Is true mobile phone security a lost cause? With the increasing popularity of mobile messaging applications with weak security practices, the escalation of sim card registration requirements, and the nearly antiquated legal definitions of the ways that mobile phones are used by citizens, securing mobile phone communications is a multi-faceted problem.
I’ve done mobile security trainings for a number of years now. And one of the biggest challenges that emerges with thinking through mobile security is all of the different areas where threats can emerge: the technical infrastructure of GSM networks, the personal information that’s needed to obtain a sim card, the location tracking capabilities of phones, and the list goes on.
During RightsCon, I had the opportunity to chat with the following rockstars about the current state of mobile security and what can be done to make improvements:
There is no shortage of news about Turkey in the press recently. Between Gezi park protests last summer, and a currently unfolding corruption case, Turkish democracy is a hot topic. Last week Freedom House released a special report on Turkey entitled “Democracy in Crisis: Corruption, Media, and Power in Turkey” with the central finding being that, “Turkey’s government is improperly using its leverage over media to limit public debate about government actions and punish journalists and media owners who dispute government claims, deepening the country’s political and social polarization.” READ MORE »
Last week, many of China’s major websites were inaccessible for nearly 24 hours to Chinese internet users. Chinese users trying to reach a range of websites ending in .com were re-routed instead to an IP address owned by Dynamic Internet Technology, which is the provider of the circumvention tool Freegate. DIT has been closely affiliated with the Falun Gong, a religious organization banned in China.
GreatFire.org, which examines Chinese censorship, has a detailed report investigating this outage, illuminating that all attempts within China to visit popular websites such as Sina Weibo, Baidu, etc. would be incorrectly re-routed to 188.8.131.52 (an IP address in Wyoming).
While state news agency Xinhua raised the possibility of hacking, and CNNIC attributed the breakdown to a "root server for top-level domain names", others blame the breakdown on a failure of the Great Firewall. As Chinese internet censorship expert Xiao Qiang states to Reuters, "It all points to the Great Firewall, because that's where it can simultaneously influence DNS resolutions of all the different networks (in China). But how that happened or why that happened we're not sure. It's definitely not the Great Firewall's normal behavior."
Proper implementation of a DNS to match the domain name and the IP address of a website or web service is critical to ensuring that the Internet functions properly. As GreatFire points out, DNS poisoning, or hijacking of DNS routing to send a visitor to an incorrect domain name or IP address, is a technique deployed by the Great Firewall to render ‘blacklist’ websites inaccessible. READ MORE »
China leads the way when it comes to controlling online content. A push to counteract messaging that differs from “official” interpretation of events has spurred a wave of crackdowns that started in August, publically justified by the government as preventing the spread of online "rumors”.
Authorities have escalated their campaign against "cybercrime,” designed to prevent “hearsay” and “gossip” from spreading rapidly online, culminating in the arrests of hundreds of activists.
Prominent activist Murong Xuecun in a NYT op-ed stated that, “the vast state censorship apparatus works hard to keep us down. But posts race through Weibo so quickly that it’s difficult to control them with technology. Hence, the government is resorting to detainment.”
Chinese authorities utilize a number of methods for exorcising “bad” speech in its online communities. For over a decade, the government has been employing a task force to publish regime-friendly comments online in an effort to manipulate public opinion. This force has become known as the 50 Cent Army, which pays homage to the rumored 50 cents of Renminbi paid per comment (though in a rare moment of transparency, the government budgets have listed “Internet opinion analysts” as official occupations, most notable at the China Employment Training Technical Instruction Center). In 2012, real name registration came into effect -- requiring web users to register their given name and national identification name with provider sites before posting comments.
The “campaign against cybercrime” has reached new heights in targeting those “perpetrate rumours” in China’s online communities. This provision has paved the way for mass arrests of outspoken netizens across the country, including the Big V’s-- microbloggers known for online activism. An August 24th editorial stated that popular bloggers who “poison the online environment” should be “dealt with like rats scurrying across the street that everyone wants to kill.”
Arrests have also spread amongst China’s Uighur population. July and August were marked by a government movement against “religious extremist content on the internet” in the Xinjiang province. Fearing a militant, religious uprising, police arrested 139 people for spreading “jihadist” sentiments and posting religious content online, according to state-run media.
Earlier this month, I had the opportunity to participate in an event to determine how human rights defenders might approach an emergency alert mobile app given their diverse risks, and to ensure that activists first consider their risks before adopting such a tool.
The following is a summary of this event, written by Alix Dunn of the Engine Room and Libby Powell of Radar.
How can an app developer make sure that an app doesn’t do more harm than good? For Amnesty International, that question could be one of life or death for human rights defenders using their new Panic Button app. READ MORE »
Early this summer, the Wall Street Journal published a widely-circulated article on the increasing restrictions to free speech online. South East Asia continues to be a region where internet freedom is under threat.
The most notable case is in Vietnam, where the draconian Decree 72 has been implemented. (More details on other restrictions in Vietnam can be found here). According to the decree, “[A] personal information webpage is a webpage created by individual on their own or via a social network. This page should be used to provide and exchange information of that individual only; it does not represent other individual or organization, and is not allowed to provide compiled information.” This law has severe implications for any journalists, academics, and others who seek to share work accomplished by others. In addition, the decree requires all foreign websites to include at least one server in Vietnam, so that the data stored on those servers can be accessed by local authorities. READ MORE »
There is a new report by Hibah Hussein, a researcher at the New America Foundation that sharply critiques the lack of privacy and security considerations in mobiles-for-development projects. As readers of this blog know, mobile phones are proliferating as a communications and information delivery channel in international development - in health care projects, those focused on economic development and livelihoods, and also in social accountability and transparency work. We here at NDI have certainly extensively used mobile phones in systematic election monitoring, for citizen outreach and delivering civic information, and for citizens to hold their elected officials accountable.
But, as Hussein poses, mobile phones are inherently insecure channels easily surveilled and monitored by design (after all, telcoms charge by usage and thus watch closely what you do), poorly regulated if at all with meaingful privacy protections in most developing countries, and thus inherently subject to deliberate or inadvertent privacy and security breaches. Since mobile projects in development often target the most vulnerable and marginalized populations and much of development happens in countries with poor governance all the way to outright dictatorships, this combination, Hussein argues, is a recipe for disaster. She notes that international development projects lack privacy and security procols and guidelines and proposes a framework for them to consider in their projects.
Cyberspace and all communications associated with the Internet was once idealized as a free and open space in which communications could flow back and forth at liberty. This idea has slowly changed in the last 25 years and we are now seeing the Internet and cyberspace as a “Fierce Domain” in which states engage in hostile actions against one another and increasingly against their own citizens. We wondered what normative changes have occurred over the last 15 years in cyberspace and what the implications of this change has been on democrats around the world.
Jeffrey Legro’s definition of norms as “collective understandings of the proper behavior of actors” is helpful to illustrate how norms have evolved in cyberspace. So then, what are the specific norms we would like to see in cyberspace as a democracy support organization? There are currently very clear trends of norms that we wish we didn’t see.
First we see a significant inrease in offensive and defensive state-level cyber capabilities and a growth in state censorship and surveillance. The data globally, as illustrated through sample data taken from censorship monitoring projects such as the Berkman Center’s Herdict Project (Image Right), illustrate an increase in reports of online censorship. Although this data is based on citizen reporting and may not also be state-generated, the enormity of reports of censorship is staggering.
Along with censorship comes its closely related counterpart, surveillance, and the reports of individuals being surveilled in their online activities is only increasing. Furthermore as indicated by experts in tracking censorship and surveillance such as Ronald Deibert at the Munk School of Global Affairs’ CitizenLab surveillance is getting worse. Globally we almost certainly passed the statet when only a few states were using the Internet as a means of censorship and surveillance against their own citizens. States are increasingly socializing, demonstrating, and institutionalizing censoring and surveillance behavior.
The Washington Post and others have reported extensively on the now declassified secret court opinion from 2011, which claims that the National Security Administration (NSA) has been illegally gathering tens of thousands of electronically-based communications among American citizens for several years now. An internal NSA audit conducted in May 2012 reported 2,776 incidents of unauthorized collection, storage, access to and distribution of legally protected communications from April 2011 to March 2012.
As part of their bulk surveillance program, the NSA has put pressure on numerous companies to release information about their customers. In early August, Lavabit, an email service used by Snowden and approximately 400,000 other people, shuttered its operations after rejecting to comply with a court order to help the US government spy on its clients. Founded in 2004 and owned by Ladar Levison, Lavabit email services used asymmetric encryption to provide a significant level of privacy and security for its users -significant enough that US intelligence agencies could not crack it. Under gag order, Levison was prevented from discussing in detail the reasoning behind his company’s shutdown. On the Lavabit website Levison left a cryptic message for users regarding his decision:
“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise.”
Internet freedom has been under threat in Vietnam for some time. The most recent action to repress free speech online is in the form of “Decree 72”, a legislation which requires Internet companies to cooperate with the Vietnamese government to enforce prohibition of: opposing the " the Socialist Republic of Vietnam," undermining "the grand unity of the people", damaging 'the prestige of organizations and the honour and dignity of individuals”, and other ambiguously worded means to express oneself online.
This decree also applies to “organization/individuals inside and outside Vietnam, directly/indirectly involved in managing/providing Internet services and information, and online games, ensuring information safety.” The decree was adopted on July 15th of this year, and will come into force on September 1st. The decree has largely been condemned by human rights organizations and internet industry operating in Vietnam. READ MORE »
The recent revelations about large-scale NSA surveillance point to a pervasive problem facing democracy and human rights activists around the world. They face intense surveillance on a daily basis for working for universally accepted human rights and democratic and accountable governance. Those who thought of the internet as a space for free expression and a place where ideas are able to transit the globe unencumbered by now have realized that the reality of the Internet is not too dissimilar from that of the physical world. The great public square that is the internet is closely watched and increasingly controlled by governments and their spies. We wonder increasingly: How can democracy and human rights activists still use this space to continue the good fight? What are the implications for democracy and human rights activists following the revelations of surveillance programs such as Prism and large-scale meta data dragnets? Are we becoming fast the cyberlosers as the world is moving towards compromised internet governance, national internets, and pervasive surveillance?
The bottom line is this: The online public square is depply compromised. Of course, this surely is not a great surprise. READ MORE »
Two recent reports emphasize the importance of the ICT gender gap in developing countries. These in-depth analyses provide statistics, case studies, and conclusions that clearly demonstrate why closing that gap is so essential to development and to increasing women's political participation.
Last year, the GSMA (the association of GSM mobile operators) and the Cherie Blaire Foundation produced a report on women and mobile technology. Intel, in coordination with Dalberg and GlobeScan, released a report yesterday that focuses on Internet access in developing countries. Key takeaways from each publication:
Closing the mobile gap for women represents a $13 billion dollar opportunity: With the gender gap representing over 300 million women, providing service represents not only an important step for human rights, but a monetary incentive to the private sector as well.
The top three benefits of cell phone ownership for women: feeling safer (93%), feeling more connected with friends and family (93%) and feeling more independent (85%)
The top five factors predicting ownership of mobile phone: Household income, urban/rural location, age, occupation, and education level.
Barriers preventing ownership of mobile phones: cost of handsets, no need to have one as everyone is local, and use of landline instead of mobile.
The report also includes: case studies of projects in Pakistan promoting female literacy, culturally appropriate advertising for women in Afghanistan, distance learning in Mexico, and providing input for women in Kosovo's constitution
Closing the Internet gap for women represents 50 to 70 billion dollars: Similar to mobiles, increasing the number of women online also represents a potential increase in GDP of $13 to 18 billion across 144 developing countries.
Internet penetration varies greatly among continents: while North America experiences 79%, the Middle East has 40%, Asia has 28%, and Africa lags behind at 16% internet penetration.
Access to the Internet provides both positive individual and ecosystem outcomes: including increased confidence and self worth, more opporutnities for education or employment, and access to networks, as well as economic development through GDP growth, gender equality through the leveling of opportunity, and diversification of markets.
Major individual inhibitors to Internet access: awareness of the content and use of information on the Internet, ability to navigate and consume web content, and an environment lacking in encouragement of use.
The largest ecosystem inhibitors to Internet access: network infrastructure, economic viability of Internet connection options, policies encouraging women to use the Internet,
Golos, a long-time partner of NDI in Russia, was awarded the prestigious Sakharov Prize of the Norwegian Helsinki Commission today. The Commission especially lauded Golos for its innovative work during the recent Russian legislative and presidential elections. Golos, Russian for "The Voice", is the only independent election monitoring organization in Russia. It has worked for over a decade on independent domestic election monitoring but became extremely popular during the recent Duma and then Presidential elections for its interactive map that allowed citizens to report violations during the election period and on election day. These elections were marked by the savvy use of Russians of social media and camera phones to record and report election violations on YouTube and on Golos' map.
The map became one of the 25 most-visited sites in Russa at the time, noted the Commission. Shortly after launch, the site was removed from Gazety.ru where it had been published, Golos director was detained, and the organization was fined multiple times. Golos was accused of collaborating with Western agents and a slander campaign was launched against the organization on state media. READ MORE »
For those of us in the tech4dem business, we are well aware of the power that social media has to share photo and video evidence of violations of democratic processes and demonstrations calling for protection of citizen's rights. However, in a world where pro-democracy activists are increasingly becoming targets for their actions both online and offline, there is a pressing need to protect the identities of such individuals.
Enter the Cameras Everywhere initiative. Started by WITNESS, a leading organization on documentation of human rights abuses, this initiative is dedicated to safe video and photo documentation online and on mobile phones. They, together with the Guardian Project, developed the Android app ObscuraCam, which anonymizes photos by not only removing the meta data associated with the image file, but also by blurring, or obscuring, the faces shown in the photo.
This same functionality is now available through Youtube, known as a feature called "Blur All Faces". I tested this feature, and found it quite easy to use and function well. Here are the results and the steps on how you can blur faces too:
Last week I attended the Media Access Project (MAP) event, part of a series of forums on “How Technologies Are Changing Our World View”. Tuesday's topic: The Global Internet and the Free Flow of Information. Panelists were invited from a number of sectors - including academia, business, and policy - to participate in two panels; the first discussed the threats and challenges facing online expressions and the second focused on public policies that can protect online freedoms. There were many interesting perspectives, opinions, and facts presented, and here are some of the most important ones that will affect our work.
Technology companies have been expanding their markets by providing tools and services to people around the world. As companies enter new markets and introduce new products, they face a number of challenges. Will their technologies be used to limit human rights? Do local laws require them to share user information to governments, and if so will they comply? These issue have already been seen (Yahoo handing over data on Chinese dissidents who were then imprisoned) and will continue to be seen. Moreover, there has been growing pressure on companies to develop policies surrounding human rights issues and regularly assess these issues as companies expand. The trend of companies developing policies around these issues is important, as it will change the threats and concerns that users face when using technology tools.
Late last week, news broke that following several self-immolations among Tibetan Buddhist and clashes of violence against protesters demanding Tibetan autonomy, China has cutoff Internet connectivity and mobile phone signals for 30 miles around the main clashes taking place in Sichuan province. Last resort techniques like these are unfortunately not new. Even prior to the most famous case of unplugging the Internet, China cut off internet access and limited mobile services in the Xinjiang region in 2009 for several months as a response to outbreaks of violence. But while key officials under the Mukarak regime have been punished in their pocketbooks, the ability and desire of repressive regimes to deploy internet outages as a means to eliminate dissidence presents yet another hurdle in attempts to ensure democracy and transparency worldwide. During volatile political moments, it becomes challenging to verify information on current events. Currently, foreign journalists are prohibited from entering affected Tibetan areas, making it extremely difficult to verify reports about the current situation. Adding to the complexity of obtaining verifiable information are the “human elements”, where concerns about the threatened safety of involved persons can add a panic-induced frenzy and desperation for accurate information. READ MORE »
“What is the internet that we hope to create?” That question, posed by Ben Wagner, was answered by a multitude of voices from government, business, academia, and civil society: an internet that is open and maintains the principles of human rights. At the Freedom Online conference (or iFreedom) held in the Netherlands, several representatives from these sectors were present to discuss what governments can do to protect human rights online, how to support bloggers and cyber dissidents, and how companies ensure freedom online. Below are some of the key highlights from this event.
The event started with a welcome by Google Executive Chairman Eric Schmidt. The Netherlands’ Minister of Foreign Affairs Uri Rosenthal opened the conference, stating that freedom online is an extra dimension of freedom of speech, a fundamental freedom in democracy. Rosenthal points out that old censorship techniques are still continuing in many countries, and “we should not make their life easier by providing them with filter technology.” He points out that “tight control on the internet impinges on our freedom of speech, association and assembly. And it means that violations of other human rights are kept away from us.” Secretary Clinton’s keynote speech followed, and echoed many of the themes addressed in her earlier speeches on internet freedom. She states that all human are entitled to freedom of speech “whether they choose to exercise them in a city square or an internet chat room” and that we must “protect the internet itself from plans that would undermine its fundamental characteristics”, as fragmenting the global internet would change the landscape of cyberspace by creating “digital bubbles” instead of meaningful connections between internet users. READ MORE »
The NDI Tech team watched Secretary Clinton's keynote at last night's Democracy Dinner with great interest and not a little institutional pride. Among other highlights, we're still blushing to hear that "freedom knows no better champion" than NDI and our sibling institutions under the National Endowment for Democracy. I've collected the best of the coverage for our loyal readers: READ MORE »
Tonight Secretary of State Clinton will keynote our annual democracy award dinner where NDI will recognize the leadership of some of the people and groups who have championed democracy around the world over the last three decades. The program will also recognize leaders from the Arab Spring uprisings underway in the Middle East and North Africa. One of the themes of the evening will undoubtedly be the role of technology in democracy and these democratic transitions.
The word we're getting here is that the Secretary will be delivering a major policy speech on democracy, and while I don't have any inside information on the speech, we're listening carefully to see if she uses it to provide additional leadership on technology and democracy. You can tune in live on CSPAN live at 8pm Eastern Time, and we'll provide links to the speech when available. READ MORE »
The Silicon Valley Human Rights Conference in San Francisco this week sought to connect tech companies that build tools and services that are used in challenging political environments with the activists and human rights groups that use them. As is widely recognized, particularly since the Arab Spring uprisings, these technologies often cut both ways in that they can be used by the good guys in support of political freedom and democratic development, or by tyrants to supress speech, access to information and monitor or surveil citizens. We've blogged about these issues extensively here at NDITech. READ MORE »
Restriction of open dialogue can take a variety of forms. Systematic and pervasive technical means to block keywords, denial-of-service attacks against websites, and overcrowding discussion platforms in order to drown out dissenting points-of-view are just a few popular methods used around the world. However, many regimes do not have the resources to conduct these widespread and labor-intensive means to enforce people to fall in line with government rhetoric. Therefore, it becomes imperative to create regulatory framework which ensures punishment to those who “cause national panic,” “offend the public," or other ambiguous jargon to quash “undesirable” discourse. Undesirable, that is, to the regime in power.
The Thai Computer Crimes Act is one such law, where content regulation issues are combined with cybercrimes like hacking and email phishing under vaguely defined terms. One of the most startling features of this law is that internet intermediaries, under Articles 14 and 15, are held just as accountable for the actions of other users to disseminate content “that can cause damage to the third party or public.” READ MORE »
There is a lot of talk about political activism in the tech for development and democracy space. We often discuss capturing evidence or documenting abuses using cameras and phones; citizen journalism and citizen reporting using blogs, SMS or other social media; crowdsourcing reports on to web-based maps; or circumventing repressive regimes to gain access to the Internet - often to share the evidence or access the social platforms we use to share our experiences.
Lots of great technologies, lots of courageous activists and citizens, and lots of international support for these efforts.
However, it seems to me that a big piece of the puzzle isn't very clear - how are these technologies and political activities supposed to bring about the desired poltiical change? What process do these actions support? What is the theory of change?
This post attempts to fill in some of that gap by explaining a common approach that NDI coaches groups to use in combination with all these great technologies: political process monitoring. READ MORE »
Working in closed societies is a small percentage of NDI's work; the majority of our programs take place in established democracies of varying levels - from the most fragile to well established democratic countries. However, in response to the State Department's Internet Freedom initiative and other factors, we have seen additional interest in this topic (as I have mentioned) and it's a good opportunity to share how NDI approaches ICT work in these countries.
The text of our talk is attached below, and the video will be available soon.
Here is a summary of the four main points and the QA. READ MORE »