Search Mailing List Archives
[liberationtech] Deconstructing Mehdi Yahyanejad's "deconstruction of the security risks narrative of Haystack"
evgeny.morozov at gmail.com
Sat Sep 18 13:44:10 PDT 2010
I know that the subject I chose for this new threat may immediately suggest
otherwise but I do feel that we are making genuine progress on this list –
not least because of Mehdi's several messages where he criticized what he
believes to be outblown claims made about the risks experienced by
Haystack's testers in Iran.
Here is how I understand his argument:
Mehdi had known that Haystack didn't have the goods much earlier than the
rest of us and had evidence to prove it
Mehdi thinks that the use of circumvention tools – even if the latter are
insecure – presents no major risks to users in Iran and that the use of
Haystack, despite its design flaws, shouldn't be seen as different from the
use Tor or Freegate. Some of these tools are better than others -and
Haystack was somewhere on the lower end.
Unlike me and Jake Appelbaum, Mehdi chose not to take his concerns public
for fear that some kind of a scandal may ensue, thus jeopardizing future
funding/support of circumvention in general.
As I already mentioned on this list, I think Mehdi's is a very important
argument that this mailing list and the wider community beyond it need to
Some of what I write below has already been said in response to Mehdi's
original message but for the sake of clarity I would like to reiterate it
here nevertheless. The debate that Mehdi has broached does risk pushing us
towards engaging in a bit of Iran-inspired Kremlinology – e.g. statements
like “I can predict the Iranian government's reaction to Haystack better
than you ever can!” are probably inevitable – but I think it's a price worth
paying for having such a debate.
Here is my best attempt to elucidate four main arguments as to why
Haystack's Iranian testers were at risk:
Austin Heap made more claims about Haystack's awesome capabilities than
all other circumvention tools put together, presenting Haystack as something
genuinely new and dangerous. Were one to treat all those statements
seriously, it would appear that Haystack is something that the Superman and
Batman produced in their garage in their spare time and thus needs be
watched very closely. On top of this, Haystack never released its code,
making it impossible for the Iranian government – or anyone else – to verify
how well Austin's claims matched the reality. Given the well-known tendency
of the Iranian government to see conspiracy theories even in basic laws of
physics, I don't think it was so unreasonable for us to assume that they
would treat Austin's claims much more seriously than they deserved. Given
everything the government did since June 2009 – including crackdowns on
bloggers, arrests and intimidation of people working on proxies, and so
forth – I don't think we made the wrong call by assuming the government's
reaction to Haystack would be harsh. And that Austin marketed Haystack as a
tool for high-value dissidents put its testers at risk regardless of whether
they were dissidents. I think it only makes things worse.
Whatever the original intentions of its founders, Haystack was
presented/interpreted as an ideological project rather than just yet another
censorship-circumvention tool. Austin did like to highlight the fact that
the tool got a US government license and even some fast-tracking from the
State Department and in many of his interviews – most notably in the now
infamous 20-minute video interview with Aleks
the Guardian – he almost seems to imply that it was instrumental
the June 2009 protests. (There is also an implied association with the Neda
video there as well – note the bit about citizen journalists using Haystack:
“"[Haystack] gave [Iranians] a layer of protection that allowed a random
person to be a citizen journalist without the risk of persecution, jail,
torture, you know, whatever happens next.").
My research into the government's response to the claims of a “Twitter
Revolution” in Iran convinced me that any remote associations with
facilitating it could be extremely damaging to one's safety. In Haystack's
case Austin was willingly
the Twitter Revolution bandwagon, trying to present Haystack as a tool
that made it possible. (That he had a well-publicized gig running proxies
for Iran before Haystack – anyone remembers
that other unique brand from the Heap Marketing Labs? - certainly did not
help to dispel the myths).
I am sure that if we conduct a global poll asking people: “Name one
anti-circumvention technology that was crucial to the Green Movement in
2009” - Haystack would come on top, if only because it got so much free
publicity for doing so little. (BBC's The Virtual Revolution
all the media mentions <http://www.censorshipresearch.org/press/>...) I
know that these is not what the logs of the Green Movement's web-sites would
say – but the Guardian et al never bothered to see those logs – and based on
my own experience in the former Soviet Union, paranoid authoritarian
governments tend to place much more faith in the professionalism of the
Western media than anyone in the West. “If the Guardian said Haystack
mattered in Iran, how could it be otherwise? In fact, Haystack probably
mattered even more and the government-controlled Guardian is just covering
it all up” - this is the kind of government logic I'm very familiar with.
Censorship Research Center <http://www.censorshipresearch.org/>, the
entity behind Haystack, had a board of advisers that can hardly be
classified as dear friends of the Iranian regime. Karim
Milani <http://en.wikipedia.org/wiki/Abbas_Milani> are both well-known to
the Iranian authorities and it would be silly to believe that their
involvement with Haystack didn't help to confirm the government's fears that
Haystack was more than just a circumvention tool. In fact, their involvement
did make it seem that Haystack was part of some foreign ploy to subvert the
regime by means of the Internet (see the quotes from the May 2010 Iran
article I distributed to the list earlier – it does build its anti-Haystack
argument based on the involvement by Milani and Sadjadpour.)
Gary Sick <http://en.wikipedia.org/wiki/Gary_Sick> – the third member of
the advisory board – is also hardly a neutral figure when it comes to Iran.
Not only did he do multiple stints on the US National Security Council and
but he also runs Gulf/2000 Project<http://en.wikipedia.org/wiki/Gulf/2000>,
an academic mailing list that the Iranian government clearly sees as
subversive and revolutionary. In fact, one of the ludicrous accusations made
against Kian Tajbakhsh
<http://en.wikipedia.org/wiki/Kian_Tajbakhsh>during his 2009 trial was
*his membership in Gary Sick's ACADEMIC mailing list – which is run out
of that traditional hotbed of revolutionary activity, Columbia University –
proved his connections to the
Maybe it's just me but putting Gary Sick on Haystack's board and TWEETING
ABOUT IT <http://twitter.com/crcorg/status/14455528038> while a bunch of
Iranians were supposed to be testing this extremely insecure and incomplete
piece of software in Iran seems extremely ill-thought. Nothing against Gary
Sick– he's a great scholar – but we should also be fair: tools like Tor have
successfully avoided the kind of politicization that Haystack deliberately
created around itself.
Are mailing lists illegal in Iran? I doubt it – and yet Kian has been
locked up nevertheless. Thus, Mehdi's argument that circumvention tools are
legal in Iran fails to convince me; some are clearly more legal than others.
And as much as I'd like to believe in the ultimate perfection of Iran's
legal system, I somehow can't, especially given the developments of the last
15 months. While circumvention tools may be legal, espionage for the US
clearly isn't – and I think that this is the charge that Haystack's testers
were (are?) most likely to face. It's extremely sad but everything Austin
did/said since June 2009 made Haystack testers appear much more like
American spies rather than clueless testers of circumvention software and
the composition of CRC's advisory board helped to legitimize Austin's
outblown “we'll take this regime down!” claim. Haystack is actually a
perfect case-study of how one can start with a purely technological project
that has noble objectives and end up with something so politicized that it
presents much more danger as an ideology than a piece of code.
What has been completely ignored in the discussions about Haystack's
security until now is that it's their on-the-ground distribution method – at
least as it applied to one group of their testers – was as unsafe as its
design. I'm curious as to why almost no one on this list has asked how
Haystack was actually distributed to the Iranian testers: it certainly
didn't drop from the sky in those 976 USB
Heap collected from the trusting inhabitants of the Interwebs.
So let me shed some light on this here, for in my investigation I found
how at least one group of testers got access to it. Here is how it worked.
Together with their intermediary based outside of Iran, the Haystack team
had set up a Gmail account and created a draft message there, where they
stored instructions/executable files for download by others. The log-in
details were then distributed to the testers – and eventually reached me
last week. Even though I personally did not log into that account as it
would probably have been illegal, a person authorized to use the Gmail
account confirmed that the password still worked and sent me the
There are many reasons why I think it was a bad idea to distribute
Haystack that way – but the main one is that Gmail allows anyone with access
to the inbox to track the IP addresses from which the account has been
accessed in the past. That very Gmail account was accessed by NUMEROUS
testers and I'm 100% sure that the Haystack team doesn't even know all of
them, in part because they lost control over the distribution.
Even though the feature was turned off when my source accessed it last
week, I believe it's impossible to say conclusively if it always stayed that
way (based on some internal correspondence between Austin and the testers,
I've come to believe that this feature was on at least once.) Obviously, if
there were even one compromised individual inside Haystack's testing
network, that person would be able to track down the IP addresses of
everyone who has ever logged into that inbox – ironically, with Google's
help. Even assuming that this did not happen, it seems obvious that there
are many better ways to distribute Haystack while protecting the security of
other testers. My point here is that if we really want to start comparing
Haystack to Tor or any other tools, we need to look beyond architecture and
start looking at many other parts of the chain – and those parts so far have
not been made transparent by Haystack...
Given all this, I don't think that Jake and I made the wrong call in
publicizing our concerns about the risks that using Haystack posed to the
testers. I'm much more perturbed by the fact that Mehdi had a chance to test
Haystack a few weeks before us, had deep reservations about it, and chose
not to go public with them – as it seems now, because of some macro-level
concerns about the shifts in the US government's approach to funding
circumvention that the Haystack scandal may trigger.
Frankly, this makes me even more concerned about *the perverse incentives
and disincentives that the government's push towards promoting Internet
Freedom at all costs creates*. I understand that Mehdi had a conflicting set
of moral concerns – exposing Haystack for the fraud that it was on the one
hand and not harming the funding prospects for such tools in general on the
other hand. However, given the four arguments above, I think that conflict
was not so hard to resolve: he should have gone public about his concerns
with Haystack and – maybe – even send a copy to independent reviewers as
soon as he began having “serious concerns” about Haystack.
Up until his several deconstruction” messages to the board, I was under the
impression that Mehdi simply didn't grasp the fact that Haystack was
insecure – this is what he himself told me on the phone when I interviewed
him. In his subsequent correspondence with the list, however, Mehdi clearly
states that he DID know that Haystack had major problems with security and
even informed Austin and Daniel about them...
To say that I'm confused at this point would be an understatement.
Essentially we are asked to believe that Mehdi – who knows the Iranian
political context far better than Jake or me (and has a PhD from
MIT<http://mitworld.mit.edu/speaker/view/1229>– okay, I know it's in
physics but still) – did not see how Haystack and
everything related to it– its advisory board, Heap's claims, crackdown on
proxies and everything connected to the mostly imaginary “Twitter
Revolution” – might be perceived/interpreted by the Iranian authorities...
Am I the only one who finds this hard to believe?
If we have any such people on this list, I would genuinely like to have
experts on Iran to chime in here and opine on the odds that Haystack testers
are likely to be pigeonholed into “enemies of the state/American agents”
category rather than “circumvention geeks” category where Mehdi thinks they
clearly reside. Everything I've seen/read about Iran in the last 15 months
has convinced me that the odds that the former interpretation would become
dominant are considerably higher – especially given the media image that
Austin managed to build around Haystack. (E.g. Heap's meeting with John
McCain mentioned in the Newsweek
I'm just curious if McCain sang “Bomb,
at that meeting? Sorry for the snark: but publicizing Heap's meetings with
the likes of McCain is just another way to get Haystack testers in
I'd very very much like to be wrong on this one and hope that both me and
Jake are very poor students of Kremlinology as well as its application to
the Iranian context...So far, unfortunately, I haven't seen many arguments
that would convince me that we somehow overstated the risks...
p.s. I'm also planning to post an edited version of this message to my FP
blog in hope of generating some broader public discussion about this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech