Internet Freedom

Creating a Secure, Inexpensive, Personal Sync Solution

A Personal Sync Solution - BitTorrent Sync
As technology has evolved it has become increasingly commonplace for us as users of technology to expect our files to be where we are. With solutions like Dropbox.com, Google Drive, Box.com, OneDrive by Microsoft we are often allocated a moderate amount of space. Yet with recent revelations about surveillance and censorship by the NSA and others and the cost prohibitive nature of using these tools when larger volumes of storage are required I wondered if there wasn’t a solution that was 1.) Free and 2.) more secure. This led me to BitTorrent Sync. First, BitTorrent Sync is free, although not open source. It works on Windows, Mac, Linux, ARM, Intel, iOS, Android, and several others. It has both desktop and mobile based applications. You can even install it on a NAS device. 2. Your data is only stored on your devices. BitTorrent Sync makes the following security claims
 
“The system uses SRP for mutual authentication and for generating session keys that ensure Perfect Forward Secrecy. All traffic between devices is encrypted with AES-128 in counter mode, using a unique session key. 
 
The secret is a randomly generated 20-byte key. It is Base32-encoded in order to be readable by humans. BitTorrent Sync uses /dev/random (Mac, Linux) and the Crypto API (Windows) in order to produce a completely random string. This authentication approach is significantly stronger than a login/password combination used by other services.“
What BitTorrent Sync allows you as a user of data to do is to bypass the middleman on the internet as the image below illustrates. Much like traditional P2P technologies you are simply downloading files from other devices.

The Cyber Side of Social Mobilization

Can big data tell us the scale of a protest movement?

The past several months have seen protest movements take place in Ukraine and Bosnia and Herzegovina as well as in many other places around the world. As these movements have arisen it has been an ongoing question as to whether it was possible to utlize the Internet to determine the scale and scope of these movements. Both countries experienced some form of protest movement that resulted in on the ground action in their respective capitals. Is it possible to identify how successful a protest movement is just by looking at the publicly available online flow of information? When trying to assess the importance of technology in a democracy there are dozens of questions that need answering.  This hints at the broader processes of understanding how technology and society interact. Furthermore, it allows us to grasp in real terms how citizens of a country are using technology to discuss, mobilize and engage around political issues in a way other than formal polling.

Bosnia and Herzegovina (BiH) and Ukraine are very different in many respects. Although both have ethnic divisions the depth of these ethnic divisions, at least on the surface, appears to be significantly different. BiH has approximately 65% Internet penetration while Ukraine has just under 40% penetration. Ukraine has 3.2 million active users of Facebook while BiH has 1.54 million. Ukraine has approximately 10 times as many people as BiH and covers a significantly larger geographic area. Both sets of protests achieved international media attention, but if we look behind the sheen of the international media and we examine what people in the country were talking about can derive we a non-scientific assessment of the scale of these two different movements? READ MORE »

The Cyber Losers: The Weaponization of Cyberspace and Its Affect on Human and Democracy Rights

Cyber Capabilities Over Time

I just returned from the International Studies Association conference in Toronto, Canada where thousands of scholars from around the world gathered to discuss virtually every topic imaginable related to international affairs. I presented two papers on two separate panels. Below is a topline summary of one paper and its substantive findings and relevant criticism from a panel of experts. This paper will be published in the academic journal “Democracy and Security” in a forthcoming edition. 

Are national security issues in cyberspace were spurring states to “arm” themselves with cyber tools, capabilities, and laws to combat one another? And if states are arming themselves what does this mean for human and democracy rights activists with substantially fewer resources than nation states? 

With a limited sample I built a case for the existence of a security dilemma in cyberspace and then attempted to establish a correlation between increases in cyber capabilities, tools and legal and regulatory developments to the oppression of state actors. What might you ask is the security dilemma? The definition of the security dilemma comes from Robert Jervis who states: “many of the means by which a state tries to increase its security decrease the security of others.” The security dilemma is the central thesis of realist international politics as outlined by Hans Morgenthau, Kenneth Waltz, John Mearsheimer, and others. To survive, states must establish and maintain their relative power positions in the context of other states. Figure 1 & 2 below illustrate the security dilemma as it is developed in cyberspace.  READ MORE »

A Bill of Rights for the Internet: Brazil Leads the Way

Brazil's House of Representatives commemorating the adoption of the Marco Civil

Late yesterday, Brazil’s House of Representatives passed the Marco Civil, a bill aimed at guaranteeing civil rights in the use of the Internet in Brazil. Specifically, it aims to protect privacy rights, net neutrality, safeharbors for internet service providers and online service providers, open government, and setting forth that access to the internet is a requisite to the exercise for civic rights.

The drafting of the Civil Marco Internet in Brazil began in 2009 through a collaborative effort between the Office of Legislative Affairs of the Ministry of Justice, in partnership with the School of Law of the Rio de Janeiro at the Getulio Vargas. Citizen feedback on this bill (between November 2009 and June 2010) was received through social media by more than 2000 contributions of internet users across the country. (More here about the process). READ MORE »

Circumventing Twitter Restrictions

Screen Shot 2014-03-24 at 10.09.24 AM.png

Turkey blocked Twitter. If you happen to have been on vacation over the weekend or haven’t had a chance to check out the newspaper in a few days, The Washington Post and Reuters both have good write ups on the potential political fallout of this Twitter block as well as some background information on the situation. The interesting thing, as noted in the Washington Post article, is that this “restriction” has had little effect on Twitter chatter within the country. In fact, in the aftermath of discovering that they were no longer able to access Twitter, tweets spiked to 138 percent of the normal posting rate, an ironic feat in light of the ban. This statistic begs the question, “How are Turks tweeting, and tweeting rapidly, and about a Twitter ban?”

Well, the answer is simple and not so simple. Turkey has faced routine website blocking for the better part of the last decade, most notably the 2008 restriction of access to Youtube (which was in effect for 2 years). By now, most Turks, especially the younger generation, are well acquainted with the various measures for circumventing such restrictions. In case you are not, here are a few of the ways to access Twitter in the event of a block.

  1. SMS

On March 20th, Twitter sent out a tweet instructing Turks how they could tweet via SMS on both Vodafone and Turkcell networks. SMS tweets are popular in areas with limited access to internet data, but in this case the service is proving to be multi-functional. Users can also receive tweets from friends that the user designates they would like to receive mobile tweets from. Obviously Twitter via SMS lacks much of the user experience of the broader Twitter app and website, but it still proves to be an effective work around.

Will Mobile Phone Security Always Be An Oxymoron?

RightsCon

Is true mobile phone security a lost cause? With the increasing popularity of mobile messaging applications with weak security practices, the escalation of sim card registration requirements, and the nearly antiquated legal definitions of the ways that mobile phones are used by citizens, securing mobile phone communications is a multi-faceted problem.

I’ve done mobile security trainings for a number of years now. And one of the biggest challenges that emerges with thinking through mobile security is all of the different areas where threats can emerge: the technical infrastructure of GSM networks, the personal information that’s needed to obtain a sim card, the location tracking capabilities of phones, and the list goes on.

During RightsCon, I had the opportunity to chat with the following rockstars about the current state of mobile security and what can be done to make improvements:

Alix Dunn, Creative Lead at The Engine Room  

Bryan Nunez, Technology Manager at The Guardian Project

Carly Nyst, Legal Director at Privacy International

Chris Tuckwood of The Sentinel Project

Craig Vachon, VP Corporate Development at Anchor Free

Pablo Arcuri, Chief of Party at Internews

Oktavía Jónsdóttir, Program Director at IREX

Rory Byrne, Founder and CEO at Security First

  READ MORE »

Update: Turkey's Internet Showdown

Protests against Turkey's new internet bill erupted in Istanbul on Feb. 8.

There is no shortage of news about Turkey in the press recently. Between Gezi park protests last summer, and a currently unfolding corruption case, Turkish democracy is a hot topic. Last week Freedom House released a special report on Turkey entitled “Democracy in Crisis: Corruption, Media, and Power in Turkey” with the central finding being that, “Turkey’s government is improperly using its leverage over media to limit public debate about government actions and punish journalists and media owners who dispute government claims, deepening the country’s political and social polarization.” READ MORE »

Why China's Internet Outage is a Big Deal

Last week, many of China’s major websites were inaccessible for nearly 24 hours to Chinese internet users. Chinese users trying to reach a range of websites ending in .com were re-routed instead to an IP address owned by Dynamic Internet Technology, which is the provider of the circumvention tool Freegate. DIT has been closely affiliated with the Falun Gong, a religious organization banned in China.

GreatFire.org, which examines Chinese censorship, has a detailed report investigating this outage, illuminating that all attempts within China to visit popular websites such as Sina Weibo, Baidu, etc. would be incorrectly re-routed to 65.49.2.178 (an IP address in Wyoming).

While state news agency Xinhua raised the possibility of hacking, and CNNIC attributed the breakdown to a "root server for top-level domain names", others blame the breakdown on a failure of the Great Firewall. As Chinese internet censorship expert Xiao Qiang states to Reuters, "It all points to the Great Firewall, because that's where it can simultaneously influence DNS resolutions of all the different networks (in China). But how that happened or why that happened we're not sure. It's definitely not the Great Firewall's normal behavior."

Proper implementation of a DNS to match the domain name and the IP address of a website or web service is critical to ensuring that the Internet functions properly. As GreatFire points out, DNS poisoning, or hijacking of DNS routing to send a visitor to an incorrect domain name or IP address, is a technique deployed by the Great Firewall to render ‘blacklist’ websites inaccessible. READ MORE »

Have you Heard? China's Crackdown on Online "Rumors"

China leads the way when it comes to controlling online content. A push to counteract messaging that differs from “official” interpretation of events has spurred a wave of crackdowns that started in August, publically justified by the government as preventing the spread of online "rumors”.

Authorities have escalated their campaign against "cybercrime,” designed to prevent “hearsay” and “gossip” from spreading rapidly online, culminating in the arrests of hundreds of activists.

Prominent activist Murong Xuecun in a NYT op-ed stated that, “the vast state censorship apparatus works hard to keep us down. But posts race through Weibo so quickly that it’s difficult to control them with technology. Hence, the government is resorting to detainment.”

Chinese authorities utilize a number of methods for exorcising “bad” speech in its online communities. For over a decade, the government has been employing a task force to publish regime-friendly comments online in an effort to manipulate public opinion.  This force has become known as the 50 Cent Army, which pays homage to the rumored 50 cents of Renminbi paid per comment (though in a rare moment of transparency, the government budgets have listed “Internet opinion analysts” as official occupations, most notable at the China Employment Training Technical Instruction Center). In 2012, real name registration came into effect -- requiring web users to register their given name and national identification name with provider sites before posting comments.

The “campaign against cybercrime” has reached new heights in targeting those “perpetrate rumours” in China’s online communities. This provision has paved the way for mass arrests of outspoken netizens across the country, including the Big V’s-- microbloggers known for online activism. An August 24th editorial stated that popular bloggers who “poison the online environment” should be “dealt with like rats scurrying across the street that everyone wants to kill.”

Arrests have also spread amongst China’s Uighur population.  July and August were marked by a government movement against “religious extremist content on the internet” in the Xinjiang province.  Fearing a militant, religious uprising, police arrested 139 people for spreading “jihadist” sentiments and posting religious content online, according to state-run media.

READ MORE »

The Changed Conversation About Surveillance Online

Logo, Crimson Hexagon, the platform we used for this research

The revelations about sustained and pervasive NSA surveillance that started in June and are still ongoing are having a sustained effect on the global conversation about censorship and surveillance on the Internet. Using 'big data' analysis of public sentiment we can illustrate the change in this conversation. The increase in online posts on the topic important because it indicates that the global conflict over Internet norms is occurring in real-time and is not fading out of the global consciousness or being consumed by a Huxleyan dystopia. If anything, the conversation has increased and has remained significantly higher than it was in the months prior to the first wave of revelations.

Our analysis, using Crimson Hexagon's media monitoring platform, comprised more than 2.5 million online posts from April 6 until October 1 from almost every country in the world. The conversation was and remains dominated by the expected players (largely due to an English language bias or our survey), United States, United Kingdom, Canada, and Australia.  Even though we conducted our survey for English language posts only, the global geographic location of posts accounts for nearly all nations around the world. READ MORE »

Our Digital Future: What's Next for Internet Research

NDItech was recently at an event on Our Digital Future: Ideas for Internet Research hosted by The George Washington University’s Elliott School of International Affairs. A diverse panel of experts in the field were invited to the discussion: Matthew Reisman, a Senior Manager at Microsoft, Milton Mueller, Professor at the Syracuse University of Information Studies, Brian Bieron, Senior director with eBay, and Carolina Rossini who serves as Project Director for the Latin American Resource Center.

Panelists made a number of interesting observations about the status and power of the internet in today’s global society. Matthew Reisman pointed out that Microsoft, in particular, is interested in studies of how government regulatory policies are affecting the ability of entrepreneurs to conduct business online - which would be most easily measured by conducting econometric research on internet policies enacted around the world.  As trade and services burgeon online, governments are creating barriers that complicate the ease of doing international business. It is important for those researching the modern impact of the internet to consider just how these barriers are affecting businesses, economies, and people, especially in a world where eCommerce has grown to encompass over 6 percent of the global retail sector over a period of ten years. Milton Mueller further asserted that developing an understanding of intimate relations between technology and social relations is essential, including how [we] are going to govern newly implemented technologies, and what the global impact of this governance will be.

The internet is global and as such has particular impact on the economic possibilities for developing countries. We hope to see tangible data from conversations such as this that makes the point wht the internet - in economic and political terms - is a vital resource for countries worldwide.

READ MORE »

Taking the "Social" and "Media" out of "Social Media"

Image courtesy of NamViet News

Early this summer, the Wall Street Journal published a widely-circulated article on the increasing restrictions to free speech online. South East Asia continues to be a region where internet freedom is under threat.

The most notable case is in Vietnam, where the draconian Decree 72 has been implemented. (More details on other restrictions in Vietnam can be found here). According to the decree, “[A] personal information webpage is a webpage created by individual on their own or via a social network. This page should be used to provide and exchange information of that individual only; it does not represent other individual or organization, and is not allowed to provide compiled information.” This law has severe implications for any journalists, academics, and others who seek to share work accomplished by others. In addition, the decree requires all foreign websites to include at least one server in Vietnam, so that the data stored on those servers can be accessed by local authorities. READ MORE »

Beyond Repair? Normative Change in Freedom Online

Norms are shifting on the Internet. Don't get left behind. (image by  nettmonkey)

Cyberspace and all communications associated with the Internet was once idealized as a free and open space in which communications could flow back and forth at liberty. This idea has slowly changed in the last 25 years and we are now seeing the Internet and cyberspace as a “Fierce Domain” in which states engage in hostile actions against one another and increasingly against their own citizens. We wondered what normative changes have occurred over the last 15 years in cyberspace and what the implications of this change has been on democrats around the world. 

Jeffrey Legro’s definition of norms as “collective understandings of the proper behavior of actors” is helpful to illustrate how norms have evolved in cyberspace. So then, what are the specific norms we would like to see in cyberspace as a democracy support organization? There are currently very clear trends of norms that we wish we didn’t see. 
 
First we see a significant inrease in offensive and defensive state-level cyber capabilities and a growth in state censorship and surveillance. The data globally, as illustrated through sample data taken from censorship monitoring projects such as the Berkman Center’s Herdict Project (Image Right), illustrate an increase in reports of online censorship. Although this data is based on citizen reporting and may not also be state-generated, the enormity of reports of censorship is staggering. 
 
Along with censorship comes its closely related counterpart, surveillance, and the reports of individuals being surveilled in their online activities is only increasing. Furthermore as indicated by experts in tracking censorship and surveillance such as Ronald Deibert at the Munk School of Global Affairs’ CitizenLab surveillance is getting worse. Globally we almost certainly passed the statet when only a few states were using the Internet as a means of censorship and surveillance against their own citizens. States are increasingly socializing, demonstrating, and institutionalizing censoring and surveillance behavior.

Internet Freedom in Vietnam

Flag_of_Vietnam_(WFB_2004).gif

Internet freedom has been under threat in Vietnam for some time. The most recent action to repress free speech online is in the form of “Decree 72”, a legislation which requires Internet companies to cooperate with the Vietnamese government to enforce prohibition of: opposing the " the Socialist Republic of Vietnam," undermining "the grand unity of the people", damaging 'the prestige of organizations and the honour and dignity of individuals”, and other ambiguously worded means to express oneself online.

This decree also applies to “organization/individuals inside and outside Vietnam, directly/indirectly involved in managing/providing Internet services and information, and online games, ensuring information safety.” The decree was adopted on July 15th of this year, and will come into force on September 1st. The decree has largely been condemned by human rights organizations and internet industry operating in Vietnam. READ MORE »

This Month's Global Online Censorship Round-Up

While news of NSA and GCHQ surveillance continues to dominate the news, there are plenty of other countries that use legal and judicial means to justify online censorship and surveillance. Internet freedom is backsliding in these countries:  READ MORE »

Spooks and Democracy Advocacy - Are We Becoming Cyberlosers?

Change the World

The recent revelations about large-scale NSA surveillance point to a pervasive problem facing democracy and human rights activists around the world. They face intense surveillance on a daily basis for working for universally accepted human rights and democratic and accountable governance. Those who thought of the internet as a space for free expression and a place where ideas are able to transit the globe unencumbered by now have realized that the reality of the Internet is not too dissimilar from that of the physical world. The great public square that is the internet is closely watched and increasingly controlled by governments and their spies.  We wonder increasingly: How can democracy and human rights activists still use this space to continue the good fight? What are the implications for democracy and human rights activists following the revelations of surveillance programs such as Prism and large-scale meta data dragnets?  Are we becoming fast the cyberlosers as the world is moving towards compromised internet governance, national internets, and pervasive surveillance? 

The bottom line is this: The online public square is depply compromised. Of course, this surely is not a great surprise.  READ MORE »

Bridge Into an Uncensored Internet

Tor (incognito)

Elections and other political events can be a time in less transparent environments when there is increased internet monitoring and censorship. With notable elections coming up in the next few months, particularly in countries with a history of internet monitoring and filtering, utilizing circumvention technologies ahead of these events become extremely important. Circumvention technologies enable you to route your internet connection to an IP address outside of your country, allowing you to view otherwise filtered content. One of the best circumvention technologies is Tor

However, in countries such as Iran and China, known Tor IP addresses (or "relays") had been intermittently blocked in the past, making it unusable. Expanded use of capabilities such as Deep Packet Inspection have even made it possible for some regimes to determine if internet traffic is being routed through Tor.  READ MORE »

Gone FinFishing

Gamma International

The minds at Citizen Lab are at it again: detailing how surveillance software developed by Gamma International is being implemented by countries around the world to target the work of pro-democracy groups

We preciously reviewed their report on Blue Coat, a U.S.-based company whose firewall and web filtering products have ended up in Syria, Burma, and other countries with a history of internet surveillance and censorship. READ MORE »

Plugging in from Pyongyang

Image courtesy of AP cameraman David Guttenfelder's Instagram

UPDATE:  According to Koryo Tours, the only group that is currently sanctioned to bring foreigners into North Korea, "3G access is no longer available for tourists to the DPRK. Sim cards can still be purchased to make international calls but no internet access is available." Now, the only foreigners with 3G access will be permanent residents of the DPRK, not tourists.  

---

Originally published February 28, 2013

This week, foreigners living in North Korea were able to connect to 3G services on their mobile devices and tablets. Koryolink (a joint venture between state-owned KPTC and Egyptian provider Orascom) informed foreign residents in Pyongyang that it will launch 3G mobile Internet service no later than March 1.

This newly-available access follows the reversal of regulations requiring visitors to surrender their phones at customs, and has been replaced with allowing foreigners to bring in their own mobile phones to use with Koryolink SIM cards.

Some have speculated that 3G access follows the highly publicized visit from Google CEO Eric Schmidt; however, Koryolink has stated the new service had “nothing to do” with his trip, and the carrier had "tried hard to negotiate with the Korean security side, and got the approval recently." READ MORE »

The Cost of Openness

Myanmar used to have one of the highest costs for SIM cards in the world. However, after the 2011 election and subsequent efforts to open up Burma to the international community, prices for SIM cards have drastically dropped.

Quartz just published its findings on the decline of SIM cards prices, which have become vastly more affordable to average citizens in recent years:

READ MORE »

NDI at Right to Information Conference at Stanford University

NDI Participates in Right to Information Conference at Stanford University

NDI is presenting a number of papers at a Stanford University conference entitled: “Right to Information and Transparency in the Digital Age: Policy, Tools and Practices”. The conference “seeks to bring together people engaged in law, policy, social movements, administration, technology, design and the use of technology for accessing information.” Two papers  by Chris Doten and Lauren Kunis from NDI looked at information access and political participation in West Africa. 

Chris Doten’s paper, “Transparent Trees Falling in Empty Forests: Civil Society as Open Data Analysts  and Communications Gateways,” specifically focuses on access to and analysis of election data. NDI worked with Coalition for Democracy and Development in Ghana (CDD) in the recent Ghana election.  In the context of election data, in particular, Doten suggests there is a need for solid and publicly available analysis of available data and promotion of that analysis through various media, including publishing of raw data. Without analysis and public distribution through a variey of channels, election data is like the proverbial tree that falls in the woods with no one hearing it. By providing access and analysis Doten suggest that there is the potential for a better informed citizenry.  READ MORE »

Building a Better Digital Security Training

Many digital security training module concepts.

I'm holed up with a bunch of geeks for a week talking about the art of digital security training. Since I've been with NDI, keeping people safe on the intertubes has gone from an afterthought in the international development space to something that scores of organizations are doing to support activists, journalists, rights defenders and democracy advocates.

With regimes getting nastier online by the day and even the head of the world's biggest intelligence service vulnerable to government cyber-snooping, there's a huge need for increasing the number of people able to share lessons in this area; funders, too have been shoveling heaps of money into this space.  We desperately need to grow the pools of well-taught trainers deeply experienced in digital security for people in the most sensitive political spaces,. There's been some well-intentioned but not well-educated trainers who can do more harm than good struggling to fill this void, leaving a swath of pupils who feel safer than they should in their wake.

We're trying to fill in this gap.

A new program being led by Internews and NDItech with support from some of the top international digital security teams is working to create a gold-standard curriculum of teaching modules running the gamut of topics that a trainer may have to teach. READ MORE »

Traversing Planet Blue Coat

Planet Blue Coat

Our trusted friends, the researchers at Citizen Lab recently published Planet Blue Coat, a report detailing the extent to which U.S.-manufactured network surveillance and content filtering technologies are used to facilitate repression against journalists, human rights activists, and other pro-democracy groups.

This is not a new problem. Software developed by Western countries to filter web-hosted content or otherwise obtain data from internet users without their knowledge and consent has been a serious issue for over a decade. It first emerged in China where Cisco Systems sought lucrative business opportunities with China's Golden Shield project, more commonly known as the Great Firewall of China. In recent years, similar technologies have emerged in repressive regimes throughout the Middle East, such as censoring and monitoring technologies in pre-revolutionary Tunisia and in Syria, as well as in closed societies such as Burma. READ MORE »

Internet Freedom - Not So Much in Mobile Land

African Countries with SIM Card Registration Requirement (Courtesy: Martin and Donovan)

Last week was Internet Freedom Day - a year after a bill attempting to restrict content online, the so-called SOPA/PIPA bill, was defeated in the United States Congress. We here at NDItech are people of the Internet. We believe, as described in the Declaration on Internet Freedom, that

a free and open Internet can bring about a better world. To keep the Internet free and open, we call on communities, industries and countries to recognize these principles. We believe that they will help to bring about more creativity, more innovation and more open societies.

But, we are worried. As an organization that supports and works for democratic principles and practices, empowered communities, and responsive and accountable governments under the rule of law, and, as a unit within this organization that believes and works on the effective and innovative use of technology in this work, we see troubling trends. 

These are trends not happening on the Internet as we typically define it per se, though even there is plenty to worry about. What we are seeing is in the land of mobile phones - the devices and networks where most of the world communicates today.  There is actually very little information on 'internet freedom' issues in telecommunications - there is no 'state of mobile freedom' report, and there is precious little data on mobile censorship, SMS tracking, surveillance, etc.  Much of it is anecdotal, unsubstantiated, or both. READ MORE »

Technology Tools for Activists Handbook

The best way to find out? Check out their handbook

Tech Tools for Activism (TTFA) has just released the latest version of it's handbook, with information and instructions for tools any activist can use. The handbook is not filled with flashy, sexy programs, nor does it give you THE one comprehensive answer that takes care of all your security needs. What the handbook does well, however, is to give you a simple explanation about why your security is at risk, and give you free programs that will help keep you safe.  Both the easy to read layout and educational explanations make this handbook a good primer for activists, their partners, and for anyone who has a general interest in security while using communications technology. 

Included in the manual are topics such as:

Syndicate content