Hackers fight for freedom with Net tech; ignore politics, psychology at their peril

by David Solomonoff

The temporary shutdown in Egypt of Internet and other telecommunication services, as well as similar interruptions in other Middle East countries experiencing large-scale protests and rebellions, has galvanized hackers and human rights activists as well as U.S. foreign policy makers. The consequences may be not be what anyone expected.

The technologies for secure, private, fault tolerant communication via the Internet exist but have not yet been widely implemented or bundled together in a single, user-friendly system.

Internet pioneer Vint Cerf was asked in a recent interview whether there was technical solution to a government shutdown of the Net. The Internet “is controllable by the government, [so] it’s possible to turn off the Internet,” he said. The solution, mesh networking “can be done without benefit of things like routers provided by Internet Service providers.”

Mesh networking makes each device on a network capable of routing data to any other device, with the ability to rapidly change paths in the event of an interruption or blockage.

A current project of Cerf’s, the Interplanetary Internet, designed to overcome the delays and interruptions to communications during space exploration, could also be adapted to handle a partial shutdown of Net communications by an authoritarian government during a political crisis.

Eben Moglen, a Columbia law professor and software freedom advocate, first proposed the Freedom Box – a tiny device that could provide private, secure, fault-tolerant Internet access using mesh networking – at an Internet Society of New York event in February 2010. He has since founded the Freedom Box Foundation, has some early prototype software and expects to have a fully working device available for under $100 in twelve months. Another project, diaspora, was inspired by Moglen’s proposal and is developing a more privacy-friendly alternative to Facebook. The Freedom Box and diaspora both use a decentralized, peer-to peer model for improved security and to give the user more control.

On February 15, Hillary Clinton’s gave her second annual Net Freedom Speech, which denounced the Egyptian government for it’s Net shutdown. The State Department now has a number of initiatives and grants for the development of Internet censorship circumvention technologies.

But governments often have different agendas and policies for different situations. Egyptian strongman Hosni Mubarek was viewed as a “force of moderation” before he became a “dictator” when the geopolitical winds shifted. As Clinton was making her speech, Wired reported that the FBI Pushes for Surveillance Backdoors in Web 2.0 Tools and an antiwar protestor in Clinton’s audience was roughed up when he turned his back to her. Would he have been unscathed if he had tweeted his protest?

Even with the best intentions, high-profile Internet freedom initiatives by nation-states can have unexpected consequences. Evgeny Morozov says of Clinton’s speeches:

Clinton went wrong from the outset by violating the first rule of promoting Internet freedom: Don’t talk about promoting Internet freedom.

The state of web freedom in countries like China, Iran, and Russia was far from perfect before Clinton’s initiative, but at least it was an issue independent of those countries’ fraught relations with the United States.

 

Today, foreign governments … are now seeking “information sovereignty” from American companies … Internet search, social networking, and even email are increasingly seen as strategic industries that need to be protected from foreign control.

The U.S military has developed open source software for secure, private communication on the Internet, however. The Tor project, which develops Tor, a tool for private, encrypted communication on the Internet, is used by many dissidents in authoritarian countries, as well as by Wikileaks, and was originally sponsored by the U.S. Naval Research Laboratory.

But not every such project has been as successful. The Haystack program, designed to help Iranian dissidents, actually endangered them because it was easily intercepted by the Iranian authorities due to flaws in its design. It received a huge amount of hype but the developer, Austin Heap, refused to allow security experts to examine it. Nonetheless, the U.S. Treasury Department granted Heap an Office of Foreign Assets Control license to export the software to Iran, in effect endorsing it. By the time it the software bugs became publicly known, the damage had been done.

Open source software advocate and cyberliberties activist Eric Raymond was also helping Iranian dissidents connect to the outside world at that time. He reflects:

… to protect your network, and yourself, you have to accept that you are going to have relatively little information about what your network partners are doing and what their capabilities are …. my rationally-chosen ignorance left me unable to form judgments about whether people in my network were lying to me. More subtly … it left me unable to form judgments about whether they were lying to themselves.

I don’t mean to excuse whatever lies Austin Heap may have told, but I do mean to suggest he may well have been his own first victim.

Open source software, where the inner workings of a program are available for public scrutiny, is essential when developing tools for secure communication in a highly insecure environment.

But open source is not a panacea. Take the case of  OpenBSD, an open source operating system bundled with thousands of applications, which has been optimized for security by a team of the world’s best security experts. OpenBSD is sponsored by a nonprofit foundation and many of the programmers volunteer their time.

At one point the U.S. Defense Advanced Research Project Agency (DARPA) gave OpenBSD a grant, then rescinded it when OpenBSD project leader Theo de Raadt made remarks critical of the Iraq war.

In December 2010, de Raadt received an email alleging the FBI had paid some OpenBSD ex-developers to insert backdoors into the software. He was skeptical but immediately made the email public and invited an independent review of the relevant program code. A few bugs were fixed but no evidence of a backdoor was found. So even though the allegations turned out to be false, they succeeded anyway – as a act of psychological warfare – by destroying trust in the OpenBSD project.

George Orwell said

… ages in which the dominant weapon is expensive or difficult to make will tend to be ages of despotism, whereas when the dominant weapon is cheap and simple, the common people have a chance …. A complex weapon makes the strong stronger, while a simple weapon–so long as there is no answer to it– gives claws to the weak.

At first it would seem that a social networking service like twitter, recently used by many protesters in the Middle East, would fit Orwell’s definition of a “simple weapon” that “gives claws to the weak”. But in fact the situation is much more ambiguous. Twitter is a for-profit corporation which must maintain large data centers and a complex infrastructure. And they are subject to many financial, legal and political pressures.

Internet freedom initiatives must be independent of political connotations, run on a decentralized infrastructure, and use technology that is subject to public review by security experts. Most importantly, users must have complete trust in the skills and integrity of the people providing those tools and services.

If they don’t the cure could prove worse than the disease.

Note: Wikipedia has a good list of other anti-censorship software.

Leave a Comment

Mideast protesters reject repressive regimes; remain tethered to tech they can’t control

by David Solomonoff

Protesters fed up with political repression, corruption and poverty (particularly recent food price inflation)  toppled the government of Tunisia. They threaten to do the same in other countries throughout the Mideast as pundits hail the “Twitter and Facebook revolution”. But repressive governments have as much compunction about shutting down communication services as they do about torturing dissidents.

Egypt has cut all Internet access and most mobile phone service as huge protests threaten to topple that government. For a while the ISP Noor remained online – largely because it connects the country’s Stock Exchange and many offices of foreign companies to the outside world. Noor has now been cut off as well.

Interestingly, Egypt and Tunisia have some of the largest percentages of the population online in Africa. Egypt’s Communications Minister, Tarek Kamel, was secretary and co-founder of the global Internet Society’s Egyptian Chapter (which is no longer active). He is still listed as a member of the Board of Trustees on the Internet Society’s website. The Internet Society has strongly denounced the Internet shutdown.

Kamel is widely recognized as the person who brought the Internet to Egypt. He has publicly supported the open development of the Internet. His bio on the Internet Society’s website states that in the early years of the development of the Internet in Egypt, “Kamel’s work extended into liberalization issues such as a tax reduction for ISPs as well as a government/private sector partnership to serve the Egyptian Internet community. He has actively participated in the establishment of community centers in remote areas to bring the Internet to the have-nots.” His role in the shutdown is unknown, although he wasn’t among the cabinet members removed in the shakeup of the Egyptian government in the wake of the protests.

Cutting off most communication with the outside world for an extended period would be economic suicide for any modern, developed country, but temporary interruption – long enough to kill or imprison a large number of protesters without too much visibility for squeamish foreign allies – is viable for a poor country ruled by an elite supported by gifts of military technology from wealthier countries.

The protesters vulnerability is relying on highly centralized communication networks and services while fighting an overly centralized political system. The younger ones probably don’t have any memory of being without mobile phones and the Internet and may have taken them for granted.

To succeed in the face of violent repression and the shutdown of Internet and phone service, they must quickly develop low-tech strategies that are as fast and flexible as the ones that have been lost.

Another approach is to build communication services that cannot be intercepted or shut down. Human rights activists and hackers are already starting to do it with combination of low-cost commodity hardware and free open source software:

  • Landlines still work in Egypt and a French ISP FDN offers free dialup Internet to Egyptians. Instructions to connect to foreign ISP’s via dialup with a mobile phone are also being circulated for those who can use them.
  • For Egyptians who are still able to use their mobile phones, there is Sukey, “a security-conscious news, communications and logistics support service principally for use by demonstrators during demonstrations.”
  • Tech entrepreneur Shervin Pishevar put a call out on Twitter for volunteers to help construct self-configuring unblockable mobile ad hoc networks to prevent government caused blackouts during future protests worldwide
  • We Rebuild, a Europe-based group working for free speech and an open Internet is developing non-Internet modes of communication, including amateur, shortwave and pirate radio as well as a fax gateway, to assist protesters and humanitarian relief efforts. Information on these efforts can be found on their Telecomix news site.
  • Remaining Internet activity is certainly being monitored. The Tor network of anonymous, encrypted proxies has seen a huge increase in Egyptian traffic.

Efforts like these could be the tipping point for the uprisings. In 1989 Czech student protesters received a gift of then state of the art 2400 baud modems from a mysterious man who may have been from the covert-operations wing of the Japanese embassy. Modems were illegal but most Czech police didn’t even know what they were. The students set up BBS systems to coordinate actions throughout the country and successfully overthrew the Soviet communist backed dictatorship.

If you think the problems people in Egypt have could never happen here, you might want to think again. In the U.S. the “Internet kill switch” bill in Congress would allow interruption of Internet services in a “national cyberemergency.” Senator Joe Lieberman, who introduced the bill in the Senate, has described the Internet as a “dangerous place” and promised the bill would protect against  “cyber terrorists”.

Some of our current political leaders, hanging on every word of their consultants and pollsters, and terrified of harsh criticism, might consider hostile online commentary more of an “emergency” than something trivial like say, a collision with an asteroid.

General Douglas MacArthur said, “No man is entitled to the blessings of freedom unless he be vigilant in its preservation.” Today that vigilance means learning to build and modify the technology that we use rather than being passive consumers of it.

Comments (4)