Last friday I was gatecrashing the Investigative Reporters and Editors Computer-Aided Reporting conference up in Baltimore. Super cool conference; I’ll write it up more generally later. I was asked to share a bit about NDI’s perspective from the field on how we work with political activists and citizen journalists to be aware of the risks they face when using the internet for organizing or communications.
Sometimes in life it’s hard to know what to say (a buddy’s unsuitable engagement, a breakup convo, comments on a friend’s poor artistic performance) and one of them for me are 10-minute digital security discussions. You can’t dive into the details of a complicated tool like GPG. You can scare the pants off of them, but playing dead is not a valid defense mechanism online. So we tag-teamed it. Susan started things off with a quick “how the internet works” - and therefore where you can be attacked - while Jennifer focused on some core software of use in newsrooms like Tor, password managers and Cryptocat.
I decided to take a slightly different tack and talk about really boring stuff. Seems like a presentation winner, right? READ MORE »
Last week, many of China’s major websites were inaccessible for nearly 24 hours to Chinese internet users. Chinese users trying to reach a range of websites ending in .com were re-routed instead to an IP address owned by Dynamic Internet Technology, which is the provider of the circumvention tool Freegate. DIT has been closely affiliated with the Falun Gong, a religious organization banned in China.
GreatFire.org, which examines Chinese censorship, has a detailed report investigating this outage, illuminating that all attempts within China to visit popular websites such as Sina Weibo, Baidu, etc. would be incorrectly re-routed to 220.127.116.11 (an IP address in Wyoming).
While state news agency Xinhua raised the possibility of hacking, and CNNIC attributed the breakdown to a "root server for top-level domain names", others blame the breakdown on a failure of the Great Firewall. As Chinese internet censorship expert Xiao Qiang states to Reuters, "It all points to the Great Firewall, because that's where it can simultaneously influence DNS resolutions of all the different networks (in China). But how that happened or why that happened we're not sure. It's definitely not the Great Firewall's normal behavior."
Proper implementation of a DNS to match the domain name and the IP address of a website or web service is critical to ensuring that the Internet functions properly. As GreatFire points out, DNS poisoning, or hijacking of DNS routing to send a visitor to an incorrect domain name or IP address, is a technique deployed by the Great Firewall to render ‘blacklist’ websites inaccessible. READ MORE »
China leads the way when it comes to controlling online content. A push to counteract messaging that differs from “official” interpretation of events has spurred a wave of crackdowns that started in August, publically justified by the government as preventing the spread of online "rumors”.
Authorities have escalated their campaign against "cybercrime,” designed to prevent “hearsay” and “gossip” from spreading rapidly online, culminating in the arrests of hundreds of activists.
Prominent activist Murong Xuecun in a NYT op-ed stated that, “the vast state censorship apparatus works hard to keep us down. But posts race through Weibo so quickly that it’s difficult to control them with technology. Hence, the government is resorting to detainment.”
Chinese authorities utilize a number of methods for exorcising “bad” speech in its online communities. For over a decade, the government has been employing a task force to publish regime-friendly comments online in an effort to manipulate public opinion. This force has become known as the 50 Cent Army, which pays homage to the rumored 50 cents of Renminbi paid per comment (though in a rare moment of transparency, the government budgets have listed “Internet opinion analysts” as official occupations, most notable at the China Employment Training Technical Instruction Center). In 2012, real name registration came into effect -- requiring web users to register their given name and national identification name with provider sites before posting comments.
The “campaign against cybercrime” has reached new heights in targeting those “perpetrate rumours” in China’s online communities. This provision has paved the way for mass arrests of outspoken netizens across the country, including the Big V’s-- microbloggers known for online activism. An August 24th editorial stated that popular bloggers who “poison the online environment” should be “dealt with like rats scurrying across the street that everyone wants to kill.”
Arrests have also spread amongst China’s Uighur population. July and August were marked by a government movement against “religious extremist content on the internet” in the Xinjiang province. Fearing a militant, religious uprising, police arrested 139 people for spreading “jihadist” sentiments and posting religious content online, according to state-run media.
There is a new report by Hibah Hussein, a researcher at the New America Foundation that sharply critiques the lack of privacy and security considerations in mobiles-for-development projects. As readers of this blog know, mobile phones are proliferating as a communications and information delivery channel in international development - in health care projects, those focused on economic development and livelihoods, and also in social accountability and transparency work. We here at NDI have certainly extensively used mobile phones in systematic election monitoring, for citizen outreach and delivering civic information, and for citizens to hold their elected officials accountable.
But, as Hussein poses, mobile phones are inherently insecure channels easily surveilled and monitored by design (after all, telcoms charge by usage and thus watch closely what you do), poorly regulated if at all with meaingful privacy protections in most developing countries, and thus inherently subject to deliberate or inadvertent privacy and security breaches. Since mobile projects in development often target the most vulnerable and marginalized populations and much of development happens in countries with poor governance all the way to outright dictatorships, this combination, Hussein argues, is a recipe for disaster. She notes that international development projects lack privacy and security procols and guidelines and proposes a framework for them to consider in their projects.
Facebook recently added a new feature that will send a password reset command to a set of pre-determined 'trusted friends." This feature is coming in handy already in closed societies and countries where activists under threat of arrest and facebook hacks. The feature allows a Facebook user to pre-determine a set of "trusted contacts" in the security settings. Once trusted contacts are set up, if a user has trouble accessing her account (such as in case of arrest or hack), she can call on these trusted contacts and receive a security code from them to regain access to the account. A user would need three security codes from trusted friends to regain access to the account which would, in theory, minimize any threats to those trusted friends by adversaries.
Myanmar used to have one of the highest costs for SIM cards in the world. However, after the 2011 election and subsequent efforts to open up Burma to the international community, prices for SIM cards have drastically dropped.
Quartz just published its findings on the decline of SIM cards prices, which have become vastly more affordable to average citizens in recent years:
Times are changing in Burma. The by-elections in April resulted in the NLD winning 43 out of 44 contested seats, removal of the press restrictions that require journalists to submit articles to the Press Scrutiny and Registration Department prior to publication, and the historic visit of President Obama to Myanmar (the first time a sitting president has visited the country).
Access to ICTs in Burma has historically been challenging. Throughout the country, there is low internet and mobile penetration. There were significant cost barriers to gaining access to basic technologies like sim cards (which can cost up to $900), and constant efforts to censor content and strike fear in activists through draconian telecommunications regulations.
This time of change has also reached the technology sector in Burma. The price of sim cards has dropped, the censorship of popular online news outlets such as the Irrawaddy and Mizzima News has been lifted, and use of Facebook has grown incredibly throughout the country. READ MORE »
Last week was Internet Freedom Day - a year after a bill attempting to restrict content online, the so-called SOPA/PIPA bill, was defeated in the United States Congress. We here at NDItech are people of the Internet. We believe, as described in the Declaration on Internet Freedom, that
a free and open Internet can bring about a better world. To keep the Internet free and open, we call on communities, industries and countries to recognize these principles. We believe that they will help to bring about more creativity, more innovation and more open societies.
But, we are worried. As an organization that supports and works for democratic principles and practices, empowered communities, and responsive and accountable governments under the rule of law, and, as a unit within this organization that believes and works on the effective and innovative use of technology in this work, we see troubling trends. READ MORE »
One of the best tutorials on 'browsing like James Bond without leaving a trace" using a tool called TAILS that NDI has worked on, take a look at this LifeHacker article. We work with a lot of people who prefer not to leave a bunch of files, cookies, or an IP address out there for someone to find when they browse online.
Enter TAILS - a USB stick or DVD that anonymizes, encrypts, and, according to LifeHacker, "hides everything you do on a computer no matter where you are."
More from the article that describes TAILS way better than the project itself does: "When we say "browse without leaving a trace", we truly mean it. Using the Linux-based, live-boot operating system Tails (The Amnesiac Incognito Live System), you can use any computer anywhere without anyone knowing you were ever on it. Tails is a portable operating system with all the security bells and whistles you'll ever need already installed on it."
TAILS has a lot of tools baked in for easy use (thank you, Lifehacker, for the great descriptions): READ MORE »
Tech Tools for Activism (TTFA) has just released the latest version of it's handbook, with information and instructions for tools any activist can use. The handbook is not filled with flashy, sexy programs, nor does it give you THE one comprehensive answer that takes care of all your security needs. What the handbook does well, however, is to give you a simple explanation about why your security is at risk, and give you free programs that will help keep you safe. Both the easy to read layout and educational explanations make this handbook a good primer for activists, their partners, and for anyone who has a general interest in security while using communications technology.
A recent article in the New York Times argues that Twitter is used by citizens in Saudi Arabia to increase the political space for public discourse that did not exist before: "Open criticism of this country’s royal family, once unheard-of, has become commonplace in recent months. Prominent judges and lawyers issue fierce public broadsides about large-scale government corruption and social neglect. Women deride the clerics who limit their freedoms. Even the king has come under attack. All this dissent is taking place on the same forum: Twitter."
The NY Times staff writer Robert Worth, an often-astute chronicler of the MIddle East, argues that "Unlike other media, Twitter has allowed Saudis to cross social boundaries and address delicate subjects collectively and in real time, via shared subject headings like “Saudi Corruption” and “Political Prisoners,” known in Twitter as hashtags."
Is Twitter becoming "like a parliament, but not the kind of parliament that exists in this region,” as Faisal Abdullah, a 31-year-old lawyer, is quoted in the story - even a "true parliament, where people from all political sides meet and speak freely?" READ MORE »
We know the Internet has been a tremendous tool for growing economies, but how can it strengthen civil society and democratic governance? Ginny Hunt, global civic innovation manager at Google, addressed this question to the audience during the ILF "Democracy Spotlight."
A free and transparent Internet is transforming the interactions between government and citizens. Already, more than 6 billion devices connect people to the Internet, a number which is expected to triple in four years. Innovators continue to make networks faster and citizens increasingly have access to information in real time. The shear quantity of information is also growing. “Every minute, 72 hours of video footage is uploaded to YouTube,” she said.
Fast new ways of communicating and vast quantities of information online can be intimidating to governments, which are used to controlling information or at least using familiar information channels. Some governments have responded by filtering, monitoring and censoring what people read and share. According to Hunt, one-third of Internet users live in countries where the Internet is heavily filtered. READ MORE »
The need for civil society organizations and activists to understand best practices behind digital security and digital safety has grown exponentially over the past few years. This need has expanded beyond closed environments to more open societies that may not have as looming of a threat of communications interception, targeted malware attacks, and other dastardly deeds.
While there have been a lot of “wins” for civil society in restrictive environments to use ICTs to mobilize ahead of key political moments, these regimes continue to step up their efforts to counteract such communication.
Computer security is unpleasant. It's inconvenient. It's confusing. It makes your life harder, prevents you from accessing what you want when you need it, and requires being very thoughtful and careful at all times. All together, it's no wonder that so many people don't do what they should even when they know it's the right thing to do. You have to make choices to keep yourself safe and anonymous, and we all go with the easy default settings at times, or slip up occasionally.
What we really need is a system that makes people Do the Right Thing without taking any special, onerous action.
Earlier this month, I had the opportunity to share the NDITech team's work in citizen technology, open data and open government, and internet freedom at MediaBarCamp in Vilnius, Lithuania. For those that may not be familiar with BarCamp, it is an international network of user-generated conferences (also known as "unconferences") that feature open, participatory workshop-events, the content of which is provided by participants. The beauty of this design is that attendees are able to help shape the discussions and mold the event structure to serve their needs.
MediaBarCamp provides the opportunity to stimulate development of new media projects in Belarus, but also arrange coordination between existing projects in the region. This year, MediaBarCamp was able to bring together projects from around the world, including other closed societies, to help participants exchange information on how to successfully operate despite media restrictions and other challenges that impact freedom of expression and access to information. READ MORE »
The recent Nicaraguan election marked victory for incumbent President Daniel Ortega with 62% of the votes. In this inaugural podcast, the NDI ICT team explores how technology was used in this electoral process to empower citizens. Through the Viva el Voto website, citizens were provided a space where they could denounce voting irregularities and learn about their rights as a voter. The website worked to strengthen civil society, and provide citizens a space where they could voice their concerns. Our podcast showcases the work of our Nicaraguan partner Etica y Transperancia who has worked in Nicaragua for decades to strengthen democratic institutions and increase transparency in Nicaraguan society.
This is a special Nowruz to anyone working on tech-focused programs for Iran: the Office of Foreign Assets Control under the U.S. Treasury Department has just released new guidelines on communication and other web-based technologies that can be used in Iran. Earlier this week, the White House illustrated that these services are of critical importance to Iranians, in order to keep them connected with their peers outside Iran, specifically stating, "We encourage American companies to make their software and communications tools available to the people of Iran to help bring greater access to the world’s knowledge and information, and to empower Iranians with the tools to make their voices heard".
Technologies that can now be used without requiring prior approval or a waiver include:
Personal Communications (e.g., Yahoo Messenger, Google Talk, Microsoft Live, Skype (non-fee based))
Updates to Personal Communications Software Personal Data Storage (e.g., Dropbox)
Browsers/Updates (e.g., Google Chrome, Firefox, Intemet Explorer)
Late last week, news broke that following several self-immolations among Tibetan Buddhist and clashes of violence against protesters demanding Tibetan autonomy, China has cutoff Internet connectivity and mobile phone signals for 30 miles around the main clashes taking place in Sichuan province. Last resort techniques like these are unfortunately not new. Even prior to the most famous case of unplugging the Internet, China cut off internet access and limited mobile services in the Xinjiang region in 2009 for several months as a response to outbreaks of violence. But while key officials under the Mukarak regime have been punished in their pocketbooks, the ability and desire of repressive regimes to deploy internet outages as a means to eliminate dissidence presents yet another hurdle in attempts to ensure democracy and transparency worldwide. During volatile political moments, it becomes challenging to verify information on current events. Currently, foreign journalists are prohibited from entering affected Tibetan areas, making it extremely difficult to verify reports about the current situation. Adding to the complexity of obtaining verifiable information are the “human elements”, where concerns about the threatened safety of involved persons can add a panic-induced frenzy and desperation for accurate information. READ MORE »
The recent announcement of a Belarusian law on aspects of Internet regulation certainly raised a number of alarm bells for many groups seeking to protect free expression online. Certainly, Belarus is no stranger to internet repression, ranging from pro-democracy websites repeatedly under attack, tracking down and arresting activists, and many other insidious acts. Given the extensive and differing coverage of the law in the press, here is a summary of what is expected to take place with this law.
In order to implement the norms stipulated by Decree of the Council of Ministers on February 1, 2010, No. 60 (which states that any entity in Belarus selling goods or services to Belarus citizens on the web must use the .by Belarusian domain name), Belarusian authorities have implemented Law No. 317-3. Fines for breaking the law range as high as 1m Belarus rubles (£77; $120).
Skilled political organizer used to wrangling data? Russian speaker? Got tech? We're hiring.
The NDItech team is looking for someone to run a critical project in Eastern Europe for a period of approximately three months. The job: teaming with activist organizations who are learning to use online datastores and CRM systems to manage their information to win elections. They're savvy campaigners and used to tech, but the cloud will be new to them and comes with significant risks.
In addition to teaching how to take advantage of such systems safely you'll be helping these groups design field plans, advising on communications strategies and assisting with setting up training programs. Language skills are critical to ensure the ability to work side by side with our partners in these highly motivated activism and advocacy groups.
As our boots-on-the-ground operating out of an NDI field office you will have significant project input while being be supported by an expert team of tech, advocacy, and communications professionals. This is an excellent gig for a data and organizing ninja/rockstar/guru. You must be highly mobile, competent, and self-directed.
“What is the internet that we hope to create?” That question, posed by Ben Wagner, was answered by a multitude of voices from government, business, academia, and civil society: an internet that is open and maintains the principles of human rights. At the Freedom Online conference (or iFreedom) held in the Netherlands, several representatives from these sectors were present to discuss what governments can do to protect human rights online, how to support bloggers and cyber dissidents, and how companies ensure freedom online. Below are some of the key highlights from this event.
The event started with a welcome by Google Executive Chairman Eric Schmidt. The Netherlands’ Minister of Foreign Affairs Uri Rosenthal opened the conference, stating that freedom online is an extra dimension of freedom of speech, a fundamental freedom in democracy. Rosenthal points out that old censorship techniques are still continuing in many countries, and “we should not make their life easier by providing them with filter technology.” He points out that “tight control on the internet impinges on our freedom of speech, association and assembly. And it means that violations of other human rights are kept away from us.” Secretary Clinton’s keynote speech followed, and echoed many of the themes addressed in her earlier speeches on internet freedom. She states that all human are entitled to freedom of speech “whether they choose to exercise them in a city square or an internet chat room” and that we must “protect the internet itself from plans that would undermine its fundamental characteristics”, as fragmenting the global internet would change the landscape of cyberspace by creating “digital bubbles” instead of meaningful connections between internet users. READ MORE »
The NDI Tech team watched Secretary Clinton's keynote at last night's Democracy Dinner with great interest and not a little institutional pride. Among other highlights, we're still blushing to hear that "freedom knows no better champion" than NDI and our sibling institutions under the National Endowment for Democracy. I've collected the best of the coverage for our loyal readers: READ MORE »
The NDItech team recently wrapped up a meeting of private sector security professionals advising on some of our work in difficult countries. It was a fascinating experience; while our team has got a pretty good grasp of the fundamentals, these people have to protect some of the world's most at-risk networks or write software that is proof against determined, well-funded adversaries.
Technology for international development is all too often segregated into its own little silo. That's sad when we can't tap into the innovation and expertise of the private sector for our work in general, but it could be tragic when it comes to the challenges of keeping democracy activists safe. Our people are up against well-funded and highly aggressive governments who are among the most dangerous forces in the world for stealing passwords, hacking servers, and dropping viruses on laptops; it is imperative that development organizations bring as much firepower as possible to bear from the other side.
My favorite quote from the event: "Do know harm." READ MORE »