As we've seen in Iran and Tunisia, social networking tools have given activists in authoritarian regimes a powerful voice, which can be heard well beyond their own country. But the use of social networking tools has also given their governments ways to identify and retaliate against them. This week we are watching the same dynamic play out in Egypt. This is why it is critical that all activists in Egypt and elsewheretake precautions to protect their anonymity and freedom of expression. The protests in Egypt this week also highlight another important point: authoritarian governments can block access to social media websites, but determined, tech-savvy activists are likely to find ways to circumvent censorship to communicate with the rest of the world.
In an attempt to clamp down on Egyptian protesters, Egyptian President Hosni Mubarak’s government is intermittently blocking websites and arresting bloggers, journalists, and dissidents. Like the Tunisians, Egyptian protesters have made heavy use of social media websites to share information about the protests with the outside world and with each other. In spite of the Egyptian government’s blocking of Twitter, tweets from the Egyptian protests in Suez and Cairo provided up-to-the-minute reports about protest activity, the movements of police, deaths and injuries, links to photos on Twitpic, and videos on YouTube. Cooperation amongst protesting citizens has kept communications resilient so far. When protestors in Cario's Tahir Square experienced an outage in cell phone data service, nearby residents reportedly opened their home Wi-Fii networks to allow protesters to get online.
On the first day of protests, the Egyptian government blocked several websites, including Twitter and Bambuser, a Swedish website which allows users to stream live video from their cell phones. By the second day, the government's blocking of Twitter was sparse and intermittent, but there were reports of blocking Facebook and YouTube. It is unclear whether or not the Egyptian government will continue to expand its list of blocked sites in the coming days. Even the US Secretary of State Hillary Clinton, who was conspicuously silent during the protests leading up to the Tunisian revolution, has called on the Mubarak government to respect freedom of expression and urged them “not to…block communications, including on social media sites.”
The other dangerous aspect of the Mubarak government’s shameful campaign of silence and censorship has been the arrest and detention of bloggers, journalists, and activists. The Committee to Protect Journalists has reported that the Egyptian government has shut down at least two independent news websites: Al-Dustour and El-Badil. Police beat Al-Jazeera correspondent Mustafa Kafifi and Guardian reporter Jack Shenker, who posted an audio recording of the incident. Policemen have attacked and arrested cameramen covering the protests and onlookers recording the protests with cell phones.
Egypt is no stranger to the arrest of bloggers. Egyptian blogger Kareem Amer was sentenced to four years in prison for “disparaging religion” and “defaming the president” in 2007. In 2009, web forum founder Karim Al-Bukheiri was arrested, tortured, and subject to constant government surveillance. Just last year, the Islamic Human Rights Foundation reported that Egyptian Security Forces arrested “at least 29 activists, including bloggers, lawyers, and human rights activists.” The concern here is clearif the street protests subside, the Mubarak government could initiate a campaign of retaliation and oppression, arresting and harassing the very bloggers and activists who have been chronicling the protests online. Some countries have gone even further. In Iran two opposition activists were hanged this week for taking pictures and video of the Green Revolution protests and posting them online.
Given the potential dangers, it is absolutely critical that Egyptian protesters take precautions when communicating online. To reiterate, social networking tools have given activists a powerful voice, which can be heard well beyond Egypt, but activists should also remember that the Egyptian government could use these same tools to identify and retaliate against them. We recommend that political activists look at our Surveillance Self Defense International report for information on how to use technology defensively to better protect their anonymity and freedom of expression in Egypt and other authoritarian regimes.
In the last months of 2010, the WikiLeaks wars reminded transparency activists of something copyright and trademark lawyers know all too well – online speech is only as strong as the many service providers on which it depends. All too often web hosts, domain name registrars and other service providers cave at the slightest legal or government pressure, with disastrous consequences for their users.
We had hoped that credit card and other financial services would resist efforts to pressure them to stop processing payments to controversial websites. So we were dismayed to hear that not only does MasterCard support the passage of the Internet Censorship and Copyright Bill ("COICA"), but that it also appears to be signaling a willingness to voluntarily stop processing payments made to sites that allegedly offer “pirated” or other copyrighted content. Keep in mind that courts have ruled that credit card companies do not face liability for potentially infringing activities on site for which they merely process payments.
Of course, if COICA becomes law, the Justice Department would have the power to order MasterCard to stop processing payments to certain sites. That's one reason we are worried about the effects of COICA: it offers a new process for shutting down websites deemed “bad sites” without appropriate safeguards to prevent the takedown of noninfringing content, including political and other speech. In effect, it enlists service providers as censors, necessarily hampering Internet commerce and innovation.
Any decision by Mastercard to stop processing payment voluntarily would be even more troubling. As the New York Times recently wrote in an editorial:
[A] bank’s ability to block payments to a legal entity raises a troubling prospect. A handful of big banks could potentially bar any organization they disliked from the payments system, essentially cutting them off from the world economy.
For example, MasterCard might decide to stop processing payments to popular hosting sites such as RapidShare, even though at least one court has ruled that RapidShare likely is not guilty of infringement. Given the importance of a consistent revenue streams to emerging companies, blocking payments might effectively mean putting them out of business.
The Internet only remains open, accessible and vibrant when the entire chain of providers operates together: financial transaction providers, service providers, hosting providers, content providers, and all of the other companies that keep sites online and accessible. We encourage MasterCard – along with all others who help provide availability and access on the Internet – to reverse course and choose to promote a thriving Internet by refusing to serve as private censors and standing up against COICA.
This morning, the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security held a hearing on mandatory Internet data retention, once again reviving the debate over whether Congress should pass legislation to force ISPs and telecom providers to log information about how users communicate and use the Internet. The hearing, awash with rhetoric about targeting Internet crime and including an unexpected condemnation of EFF's privacy advocacy, was purportedly an information- and fact-finding hearing to explore the issue of data retention and consider what Congress' role should be. However, it's already clear where the new House Judiciary Chairman, Representative Lamar Smith, stands on the issue: he introduced data retention legislation just last year and likely will do so again this year.
EFF believes that government-mandated data retention would be an overwhelmingly invasive and costly demand, raising serious privacy and free speech concerns — points well-argued at the hearing by John Morris, General Counsel of CDT [written testimony], and Kate Dean, Executive Director of the United States Internet Service Provider Association [written testimony].
Although the Obama Adminstration has not yet put forward a specific data retention proposal, any such proposal would likely have ISPs and perhaps other online service providers preemptively recording data about the online activities of millions of Americans who haven't committed any crime. Advocates for data retention typically focus narrowly on the benefits afforded to law enforcement without accounting for the massive costs and extreme security risks that come with storing significant quantities of data about every Internet user — databanks that will prove to be irresistible not only to government investigators but also civil litigants (read: ex-spouses, insurance companies, disgruntled neighbors) and malicious hackers of every stripe. A legal obligation to log users' Internet use, paired with weak federal privacy laws that allow the government to easily obtain those records, would dangerously expand the government's ability to surveil its citizens, damage privacy, and chill freedom of expression.
Perhaps the biggest surprise in the hearing was Deputy Assistant Attorney General Jason Weinstein's attack on EFF and our Best Practices for Online Service Providers (OSPs) whitepaper. As Weinstein testified, "In 2008, the Electronic Frontier Foundation published a user guide or a guide that was titled Best Practices for Online Service Providers which I think is unintentionally the best argument for Congress to intervene in this space than anything that I can say today." Weinstein went on to object to some of the guidelines in the whitepaper, designed by attorneys and technologists to best balance the business and technical needs of OSPs and their users' privacy and civil liberties. Apparently, the Justice Department thinks that informing Internet companies that data retention is not legally required, and also suggesting strategies for protecting their users' privacy, is a clear and present danger to online safety.
Unfortunately, today's hearing is the first signal that the Obama Administration, like the Bush Administration before it, hopes to push a new data retention law through Congress. Thankfully, at least some representatives present at the hearing seemed to recognize that when Americans' privacy and security are at risk, a healthy level of skepticism and rigorous investigation will be vital to avoid creating disastrous legislation. EFF plans to keep Congress and the public well-appraised of the threat to civil liberties posed by mandatory data retention, so stay tuned to Deeplinks and the EFF Action Center for updates as the issue works its way through Congress.
Earlier today, Mozilla announced plans to incorporate a Do Not Track feature into their next browser release, Firefox 4.1. Google also announced a new privacy extension today, but we believe that Mozilla is now taking a clear lead and building a practical way forward for people who want privacy when they browse the web.
Why We Need Do Not Track
Privacy advocates have been calling attention to issues of pervasive online tracking for some time. Often intertwined with the issue of behavioral targeting, online tracking refers to the difficult-to-elude mechanisms by which most or all of our reading and other activities on the Web are recorded by third parties, without our knowledge or permission.
Currently, a subset of advertisers offer a mechanism for opting out of behavioral advertising through the Network Advertising Initiative — a project that has been widely criticized for failing to provide consumers with meaningful control. The NAI opt-out suffers from several problems: the biggest is that there is no consistency on what "opt out" means. Some tracking companies recognize that an "opt out" should be an opt out from being tracked, others insist on interpreting the opt out as being an opt out for receiving targeted advertising. In other words, the NAI allows its members to to tell people that they've opted out, when in fact their web browsing is still being observed and recorded indefinitely.
The cookie-based opt-out scheme also suffers from serious technical drawbacks. Some of these are issues of complexity — tracking companies need to opt-in before it can work and new types of cookie need to be created for each of them. There is also the issue of fragility — privacy conscious users delete their cookies regularly, which means the opt-out keeps turning itself off.
The "Keep Your Opt-Outs" Chrome extension announced by Google today is an attempt to address that last problem. In that respect it is similar to the TACO Firefox Extension, though it doesn't set any opt-out cookies for companies that are not NAI members. It also doesn't fix the other fundamental problems with the NAI's approach: complexity, the lack of a clear signal that can be observed and interpreted by any website, and allowing fake opt-outs that only protect you from targeted advertising but don't prevent any tracking.
For these reasons, we believe that the only sensible way forward for privacy opt-outs is a Do Not Track header, and we're very pleased to see Mozilla planning to offer this option in their future browser versions.
How Will Do Not Track Work?
Every time your computer sends or receives information over the Web, the request begins with some short pieces of information called headers. These headers include information like what browser you're using, what language your computer is set to, and other technical details. The Do Not Track proposal is to include a simple, machine-readable header indicating that you don't want to be tracked.
The header-based Do Not Track system appeals because it calls for an armistice in the arms race of online tracking. Currently, advertisers constantly invent new ways of tracking consumers and security researchers work to block this tracking with new technology. A header-based Do Not Track model sends out a signal with every online communication indicating a user's preference not to be tracked. This puts the onus on the tracking companies to comply with Do Not Track mechanisms — rather than on the user to discover and counter every type of possible online tracking.
Some important things to note about this proposal:
There is no "list" that consumers need to sign up for. Early discussion of Do Not Track included proposals about a list-based registry of users, similar to the Do Not Call Registry. This proposal does not collect data on consumers in a central list. (Security and privacy researcher Christopher Soghoian has more about the history of Do Not Track.)
Consumers won't need to update software for Do Not Track regularly. Early versions of Do Not Track proposed installing software on an individual's computer that listed all the known tracking companies. As more companies were identified, the list would need to be updated. The current proposal does not store a list of companies on your computer and so does not need to be repeatedly updated.
You can still clear your cookies without fear of disrupting the header-based Do Not Track.
EFF will be submitting formal comments to the Federal Trade Commission responding to questions they raised in their privacy report. In the meantime, users should consider using some of the Mozilla Firefox addons that have already incorporated the header-based advertising opt-out. The Universal Behavioral Advertising Opt-Out is the easiest way to set the header today, though it is also set by development versions of AdBlock Plus and NoScript, and will be in future stable releases of those extensions. Because many advertisers do not yet respect the header, for the time being, we recommend installing it along side beef TACO and AdBlock Plus (with EasyPrivacy) for the time being.
We plan to continue posting articles that will explore and explain Do Not Track. Our next article will discuss the semantics and server side responses that are appropriate in response to a Do Not Track header. In other words, what does the "Track" in Do Not Track mean?
Last week, EFF joined a coalition of public interest and media groups in filing an amicus brief (pdf) urging a California Court of Appeal to uphold the public’s right to access electronic files created and stored by local governments. The case, Sierra Club v. Superior Court, focuses on the public’s right to access geographic information system (GIS) basemaps created by local governments in California.
GIS basemaps integrate basic property information such as parcel boundaries, addresses, and other property data. Additional information can then be "layered" on top of the basemaps, enabling users to understand, interpret, and visualize data in ways that simply aren't possible through the rows and columns of a spreadsheet. Individuals and organizations then use these maps for a variety of innovative purposes — for example, scientists use them, journalists and the media use them, and public interest organizations use them(pdf).
The Sierra Club filed a request under the California Public Records Act (CPRA) for Orange County’s property information — information the County used and maintained in a GIS format. The Sierra Club requested the GIS basemap as part of its mission to protect open spaces in California: using the basemaps, the Sierra Club makes detailed maps of proposed real estate developments and suggests possible alternatives to those developments. The County, however, refused to turn over the information in the requested GIS format, despite its obligation under California law to provide public records in “any electronic format in which it holds the information.” Instead, the County offered to provide the property information in a pdf, even though the County already had the information available in GIS format.
Orange County claimed that information stored in GIS format is exempt from disclosure under the "software exception" of the CPRA. While the CPRA does exempt government entities from disclosing "computer software developed by a state or local agency," public information processed or formatted for that software is not exempt. Coupled with the County’s obligation to provide public records in the format requested, it seems clear that Orange County is illegally withholding its GIS basemap from the Sierra Club.
Unfortunately, the trial court sided with Orange County and inexplicably held that the GIS basemap constituted software that was exempt from disclosure. The Sierra Club appealed the decision, and the appellate court ordered full briefing. Our amicus brief argued that simply because information is stored in a specific electronic file format, that format does not change the public nature of the information itself.
Last week's post about the increasingly draconian and desperate measures the Tunisian government was taking to censor bloggers, journalists, and activists online was rapidly made irrelevant by subsequent events. Over the next few days, Tunisian dictator El Abidine Ben Ali promised not to run for re-election in 2014, then offered widespread reforms, including freedom of expression on the Internet, and finally stepped down from power and fled the country. The steps that EFF called on Facebook, Google, and Yahoo to take in order to protect the privacy and safety of their Tunisian users soon lost their urgency. For now, Tunisians are experiencing unprecedented freedom online after years of extensive government filtering and censorship of websites.
One early lesson from the Tunisian revolution has been that social networking sites can be powerful tools for communication. There has been a great deal of argument about the role of social networking sites in the Tunisian revolution. The Berkman Center's Ethan Zuckerman observes that the riots and protests in Tunisia did not receive even a fraction of the social media coverage that was lavished on Iran's Green Revolution:
For users of social media, the protests in Iran were an inescapable, global story. Tunisia, by contrast, hasn't seen nearly the attention or support from the online community.
Even so, Zuckerman credits social media with giving Tunisians a view of the protests that they did not get through heavily-censored government television, radio, and newspapers. YouTube had been blocked in Tunisia since 2007, but that did not stop Tunisians from using the site to share videos of the riots and protests with the world. Tunisians shared details about the clashes between the unarmed protesters and police using live ammunition on Twitter. The first rumors of a coup on January 12th were also spread on the social networking site. The interim government includes blogger Slim Amamou, who had been detained by the Tunisian government as a political prisoner just last week. Slim made the announcement that he would be joining the new government as Secretary of State for Sports and Youth Affairs on his Twitter stream.
Another early lesson from the Tunisian revolution is that activists in repressive regimes must take steps to minimize risk to themselves when communicating online. While social networking sites played a role in allowing Tunisians to communicate about the riots and protests among themselves and to the outside world, the Tunisian government also exploited social networks to track down dissenters. Bloggers, journalists, and online activists in Tunisia faced detention as well as government attacks against their Facebook and email accounts, which serve as a reminder that online activists in repressive regimes may be vulnerable to government reprisal. EFF urges online activists to read our Surveillance Self-Defense International page, which gives practical advice for people living in repressive regimes who want to speak out while minimizing the risk of surveillance and censorship by their governments.
The threat to Tunisian activists appears to have abated for now, but the opportunity to learn from their successes and failures is just beginning. The precautions outlined in SSDI are essential reading for everyone who wants to follow in their footsteps.
Increasingly powerful mobile phones are making Internet access and use more convenient than ever. However, the security of mobile operating systems is not as mature or as strong as that of workstation and server operating systems. Platforms like Windows and Ubuntu receive security scrutiny, and regular and frequent updates to resolve security problems. The open source/free software communities and Microsoft are more or less open about security problems and fixes. (For example, here is Ubuntu’s security notices page and Microsoft’s excellent Security Response Center blog.)
By contrast, mobile systems lag far behind the established industry standard for open disclosure about problems and regular patch distribution. For example, Google has never made an announcement to its android-security-announce mailing list, although of course they have released many patches to resolve many security problems, just like any OS vendor. But Android open source releases are made only occasionally and contain security fixes unmarked, in among many other fixes and enhancements.
However, Google’s distribution of Android for “Google Experience Devices” such as the Nexus One is the best commercial distribution and gets updates the most often (rare as they are). Carriers and OEMs like HTC, Verizon, and others tend to release “customized” versions of Android with new features added, and sometimes with standard features removed. Users may or may not want the new features and the new features may or may not be secure. Their distributions are sometimes based on old and known-vulnerable versions of Android, and they tend to publish updates rarely — or never. As a result, the ecosystem of Android devices is out of date, fragmented, and unnecessarily vulnerable to known attacks. This situation is bad for everyone: users, carriers, OEMs, application developers, and Google.
Android is hardly the only mobile security offender. Apple tends to ship patches for terrible bugs very late. For example, iOS 4.2 (shipped in early December 2010) contains fixes for remotely exploitable flaws such as this FreeType bug that were several months old at the time of patch release. To ship important patches so late is below the standard set by Microsoft and Ubuntu, who are usually (though not always) much more timely. (For example, Ubuntu shipped a patch for CVE-2010-2805 in mid-August, more than three months before Apple.)
However, consumers can mitigate their risks by exerting market pressure, and may still have the best chance of doing so with Android phones. Last July, EFF won a rulemaking from the Copyright Office stating that jailbreaking mobile devices is not a violation of the DMCA. Thus, at least for now, it is not a violation of the DMCA to jailbreak your mobile device to install third-party patches or even entire third-party software distributions such as CyanogenMod. (Note: the rulemaking did not affect any other legal barriers, such as your terms of service.) Android’s open source nature makes CyanogenMod possible; don’t expect to see a third-party fork of iOS any time soon.
Although there is no guarantee that third-party distributors will be more responsive to security problems, and nor is there any guarantee that they will not introduce new security problems, they do have an opportunity to perform better than Apple and Google have so far and to take market share.
Mobile devices such as smartphones and tablets, and their associated operating systems, will increase in power and gradually cannibalize the laptop market (just as laptops gradually cannibalized the desktop workstation market). Bluetooth and docking stations will give mobile devices the capability for sustained daily work, while sacrificing none of the mobility. Users should not have to sacrifice what little security they have in the move to mobile platforms. EFF urges users to exert some market discipline on mobile device vendors, and encourages developers to hack on third-party Android distributions. Mobile platforms are the future of computing. Let's vote with our wallets and tell mobile vendors why we care about security.
FULL DISCLOSURE: I briefly worked at Google on Android framework security, worked for Google as a contractor with iSEC Partners, and was offered a job by 3LM.
A few weeks ago, we mentioned a rather unusual technological endeavor to create an online currency. We received a few queries about this subject, so decided to provide a more thorough description of what digital currency is, how this system works, why it's appealing and how it might fall short of user expectations.
To understand digital currency, one must first note that money in the digital age has moved from a largely anonymous system to one increasingly laden with tracking, control and regulatory overhead. Our cold hard cash is now shepherded through a series of regulated financial institutions like banks, credit unions and lenders. Bitcoin, created in 2009 by Satoshi Nakamoto, is a peer-to-peer digital currency system that endeavors to re-establish both privacy and autonomy by avoiding the banking and government middlemen. The goal is to allow individuals and merchants to generate and exchange modern money directly. Once the Bitcoin software has been downloaded, a user can store Bitcoins and exchange them directly with other users or merchants — without the currency being verified by a third party such as a bank or government. It uses a unique system to prevent multiple-spending of each coin, which makes it an interesting development in the movement toward digital cash systems.
The model proposed by Bitcoin is in many ways a response to some of the privacy and autonomy concerns surrounding our current financial system. Current money systems now increasingly come with monitoring of financial transactions and blocking of financial anonymity. A peer-to-peer currency could theoretically offer an alternative to the bank practices that increasingly include sharing information on their customers who don't actively opt-out, and who may even then be able to share data with affiliates and joint marketers. Bitcoin is particularly interesting in the wake of recent events that demonstrated how financial institutions can make political decisions in whom they service, showcased by the decisions of PayPal, Visa, Mastercard and Bank of America to cut off services to Wikileaks. Bitcoin, if it were to live up to the dreams of its creators, might offer the kind of anonymity and freedom in the digital environment we associate with cash used in the offline world.
But Bitcoin's current implementation won't resolve all of the issues surrounding autonomy and privacy. Notably, the anonymity on Bitcoin is not entirely secure at this time, which makes its merits as a more private form of currency tenuous at best. There are also other weaknesses to the system, some significant, which should be understood before using Bitcoin. And as of this writing, Bitcoin can't be used to donate to Wikileaks. But even more important than these concerns is the fact that governments around the world may raise legal issues with any digital cash scheme — ranging from money laundering to tax evasion to a range of other regulatory concerns. Nonetheless, Bitcoin is an intriguing project and worth watching to see how it develops in the coming years.
While Bitcoin is relatively young, digital currencies have been around a long time. Digicash, released in 1994, is considered a pioneer of electronic cash using cryptography to maintain anonymity. The Ripple currency project relies on interpersonal relationships to allow communities to create their own money systems (which is similar to the Local Exchange Trading System). There is also the anonymous digital cash system eCache, which can only be accessed via the anonymous onion routing network Tor. There are also numerous other digital money projects that have been proposed over the years; Bitcoin is just the newest chapter in the ongoing effort to create wholly digital currency.
Bitcoin is not challenging to use. Anyone can go online and start generating Bitcoins. The computer creates a coin by dedicating CPU power to solving a mathematical problem; every time the problem is solved, a Bitcoin is generated and another problem is offered up. The total number of Bitcoins will approach 21,000,000 over time. Learn more.
Perhaps the most interesting dimension of the Bitcoin project is its unorthodox approach to fraud prevention. Traditional currency systems have relied on trusted third parties to verify that the same unit of currency is not exchanged multiple times. For example, when you make a purchase with your credit card, the credit card company adjusts your available balance. Bitcoin addresses this problem without a third party by making all transactions public. As Bitcoin developer Gavin Andresen explained, every coin has a digital signature attached to it for every transaction that takes place; each time the coin is exchanged, another signature is added. If two coins appear identical, the one that was accepted by the Bitcoin network first is considered valid. Even though the transactions are public, the individuals tied to the transactions are anonymous. This is similar to how the stock exchange makes stock values public without disclosing individual owners. See the technical paper: Bitcoin: a Peer-to-Peer Electronic Cash System.
It's too early to say whether Bitcoin will be a success. Any new currency system faces an uphill battle, both technically and legally. The worth of Bitcoins, if the system ever gets wide adoption, will be based on an ever-fluctuating market value. Merchants will need to accept Bitcoins as a placeholder for goods and services, just like any other form of currency. This has been a barrier to other digital cash options historically, so it's difficult to know whether Bitcoin will be better prepared to face these challenges. But many believe that there's a need for decentralized currency system, and Bitcoin certainly is a step toward censorship-resistant digital currency. Bitcoins can already be used to make purchases and can even be donated to a few of your favorite charities — including EFF.