>> University of Washington
>> jreedy (at) uw.edu or jsreedy (at) gmail.com
>> -------------------------------------------------------
>>
>>
>>
>> On Fri, Feb 19, 2010 at 9:26 AM, <liberationtech-request at lists.stanford.edu 
>> > wrote:
>>
>>
>> ---------- Forwarded message ----------
>> From: Jim Youll <jyoull at alum.mit.edu>
>> To: Yosem Companys <companys at stanford.edu>
>> Date: Fri, 19 Feb 2010 09:11:32 -0800
>> Subject: Re: [liberationtech] NEWS: Activists aim to punch holes in  
>> online shields of authoritarian regimes
>> I've joined your group virtually before I've had a chance to meet  
>> any of you in person, so I hope I'm not speaking out of turn. If I  
>> am, I ask a one-time indulgence.
>>
>> The forwarded article does a better job of voicing concerns about  
>> the real-world risks of these technologies than most, but  
>> unfortunately pushes them down in significance.  Jon Zittrain's  
>> comment at the top sounds low-key but I believe it is not. He's  
>> polite to call uninformed technologists "naive."
>>
>> It's well and good to be a 'cyber warrior' on the sidelines,  
>> building "shields" (governments consider them weapons) for those  
>> who will put their lives on the line trusting your tech. But it's  
>> not an arms race. The battle is asymmetrical because governments  
>> have powers that citizens do not.
>>
>> When the goal is the provision of government-evading technology for  
>> the masses, technology cannot overcome one basic problem: that the  
>> "good guys'" strategies must be wide open to all - friends and  
>> enemies alike - and on the Internet nobody knows who's who. But  
>> government countermeasures are nearly always secret, and they stay  
>> secret. I'm not talking about open vs. closed source, but about the  
>> real-world implementation requirements that turn technology that's  
>> good in theory, into technology that's risky in practice.
>>
>> Tor and other routing protocols are not panaceas. I have worried  
>> for a long time that Tor is going to get people killed, if it  
>> hasn't already. There's no way to know, is there? A governments'  
>> playbook and actions are secrets and stay that way.
>>
>> Internet technologists in particular have for too long believed -  
>> wrongly - that "if only the information could get out" then the  
>> world can be fixed. In practice, that doesn't work very well as a  
>> general rule. In limited situations, absolutely - I've been  
>> involved in projects that went both ways. It's dangerous to ignore  
>> the limits to efficacy and safety of new inventions that are a  
>> consequence of the asymmetric power relationship between  
>> governments and citizens. Experimenting on the non-expert and  
>> hopeful without informed consent is at least irresponsible, and in  
>> some cases immoral. Is a click-through notice sufficient to create  
>> truly "informed consent" given the stakes for those with the  
>> greatest need for the believed benefits of these technologies?
>>
>> Even if you're not trying to evade Chinese death-vans, merely  
>> attempting to end-run a blockade (perhaps in a friendly place,  
>> Australia, let's say) there are risks, including the risk of being  
>> the operator of an end-node that emits a few plaintext packets of  
>> something that arouses the interest of your government. I'm not a  
>> lawyer, but am I wrong to believe that the "Open WiFi" isn't  
>> particularly effective these days?
>>
>> Finally, how many compromised Tor nodes are required on a network  
>> before Tor is wholly ineffective? How much traffic does a  
>> government allow - rather than blockade - in order to mask both  
>> counter-capabilities and scope of surveillance? These aren't  
>> paranoid questions - these are the kinds of questions serious  
>> cryptographers study every day in their own work over the  
>> implementation of products and protocols that are orders of  
>> magnitude simpler and easier to manage than something as big and  
>> "for the world" as Tor or Haystack.
>>
>> regards,
>> - jim
>>
>>
>> On Feb 18, 2010, at 8:05 AM, Yosem Companys wrote:
>>
>>
>> Activists aim to punch holes in online shields of authoritarian  
>> regimes
>> By John Boudreau
>>
>>
>>
>> jboudreau at mercurynews.com
>>
>> Posted: 02/15/2010 07:32:00 PM PST
>>
>> http://www.siliconvalley.com/latest-headlines/ci_14407148? 
>> source=email
>> It is the Internet version of David vs. Goliath — computer savvy  
>> activists who launch guerrilla tech attacks to punch holes in  
>> online shields erected by governments to control what their  
>> citizens do online.
>>
>> One of the newest cyber-warriors is Austin Heap, a 25-year-old San  
>> Francisco software developer who helped launch Haystack, a program  
>> to help Iranians wiggle past government filters as tensions between  
>> authorities and the opposition movement surge.
>>
>> "It's an arms race," said Rebecca MacKinnon, an expert on Chinese  
>> censorship who is familiar with efforts to open up the Internet in  
>> Iran as well as other authoritarian countries. "There is no  
>> precedence for this."
>>
>> Heap is not alone. He's one of a growing number of online activists  
>> building software tools designed to serve as virtual slingshots to  
>> take on government censorship. Experts in the field, though,  
>> caution that programs devised to assist dissidents and others  
>> trying to elude authorities online are not fail-proof in the never- 
>> ending battle of wits and technology between authoritarian regimes  
>> and savvy geeks.
>>
>> "There is no silver bullet," said Jonathan Zittrain, co-director of  
>> Harvard's Berkman Center for Internet & Society. Anyone who  
>> purports otherwise, he added, risks sounding naive.
>>
>> Call to action
>>
>> The tension between online free speech and government crackdowns  
>> hit the headlines again last week. During the 31st anniversary of  
>> Iran's Islamic Revolution, the government reportedly shut down  
>> phone and Internet services, though videos of protesters still made  
>> their way onto YouTube. The Iranian government also said it was  
>> shutting down Google's Gmail service and would roll out its own e- 
>> mail service.
>>
>>
>> Heap's call to action, though, came last summer after the disputed  
>> Iranian presidential election triggered mass protests.
>>
>> Heap, who was working for a San Francisco nonprofit at the time,  
>> joined netizens around the country working to help Iranians report  
>> on what was happening on the ground through the social-networking  
>> sites Twitter and Facebook. He posted online instructions on how to  
>> use "proxy servers" — such as routing an Internet request through  
>> another computer to access a blocked Web site. "Thousands and  
>> thousands of people around the world turned their computers at home  
>> into proxy servers for people in Iran," Heap recalled.
>>
>> "Somebody had to make a more sustainable and scalable method of  
>> getting around the Iranian censorship,'' he said. "These proxy  
>> servers weren't going to cut it. We couldn't do this on a massive  
>> scale."
>>
>> By August, Heap and others eventually launched a nonprofit to  
>> support their work of making and maintaining the Haystack program  
>> aimed specifically at Iranians trying to maneuver around the  
>> authorities online. The co-founder and executive director of the  
>> group sees his mission as providing a basic human right —  
>> unfettered freedom of expression online.
>>
>> Liberties in U.S.
>>
>> "We never wake up in the morning and wonder if our cell phones will  
>> work, what will happen when I load Gmail, whether or not I can send  
>> a text message," he said. "I do not have a lot of respect for an  
>> organization that is trying to control people violently and telling  
>> them what they can and can't do online."
>>
>> His desire to provide the help others have unimpeded access to the  
>> Internet is deeply personal.
>>
>> The Internet expanded his world as a teen growing up in Ohio, where  
>> he lived in a small town in which students could get "time off to  
>> show off a pig at the county fair."
>>
>> "That was not my thing," Heap said. "The Internet was a way for me  
>> to connect to smart people. It was my way to connect with the world."
>>
>> He moved to San Francisco about two years ago and joined the ranks  
>> of those devoted to liberating the Internet from authoritarian  
>> interference full time some seven months ago. He quickly garnered  
>> the attention of others engaged in the cause.
>>
>> 'Eye of hurricane'
>>
>> "Austin happened to find himself at the center of a human network  
>> and became a clearinghouse of information about what was going on  
>> (in Iran) and information about how to get information," Zittrain  
>> said. "For people who come forward and find themselves in the eye  
>> of a hurricane — there is no other feeling like it: 'Wow, I made a  
>> difference.' And that, of course, is what we all want to say.''
>>
>> Haystack, Heap said, works on two levels. It encrypts online  
>> communication and then cloaks it to appear like normal Web traffic.
>>
>> Jacob Appelbaum, a San Francisco programmer with the longtime open  
>> source Tor Project, a cloaking program used by corporations and  
>> free speech activists alike, said closed systems like Haystack  
>> concern him. He said it has no peer review the way the Tor Project  
>> does, which has been created and vetted by programmers around the  
>> world over many years.
>>
>> "He has not opened it up for research," Appelbaum said. "No one has  
>> seen a copy of his specifications. There is no way we can  
>> understand if the claims that are made (by Haystack) are true."
>>
>> At worst, a faulty program could put its users in Iran at risk, he  
>> said. "That very much concerns me," Appelbaum added. "When people's  
>> lives are at risk, it's not a good idea to be arrogant."
>>
>> But Heap countered that worries about Haystack are part of the  
>> larger debate between those who advocate open-source development as  
>> a way to pick the brains of a worldwide community and others who  
>> embrace a private source code for faster development and security.
>>
>> Chess match
>>
>> But many experts say this ever-changing chess game — a deadly one,  
>> at that — requires many different tools to combat increasing  
>> sophistication of governments determined to clamp down on what  
>> citizens can access and not online.
>>
>> "These tools are essential," MacKinnon said. "It's very good that  
>> more and more groups are working on these tools."
>>
>> In fact, it can be perilous to rely on a small, though trusted,  
>> technology.
>>
>> "It wouldn't be good if people had to depend on just one or two  
>> tools," MacKinnon said. "What if something happens to the  
>> developers? What if it goes down or a government figures out a way  
>> to block it or disable it? It's important to have alternatives."
>>
>> For those on the front lines, another cyber-weapon is more than  
>> welcome.
>>
>> Haystack is a "great tool," said Mana Mostatabi, online community  
>> manager for United 4 Iran, an organization that promotes human  
>> rights in the Persian country. However, she added that her group  
>> will "wait and see how it develops."
>>
>> The online free-speech movement is relatively young, she added. The  
>> more tools available for activists, the better, Mostatabi said.
>>
>> "It's not that one is right and one is wrong," she said. "You are  
>> going to see more and more of these."
>>
>> Contact John Boudreau at 408-278-3496.
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--------------------------------------------------------------------------------
Public Sphere Project
      http://www.publicsphereproject.org/

Liberating Voices!  A Pattern Language for Communication Revolution  
(project)
      http://www.publicsphereproject.org/patterns/

Liberating Voices!  A Pattern Language for Communication Revolution  
(book)
      http://mitpress.mit.edu/catalog/item/default.asp?ttype=2&tid=11601

Douglas Schuler
douglas at publicsphereproject.org

------------------------------------------------------------------------------
Public Sphere Project
      http://www.publicsphereproject.org/

Liberating Voices!  A Pattern Language for Communication Revolution  
(project)
      http://www.publicsphereproject.org/patterns/

Liberating Voices!  A Pattern Language for Communication Revolution  
(book)
      http://mitpress.mit.edu/catalog/item/default.asp?ttype=2&tid=11601







More information about the liberationtech mailing list