Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Deconstructing Mehdi Yahyanejad's "deconstruction of the security risks narrative of Haystack"

Evgeny Morozov evgeny.morozov at gmail.com
Sat Sep 18 13:44:10 PDT 2010


I know that the subject I chose for this new threat may immediately suggest
otherwise but I do feel that we are making genuine progress on this list –
not least because of Mehdi's several messages where he criticized what he
believes to be outblown claims made about the risks experienced by
Haystack's testers in Iran.

 Here is how I understand his argument:

   1.

   Mehdi had known that Haystack didn't have the goods much earlier than the
   rest of us and had evidence to prove it
   2.

   Mehdi thinks that the use of circumvention tools – even if the latter are
   insecure – presents no major risks to users in Iran and that the use of
   Haystack, despite its design flaws, shouldn't be seen as different from the
   use Tor or Freegate. Some of these tools are better than others -and
   Haystack was somewhere on the lower end.
   3.

   Unlike me and Jake Appelbaum, Mehdi chose not to take his concerns public
   for fear that some kind of a scandal may ensue, thus jeopardizing future
   funding/support of circumvention in general.

 As I already mentioned on this list, I think Mehdi's is a very important
argument that this mailing list and the wider community beyond it need to
grapple with.

Some of what I write below has already been said in response to Mehdi's
original message but for the sake of clarity I would like to reiterate it
here nevertheless. The debate that Mehdi has broached does risk pushing us
towards engaging in a bit of Iran-inspired Kremlinology – e.g. statements
like “I can predict the Iranian government's reaction to Haystack better
than you ever can!” are probably inevitable – but I think it's a price worth
paying for having such a debate.

Here is my best attempt to elucidate four main arguments as to why
Haystack's Iranian testers were at risk:


   1.

   Austin Heap made more claims about Haystack's awesome capabilities than
   all other circumvention tools put together, presenting Haystack as something
   genuinely new and dangerous. Were one to treat all those statements
   seriously, it would appear that Haystack is something that the Superman and
   Batman produced in their garage in their spare time and thus needs be
   watched very closely. On top of this, Haystack never released its code,
   making it impossible for the Iranian government – or anyone else – to verify
   how well Austin's claims matched the reality. Given the well-known tendency
   of the Iranian government to see conspiracy theories even in basic laws of
   physics, I don't think it was so unreasonable for us to assume that they
   would treat Austin's claims much more seriously than they deserved. Given
   everything the government did since June 2009 – including crackdowns on
   bloggers, arrests and intimidation of people working on proxies, and so
   forth – I don't think we made the wrong call by assuming the government's
   reaction to Haystack would be harsh. And that Austin marketed Haystack as a
   tool for high-value dissidents put its testers at risk regardless of whether
   they were dissidents. I think it only makes things worse.
   2.

   Whatever the original intentions of its founders, Haystack was
   presented/interpreted as an ideological project rather than just yet another
   censorship-circumvention tool. Austin did like to highlight the fact that
   the tool got a US government license and even some fast-tracking from the
   State Department and in many of his interviews – most notably in the now
   infamous 20-minute video interview with Aleks
Krotoski<http://www.guardian.co.uk/technology/video/2010/mar/21/austin-heap-haystacks>of
the Guardian – he almost seems to imply that it was instrumental
during
   the June 2009 protests. (There is also an implied association with the Neda
   video there as well – note the bit about citizen journalists using Haystack:
   “"[Haystack] gave [Iranians] a layer of protection that allowed a random
   person to be a citizen journalist without the risk of persecution, jail,
   torture, you know, whatever happens next.").

   My research into the government's response to the claims of a “Twitter
   Revolution” in Iran convinced me that any remote associations with
   facilitating it could be extremely damaging to one's safety. In Haystack's
   case Austin was willingly
jumping<http://www.salon.com/news/opinion/feature/2009/06/16/twitter_iran>on
the Twitter Revolution bandwagon, trying to present Haystack as a tool
   that made it possible. (That he had a well-publicized gig running proxies
   for Iran before Haystack – anyone remembers
ProxyHeap<http://webcache.googleusercontent.com/search?q=cache:Xn7ZVp3vs7gJ:proxyheap.austinheap.com/?testp=1+proxyheap&cd=10&hl=en&ct=clnk&client=firefox-a>,
   that other unique brand from the Heap Marketing Labs? - certainly did not
   help to dispel the myths).

   I am sure that if we conduct a global poll asking people: “Name one
   anti-circumvention technology that was crucial to the Green Movement in
   2009” - Haystack would come on top, if only because it got so much free
   publicity for doing so little. (BBC's The Virtual Revolution
documentary<http://www.bbc.co.uk/blogs/digitalrevolution/2010/02/virtual-revolution-episode-two.shtml>,
For
   Neda documentary<http://www.hbo.com/documentaries/for-neda/synopsis.html>,
   all the media mentions <http://www.censorshipresearch.org/press/>...) I
   know that these is not what the logs of the Green Movement's web-sites would
   say – but the Guardian et al never bothered to see those logs – and based on
   my own experience in the former Soviet Union, paranoid authoritarian
   governments tend to place much more faith in the professionalism of the
   Western media than anyone in the West. “If the Guardian said Haystack
   mattered in Iran, how could it be otherwise? In fact, Haystack probably
   mattered even more and the government-controlled Guardian is just covering
   it all up” - this is the kind of government logic I'm very familiar with.
   3.

   Censorship Research Center <http://www.censorshipresearch.org/>, the
   entity behind Haystack, had a board of advisers that can hardly be
   classified as dear friends of the Iranian regime. Karim
Sadjadpour<http://www.carnegieendowment.org/experts/index.cfm?fa=expert_view&expert_id=340>and
Abbas
   Milani <http://en.wikipedia.org/wiki/Abbas_Milani> are both well-known to
   the Iranian authorities and it would be silly to believe that their
   involvement with Haystack didn't help to confirm the government's fears that
   Haystack was more than just a circumvention tool. In fact, their involvement
   did make it seem that Haystack was part of some foreign ploy to subvert the
   regime by means of the Internet (see the quotes from the May 2010 Iran
   article I distributed to the list earlier – it does build its anti-Haystack
   argument based on the involvement by Milani and Sadjadpour.)

   Gary Sick <http://en.wikipedia.org/wiki/Gary_Sick> – the third member of
   the advisory board – is also hardly a neutral figure when it comes to Iran.
   Not only did he do multiple stints on the US National Security Council and
   write October
Surprise<http://en.wikipedia.org/wiki/October_surprise_conspiracy_theory#Gary_Sick>,
   but he also runs Gulf/2000 Project<http://en.wikipedia.org/wiki/Gulf/2000>,
   an academic mailing list that the Iranian government clearly sees as
   subversive and revolutionary. In fact, one of the ludicrous accusations made
   against Kian Tajbakhsh
<http://en.wikipedia.org/wiki/Kian_Tajbakhsh>during his 2009 trial was
that
   *his membership in Gary Sick's ACADEMIC mailing list – which is run out
   of that traditional hotbed of revolutionary activity, Columbia University –
   proved his connections to the
CIA*<http://www.nytimes.com/2009/10/21/world/middleeast/21iran.html>.
   Maybe it's just me but putting Gary Sick on Haystack's board and TWEETING
   ABOUT IT <http://twitter.com/crcorg/status/14455528038> while a bunch of
   Iranians were supposed to be testing this extremely insecure and incomplete
   piece of software in Iran seems extremely ill-thought. Nothing against Gary
   Sick– he's a great scholar – but we should also be fair: tools like Tor have
   successfully avoided the kind of politicization that Haystack deliberately
   created around itself.

   Are mailing lists illegal in Iran? I doubt it – and yet Kian has been
   locked up nevertheless. Thus, Mehdi's argument that circumvention tools are
   legal in Iran fails to convince me; some are clearly more legal than others.
   And as much as I'd like to believe in the ultimate perfection of Iran's
   legal system, I somehow can't, especially given the developments of the last
   15 months. While circumvention tools may be legal, espionage for the US
   clearly isn't – and I think that this is the charge that Haystack's testers
   were (are?) most likely to face. It's extremely sad but everything Austin
   did/said since June 2009 made Haystack testers appear much more like
   American spies rather than clueless testers of circumvention software and
   the composition of CRC's advisory board helped to legitimize Austin's
   outblown “we'll take this regime down!” claim. Haystack is actually a
   perfect case-study of how one can start with a purely technological project
   that has noble objectives and end up with something so politicized that it
   presents much more danger as an ideology than a piece of code.
   4.

   What has been completely ignored in the discussions about Haystack's
   security until now is that it's their on-the-ground distribution method – at
   least as it applied to one group of their testers – was as unsafe as its
   design. I'm curious as to why almost no one on this list has asked how
   Haystack was actually distributed to the Iranian testers: it certainly
   didn't drop from the sky in those 976 USB
sticks<http://www.haystacknetwork.com/donate/usbsticks/>that Austin
Heap collected from the trusting inhabitants of the Interwebs.

   So let me shed some light on this here, for in my investigation I found
   how at least one group of testers got access to it. Here is how it worked.
   Together with their intermediary based outside of Iran, the Haystack team
   had set up a Gmail account and created a draft message there, where they
   stored instructions/executable files for download by others. The log-in
   details were then distributed to the testers – and eventually reached me
   last week. Even though I personally did not log into that account as it
   would probably have been illegal, a person authorized to use the Gmail
   account confirmed that the password still worked and sent me the
   screenshots.

   There are many reasons why I think it was a bad idea to distribute
   Haystack that way – but the main one is that Gmail allows anyone with access
   to the inbox to track the IP addresses from which the account has been
   accessed in the past. That very Gmail account was accessed by NUMEROUS
   testers and I'm 100% sure that the Haystack team doesn't even know all of
   them, in part because they lost control over the distribution.

   Even though the feature was turned off when my source accessed it last
   week, I believe it's impossible to say conclusively if it always stayed that
   way (based on some internal correspondence between Austin and the testers,
   I've come to believe that this feature was on at least once.) Obviously, if
   there were even one compromised individual inside Haystack's testing
   network, that person would be able to track down the IP addresses of
   everyone who has ever logged into that inbox – ironically, with Google's
   help. Even assuming that this did not happen, it seems obvious that there
   are many better ways to distribute Haystack while protecting the security of
   other testers. My point here is that if we really want to start comparing
   Haystack to Tor or any other tools, we need to look beyond architecture and
   start looking at many other parts of the chain – and those parts so far have
   not been made transparent by Haystack...

 Given all this, I don't think that Jake and I made the wrong call in
publicizing our concerns about the risks that using Haystack posed to the
testers. I'm much more perturbed by the fact that Mehdi had a chance to test
Haystack a few weeks before us, had deep reservations about it, and chose
not to go public with them – as it seems now, because of some macro-level
concerns about the shifts in the US government's approach to funding
circumvention that the Haystack scandal may trigger.

Frankly, this makes me even more concerned about *the perverse incentives
and disincentives that the government's push towards promoting Internet
Freedom at all costs creates*. I understand that Mehdi had a conflicting set
of moral concerns – exposing Haystack for the fraud that it was on the one
hand and not harming the funding prospects for such tools in general on the
other hand. However, given the four arguments above, I think that conflict
was not so hard to resolve: he should have gone public about his concerns
with Haystack and – maybe – even send a copy to independent reviewers as
soon as he began having “serious concerns” about Haystack.

 Up until his several deconstruction” messages to the board, I was under the
impression that Mehdi simply didn't grasp the fact that Haystack was
insecure – this is what he himself told me on the phone when I interviewed
him. In his subsequent correspondence with the list, however, Mehdi clearly
states that he DID know that Haystack had major problems with security and
even informed Austin and Daniel about them...

To say that I'm confused at this point would be an understatement.
Essentially we are asked to believe that Mehdi – who knows the Iranian
political context far better than Jake or me (and has a PhD from
MIT<http://mitworld.mit.edu/speaker/view/1229>– okay, I know it's in
physics but still) – did not see how Haystack and
everything related to it– its advisory board, Heap's claims, crackdown on
proxies and everything connected to the mostly imaginary “Twitter
Revolution” – might be perceived/interpreted by the Iranian authorities...
Am I the only one who finds this hard to believe?

 If we have any such people on this list, I would genuinely like to have
experts on Iran to chime in here and opine on the odds that Haystack testers
are likely to be pigeonholed into “enemies of the state/American agents”
category rather than “circumvention geeks” category where Mehdi thinks they
clearly reside. Everything I've seen/read about Iran in the last 15 months
has convinced me that the odds that the former interpretation would become
dominant are considerably higher – especially given the media image that
Austin managed to build around Haystack. (E.g. Heap's meeting with John
McCain mentioned in the Newsweek
piece<http://www.newsweek.com/2010/08/06/needles-in-a-haystack.print.html>–
I'm just curious if McCain sang “Bomb,
bomb Iran<http://edition.cnn.com/POLITICS/blogs/politicalticker/2007/04/mccain-sings-bomb-bomb-iran.html>”
at that meeting? Sorry for the snark: but publicizing Heap's meetings with
the likes of McCain is just another way to get Haystack testers in
trouble...).

 I'd very very much like to be wrong on this one and hope that both me and
Jake are very poor students of Kremlinology as well as its application to
the Iranian context...So far, unfortunately, I haven't seen many arguments
that would convince me that we somehow overstated the risks...

Best,

Evgeny

 p.s. I'm also planning to post an edited version of this message to my FP
blog in hope of generating some broader public discussion about this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20100918/6c065b49/attachment.html>


More information about the liberationtech mailing list