lbeck's blog

A Bill of Rights for the Internet: Brazil Leads the Way

Brazil's House of Representatives commemorating the adoption of the Marco Civil

Late yesterday, Brazil’s House of Representatives passed the Marco Civil, a bill aimed at guaranteeing civil rights in the use of the Internet in Brazil. Specifically, it aims to protect privacy rights, net neutrality, safeharbors for internet service providers and online service providers, open government, and setting forth that access to the internet is a requisite to the exercise for civic rights.

The drafting of the Civil Marco Internet in Brazil began in 2009 through a collaborative effort between the Office of Legislative Affairs of the Ministry of Justice, in partnership with the School of Law of the Rio de Janeiro at the Getulio Vargas. Citizen feedback on this bill (between November 2009 and June 2010) was received through social media by more than 2000 contributions of internet users across the country. (More here about the process). READ MORE »

Will Mobile Phone Security Always Be An Oxymoron?


Is true mobile phone security a lost cause? With the increasing popularity of mobile messaging applications with weak security practices, the escalation of sim card registration requirements, and the nearly antiquated legal definitions of the ways that mobile phones are used by citizens, securing mobile phone communications is a multi-faceted problem.

I’ve done mobile security trainings for a number of years now. And one of the biggest challenges that emerges with thinking through mobile security is all of the different areas where threats can emerge: the technical infrastructure of GSM networks, the personal information that’s needed to obtain a sim card, the location tracking capabilities of phones, and the list goes on.

During RightsCon, I had the opportunity to chat with the following rockstars about the current state of mobile security and what can be done to make improvements:

Alix Dunn, Creative Lead at The Engine Room  

Bryan Nunez, Technology Manager at The Guardian Project

Carly Nyst, Legal Director at Privacy International

Chris Tuckwood of The Sentinel Project

Craig Vachon, VP Corporate Development at Anchor Free

Pablo Arcuri, Chief of Party at Internews

Oktavía Jónsdóttir, Program Director at IREX

Rory Byrne, Founder and CEO at Security First


Why China's Internet Outage is a Big Deal

Last week, many of China’s major websites were inaccessible for nearly 24 hours to Chinese internet users. Chinese users trying to reach a range of websites ending in .com were re-routed instead to an IP address owned by Dynamic Internet Technology, which is the provider of the circumvention tool Freegate. DIT has been closely affiliated with the Falun Gong, a religious organization banned in China., which examines Chinese censorship, has a detailed report investigating this outage, illuminating that all attempts within China to visit popular websites such as Sina Weibo, Baidu, etc. would be incorrectly re-routed to (an IP address in Wyoming).

While state news agency Xinhua raised the possibility of hacking, and CNNIC attributed the breakdown to a "root server for top-level domain names", others blame the breakdown on a failure of the Great Firewall. As Chinese internet censorship expert Xiao Qiang states to Reuters, "It all points to the Great Firewall, because that's where it can simultaneously influence DNS resolutions of all the different networks (in China). But how that happened or why that happened we're not sure. It's definitely not the Great Firewall's normal behavior."

Proper implementation of a DNS to match the domain name and the IP address of a website or web service is critical to ensuring that the Internet functions properly. As GreatFire points out, DNS poisoning, or hijacking of DNS routing to send a visitor to an incorrect domain name or IP address, is a technique deployed by the Great Firewall to render ‘blacklist’ websites inaccessible. READ MORE »

The Story of a Software Audit

TrueCrypt logo

Auditing of software of both the license and the source code is nothing new, especially of tools that are new to the digital security plethora of tools. But what about software whose use is widely recommended, but where little is known about the licensing decisions and the differences between original code and platform-specific applications? This is the impetus for the audit of the encryption software TrueCrypt.

TrueCrypt allows you to create an encrypted container on your computer's hard drive to store sensitive files, that to the untrained eye, appear like any other file you might find on a user’s computer.  TrueCrypt storage “volumes” are typically made to look like a large video file (and hey, we even have a tutorial on how to make one that actually plays part of a video).

Despite being an open-source licensed project, there are legal and technical limitations to its openness.

While TrueCrypt’s source code is publicly available, the binaries (what makes TrueCrypt function without any installation process), are not. This matters because use of these binaries could potentially have security flaws that are unknown and unfixed. As cryptographer Matthew Green points out, the majority of TrueCrypt users only run and install it through the binaries, and while the source code sems trustworthy, it’s unclear if the binaries are.   READ MORE »

An App That Spotlights Your Risks

Panic Button Logo

Earlier this month, I had the opportunity to participate in an event to determine how human rights defenders might approach an emergency alert mobile app given their diverse risks, and to ensure that activists first consider their risks before adopting such a tool.

The following is a summary of this event, written by Alix Dunn of the Engine Room and Libby Powell of Radar. 

How can an app developer make sure that an app doesn’t do more harm than good? For Amnesty International, that question could be one of life or death for human rights defenders using their new Panic Button app. READ MORE »

Is Tech a Scapegoat for Political FOIA Failures?

"Public access to information is democratic aspiration still to be fulfilled."  This insight comes from CIMA’s new report, Breathing Life into Freedom of Information Laws: The Challenges of Implementation in the Democratizing World. Evaluating case studies from Albania, Armenia, Indonesia, Jamaica, South Africa, and Ukraine, the report lists the following recommendations to improve upon existing Freedom of Information (FOI) legislation:

  • Officials of national and local governments who are responsible for responding to citizens’ requests for information must be properly organized, trained, funded, and protected.

  • Because government touches everything, a FOI law should touch everything.

  • It should be recognized that a FOI law is most important to average citizens at the local government level.

  • Many FOI laws are based on a presumption of access, stating that government records are accessible with certain exceptions; the exceptions should be based on the likelihood of harm that could arise as a result of disclosure.

  • The law should not require that government officers, employees, or agencies go to unreasonable lengths to accommodate applicants.

Taking the "Social" and "Media" out of "Social Media"

Image courtesy of NamViet News

Early this summer, the Wall Street Journal published a widely-circulated article on the increasing restrictions to free speech online. South East Asia continues to be a region where internet freedom is under threat.

The most notable case is in Vietnam, where the draconian Decree 72 has been implemented. (More details on other restrictions in Vietnam can be found here). According to the decree, “[A] personal information webpage is a webpage created by individual on their own or via a social network. This page should be used to provide and exchange information of that individual only; it does not represent other individual or organization, and is not allowed to provide compiled information.” This law has severe implications for any journalists, academics, and others who seek to share work accomplished by others. In addition, the decree requires all foreign websites to include at least one server in Vietnam, so that the data stored on those servers can be accessed by local authorities. READ MORE »

Internet for All?

What would the world look like if every citizen had access to affordable internet? That’s a question attempting to be solved by, a joint effort by Facebook, Ericsson, MediaTek, Nokia, Opera, Qualcomm and Samsung, that aims to “make internet access available to the two-thirds of the world who are not yet connected, and to bring the same opportunities to everyone that the connected third of the world has today.” READ MORE »

Internet Freedom in Vietnam


Internet freedom has been under threat in Vietnam for some time. The most recent action to repress free speech online is in the form of “Decree 72”, a legislation which requires Internet companies to cooperate with the Vietnamese government to enforce prohibition of: opposing the " the Socialist Republic of Vietnam," undermining "the grand unity of the people", damaging 'the prestige of organizations and the honour and dignity of individuals”, and other ambiguously worded means to express oneself online.

This decree also applies to “organization/individuals inside and outside Vietnam, directly/indirectly involved in managing/providing Internet services and information, and online games, ensuring information safety.” The decree was adopted on July 15th of this year, and will come into force on September 1st. The decree has largely been condemned by human rights organizations and internet industry operating in Vietnam. READ MORE »

Animating Digital Security

Digital security can be quite challenging for activists working in conflict zones or similarly difficult environments. The SKeyes Center for Media and Cultural Freedom has produced the "Journalist Survival Guide", a series of animated videos aiming to provide journalists and citizen journalists operating in dangerous zones with the most essential recommendations on how to protect their physical and online safety. 

Our favorite videos include "How to Protect your Computer against Hacking and Malware" ... well as "How to Get a Secure Internet Connection". 


Want to see more? All videos as well as accompanying scripts are available in English and Arabic. Enjoy!

This Month's Global Online Censorship Round-Up

While news of NSA and GCHQ surveillance continues to dominate the news, there are plenty of other countries that use legal and judicial means to justify online censorship and surveillance. Internet freedom is backsliding in these countries:  READ MORE »

PRISM Shedding too much Light on Your Communications? Tips for More Digi-Sec!


If your Twitter client didn't explode with the news about PRISM, here are the highlights, courtesy of the Washington Post:

An internal presentation on the Silicon Valley operation, intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 articles last year. According to the briefing slides, obtained by The Washington Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.

The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.

Dropbox, the cloud storage and synchronization service, is described as “coming soon.” READ MORE »

Someone recovered your deleted pictures? *OH SNAP!*

Snapchat Logo

Wish there wasn't evidence of those drunken college photos? Or, pics of something that could be career-ending

Enter Snapchat, an app available on iOS and Android that allows users to take a photo, send it to a friend, and is deleted after 10 seconds. (It's so easy, even Stephen Colbert can do it). Sounds pretty great, right?


Snapchat photos appear to live "beyond the grave" in the memory of smartphones (perhaps making the Ghost logo all the more appropriate). 

Decipher Forensics recently investigated if Snapchat photos actually are deleted, or if the image and any associated metadata with such photos can be recovered. Report author  used two Android devices to send and receive Snapchat photos, and found that: READ MORE »

Bridge Into an Uncensored Internet

Tor (incognito)

Elections and other political events can be a time in less transparent environments when there is increased internet monitoring and censorship. With notable elections coming up in the next few months, particularly in countries with a history of internet monitoring and filtering, utilizing circumvention technologies ahead of these events become extremely important. Circumvention technologies enable you to route your internet connection to an IP address outside of your country, allowing you to view otherwise filtered content. One of the best circumvention technologies is Tor

However, in countries such as Iran and China, known Tor IP addresses (or "relays") had been intermittently blocked in the past, making it unusable. Expanded use of capabilities such as Deep Packet Inspection have even made it possible for some regimes to determine if internet traffic is being routed through Tor.  READ MORE »

Gone FinFishing

Gamma International

The minds at Citizen Lab are at it again: detailing how surveillance software developed by Gamma International is being implemented by countries around the world to target the work of pro-democracy groups

We preciously reviewed their report on Blue Coat, a U.S.-based company whose firewall and web filtering products have ended up in Syria, Burma, and other countries with a history of internet surveillance and censorship. READ MORE »

Plugging in from Pyongyang

Image courtesy of AP cameraman David Guttenfelder's Instagram

UPDATE:  According to Koryo Tours, the only group that is currently sanctioned to bring foreigners into North Korea, "3G access is no longer available for tourists to the DPRK. Sim cards can still be purchased to make international calls but no internet access is available." Now, the only foreigners with 3G access will be permanent residents of the DPRK, not tourists.  


Originally published February 28, 2013

This week, foreigners living in North Korea were able to connect to 3G services on their mobile devices and tablets. Koryolink (a joint venture between state-owned KPTC and Egyptian provider Orascom) informed foreign residents in Pyongyang that it will launch 3G mobile Internet service no later than March 1.

This newly-available access follows the reversal of regulations requiring visitors to surrender their phones at customs, and has been replaced with allowing foreigners to bring in their own mobile phones to use with Koryolink SIM cards.

Some have speculated that 3G access follows the highly publicized visit from Google CEO Eric Schmidt; however, Koryolink has stated the new service had “nothing to do” with his trip, and the carrier had "tried hard to negotiate with the Korean security side, and got the approval recently." READ MORE »

The Cost of Openness

Myanmar used to have one of the highest costs for SIM cards in the world. However, after the 2011 election and subsequent efforts to open up Burma to the international community, prices for SIM cards have drastically dropped.

Quartz just published its findings on the decline of SIM cards prices, which have become vastly more affordable to average citizens in recent years:


Traversing Planet Blue Coat

Planet Blue Coat

Our trusted friends, the researchers at Citizen Lab recently published Planet Blue Coat, a report detailing the extent to which U.S.-manufactured network surveillance and content filtering technologies are used to facilitate repression against journalists, human rights activists, and other pro-democracy groups.

This is not a new problem. Software developed by Western countries to filter web-hosted content or otherwise obtain data from internet users without their knowledge and consent has been a serious issue for over a decade. It first emerged in China where Cisco Systems sought lucrative business opportunities with China's Golden Shield project, more commonly known as the Great Firewall of China. In recent years, similar technologies have emerged in repressive regimes throughout the Middle East, such as censoring and monitoring technologies in pre-revolutionary Tunisia and in Syria, as well as in closed societies such as Burma. READ MORE »

Tech4Dem in Myanmar

Aung San Suu Kyi speaking at the 2012 Barcamp Yangon

Times are changing in Burma. The by-elections in April resulted in the NLD winning 43 out of 44 contested seats, removal of the press restrictions that require journalists to submit articles to the Press Scrutiny and Registration Department prior to publication, and the historic visit of President Obama to Myanmar (the first time a sitting president has visited the country). 

Access to ICTs in Burma has historically been challenging. Throughout the country, there is low internet and mobile penetration. There were significant cost barriers to gaining access to basic technologies like sim cards (which can cost up to $900), and constant efforts to censor content and strike fear in activists through draconian telecommunications regulations.

This time of change has also reached the technology sector in Burma. The price of sim cards has dropped, the censorship of popular online news outlets such as the Irrawaddy and Mizzima News has been lifted, and use of Facebook has grown incredibly throughout the country.  READ MORE »

Better Use of Tech for 2013

Need help?

New Year, new beginnings. The beginning of 2013 is a great time to try new ideas and improve upon existing projects. In this week's Monday Round-Up, we've collected a set of guides and resources that can help meet your resolutions to build your tech expertise:

More than a Like: Creating Facebook Pages with Impact

A Guide with Impact

While creating a Facebook page or group may be easy, maintaining and gaining meaningful impact can be difficult. The folks at Social Media Exchange (SMEX) recently published "Creating Facebook Pages with Impact: A Guide for Arab Civil Society Organizations", which breaks down several important components of a successful Facebook-based campaign or initiative. The main audience for this guide is MENA region-based organizations (Arabic language guide is here), but there are several lessons that can be applied to other regions where Facebook is the most popular social media platform. 

The topics include:

  • Get to Know Facebook & Get Inspired
  • Lay Your Foundation
  • Assemble Your Team
  • Pinpoint Your Destination & Identify Who Can Help You Get There
  • Plan and Produce Your Content
  • Develop Interaction Guidelines
  • Publish & Promote Your Page
  • Monitor Your Page Performance with Insights
  • Survey Your Success, Tweak, and Do It All Over Again
  • 6 Tips For a Secure Facebook Page


Maps, Texts, and Video, Oh My! Following the road to crisis response and good governance through technology


As technology closes the time between when events happen and when they are shared with the world, understanding what approaches and tools are the best solutions to implement in crisis response and good governance programs is increasingly important. During the “Technology for Crisis Response and Good Governance” course, which I took earlier this month offered by TechChange at GW, our class was able to simulate different scenarios of how such tools can be used effectively.

The first simulation we did was on how to use FrontlineSMS and Crowdmap to track and respond to incidents in the event of a zombie apocalypse. Each team was responsible for managing FrontlineSMS, mapping incidents and other information on Crowdmap, and going into the field to get more information and verify reports. Management of the incoming data at this point becomes the highest priority. Designating specific responsibilities to different individuals, and determining how to categorize data (reports to be mapped, questions to be answered by other officials, overly panicked individuals, etc.) helps to more efficiently handle processing a large amount of information during a short timeframe. READ MORE »

In Hong Kong, Does "Change Begin with a Single Step"?


This is a guest post from David Caragliano, NDI's Senior Program Officer on the Asia team in D.C. You can follow up with David on Twitter.

Citizen participation in Hong Kong is on the rise, but the results of the September 9 legislative council (LegCo) election and the March 25 chief executive election do not fully capture the nature of citizen participation. Voter turnout on September 9 stood at 53 percent – just two percentage points under the historical record in 2004. Public outrage at the candidacy of Chief Executive C.Y. Leung and his push to require Moral and National Education (MNE) courses in Hong Kong schools has been difficult to ignore. However, under Hong Kong’s complex electoral system, political parties have tended to be unresponsive. Civil society has driven political messaging and mobilization, increasingly through online tools.

The candidacy of C.Y. Leung in chief executive election generated frustration among Hong Kong’s voters. His victory only reaffirmed the reality that fifteen years after the Handover a small circle of elites continue to monopolize the chief executive selection process.  What if the Hong Kong people could directly elect their chief executive? READ MORE »

Are Hashtags Enough?

Stop 114A and Jordan Web Blackout

The twitterverse is no stranger to hashtag-calls-for-action, spanning from #free an arrested activist to #stop a particular piece of legislation from moving forward. The most well-known example of a hashtag campaign was the one to stop SOPA and PIPA legislations in the United States. Despite the lack of coverage of these proposed laws on traditional media, mobilization spurred through social media was effective to build a full-on campaign that ended up stopping the passage of this legislation. Recently, NGOs and other civil society actors have been trying to capitalize on this success to try and stop the passage of other internet-restrictive laws, such as in Malaysia (#Stop114A) and in Jordan (#BlackoutJo).

While the revisions to section 114a in Malaysia’s Evidence Act and the proposed amendment to the Press and Publication Law in Jordan are alive and well, the online mobilizations to stop them can still teach us some valuable lessons in use of social media in the campaigns. READ MORE »

One Small Step for Burmese Journalists, One Giant Step for Burma?

Burmese journalists protest press restrictions. (Photo courtesy of The Guardian.)

It's hard to overstate the relationship between a free, fair press and an open, democratic society. And in Myanmar, long known for having one of the most repressive and censorious regimes in the world when it comes to free expression, there's a small ray of hope this week for journalists and democracy activists alike - not to mention Burmese citizens. This week the Burmese government lifted substantial press restrictions by eliminating the requirement that journalists submit articles to the Press Scrutiny and Registration Department prior to publication. This announcement is the latest development in efforts to expand freedom of expression and political rights in the country: revocation of earlier suspensions for two weekly magazines was successful following protests two weeks ago, and this morning, the National League for Democracy (NLD) was able to open a party office in Naypyitaw. READ MORE »

Syndicate content