Writing software to protect political activists against censorship and surveillance is a tricky business. If those activists are living under the kind of authoritarian regimes where a loss of privacy may lead to the loss of life or liberty, we need to tread especially cautiously.
A greatdealofpost-mortemanalysis is occurring at the moment after the collapse of the Haystack project. Haystack was a censorship-circumvention project that began as a real-time response to Iranian election protests last year. The code received significant levels of media coverage, but never reached the levels of technical maturity and security that are necessary to protect the lives of activists in countries like Iran (or many other places, for that matter).
This post isn't going to get into the debate about the social processes that gave Haystack the kind of attention and deployment that it received, before it had been properly reviewed and tested. Instead, we want to emphasize something else: it remains possible to write software that makes activists living under authoritarian regimes safer. But the developers, funders, and distributors of that software need to remember that it isn't easy, and need to go about it the right way.
Here are a few essential points:
Secure communications tools need a clearly defined model of the privacy threats they defend against, and the way the design addresses those threats needs to be clearly and rigorously specified.
Careful thought needs to be put into user interface design, so that the end users of the system (who may not speak English, nor be sophisticated computer users) have some hope of understanding what threats the software is and isn't defending against. This is hard to do right, but it's very important: in some cases, if a dissident is a major target for a sophisticated government, they probably shouldn't be using networked computers at all.
Writing secure software is much harder than just writing software; it requires a different mindset and a whole extra set of skills and experience. Unless a project includes experienced, competent security engineers, it is almost certain to include bugs that threaten users' privacy (actually, all complex codebases include security bugs, but good security teams will be able to make them rarer and do a better job of mitigating the damage).
Tools need to be thoroughly tested by the computer security community before they are distributed to activists whose lives and liberty are at stake. Fortunately, plenty of well-tested tools are available to provide privacy and circumvention of censorship, including Tor, ssh, VPNs, or Gmail over HTTPS. All of these tools have their own limitations, and need to be used for the correct purposes, but they are the best choices for activists in at least some situations.
Until you're familiar with the extensive research literature on privacy-preserving communications systems, it's probably best to get involved with (or fund) one of the many existing projects that are trying to defeat Internet censorship, before starting your own. The Tor Project is the largest and most organized of these, and is a good place for developers and funders to find work that needs to be done. There are numerous academic groups doing high-quality research, and some of them also build invaluable privacy tools. There are also some small projects that still need a lot of extra work and security auditing, but which may one day provide extremely important tools for dissidents; the "T(A)ILS" project is one good example.
"You will not solicit login information or access an account belonging to someone else."
"You will not . . . let anyone else access your account, or do anything else that might jeopardize the security of your account."
After months of dragnet litigation and intimidation, some of the thousands of “John Doe” Defendants targeted in mass copyright lawsuits filed in the District of Columbia are fighting back in earnest.
The lawsuits are the brainchild of a Washington, D.C., law firm calling itself the "U.S. Copyright Group" (USCG). USCG investigators have identified IP addresses they allege are associated with the unauthorized uploading and downloading of independent films, including "Far Cry" and "The Hurt Locker." Using those addresses, USCG has filed several "John Doe" lawsuits in D.C., implicating well over 14,000 individuals, and has issued subpoenas to ISPs seeking the identities of the subscribers associated with those IP addresses.
Last week, a group of over 40 Doe Defendants targeted in two of the cases filed an omnibus motion to quash a subpoena seeking their identities and to dismiss the cases against them. The Defendants are represented by Carey Lening, Christina DiEdoardo, Tuna Mecit and Bradford Patrick. Echoing arguments EFF raised in an earlier amicus brief, the Defendants explain that USCG has improperly joined together thousands of defendants and has sued those defendants in the wrong court. In addition, Defendants argue that USCG’s gamesmanship violates the normal procedures for large-scale litigation against people located across the country (the Multi-District Litigation rules), resulting in additional costs and burden to the Defendants. Numerous other Does have moved to quash and/or dismiss as individuals as well.
In addition, the judge in one of the cases has issuedorders requiring USCG to justify suing two of the Does in the District of Columbia, as the Defendants claim to have no contacts with the District.
EFF believes USCG's litigation tactics violate basic due process rights, and we’ve been working hard both to call the court’s attention to those violations and help the Does get access to the resources they need to defend their rights. Kudos to the attorneys who have signed on to defend these Does, and to the Defendants themselves for demanding that USCG play by the rules.
Yesterday, the Ninth Circuit issued an unfortunate revised opinion in United States v. Comprehensive Drug Testing Inc., a case featuring blatantly unconstitutional government action. As the court put it:
“This case is about a federal investigation into steroid use by professional baseball players. More generally, however, it’s about the procedures and safeguards that federal courts must observe in issuing and administering search warrants and subpoenas for electronically stored information.”
One shocking example: the government seized and reviewed the drug testing records for hundreds of players in Major League Baseball—and many other people—even though the judicially authorized warrant was limited to the records of the ten players for whom the government had probable cause.
The Ninth Circuit had in its earlier en banc decision [579 F.3d 989 (9th Cir. 2009)] set forth guidelines meant to ensure that even otherwise lawful warrants authorizing the search and seizure of computers do not give officers too much access to private data that might be intermingled with evidence of a crime: (1) the government must waive the “plain view” rule, meaning it must agree to only use evidence of the crime or crimes that led to obtaining the warrant, and not to use evidence of other crimes; (2) the government must wall off the forensic experts who search the hard drive from the agents investigating the case; (3) the government must explain the "actual risks of destruction of information" they would face if they weren't allowed to seize entire computers; (4) the government must use a search protocol to designate what information they can give to the investigating agents; and (5) the government must destroy or return non-responsive data.
The government, however, challenged these guidelines by seeking “super” en banc rehearing by the full Ninth Circuit (in the Ninth Circuit, ordinary en banc review is done by a panel of 11 judges).
Sadly, while yesterday’s decision reached the same, correct result in this case and denied super en banc rehearing, the revised majority opinion now omits the privacy-protective guidelines. Instead, those guidelines are now part of a 5-judge concurrence and are not binding on magistrate judges issuing warrants.
We're disappointed. True, the Ninth Circuit recognized that government agents have “a powerful incentive . . . to seize more rather than less” (the opinion archly characterizes the government’s view as “Let’s take everything back to the lab, have a good look around and see what we might stumble upon.”). And eliminating the guidelines might avoid Supreme Court review.
Still, if the Ninth Circuit wanted “to avoid turning a limited search for particular information into a general search of office file systems and computer databases,” it would have been far better off with its original, binding rules.
When it comes to copyright enforcement and the government, EFF frequently warns that giving government agents a reason to censor, search, seize, and indict must be taken very seriously. Without safeguards and a thorough accounting of the consequences, laws and policies targeting so-called "pirates" can be used to pry away human rights and undermine fundamental elements of democracy and freedom.
We saw damning evidence of this unfold this past weekend. On Saturday, the New York Times broke news of Russian law enforcement officers raiding an environmental group's offices and confiscating computers. What excuse did the police officers give for raiding the environmental group? Because Russian security services were investigating claims (unfounded, as it turned out) that the group had unauthorized copies of Microsoft software.
The New York Times article goes on to explain that the raid on the environmental group is only a recent example of a growing pattern: "Across Russia, the security services have carried out dozens of similar raids against outspoken advocacy groups or opposition newspapers in recent years." For those familiar with the hard line copyright maximalist position — which holds that all copyright infringement should be swiftly prosecuted with harsh penalties regardless of the context — it was sadly unsurprising. (This risk is one reason that NGOs around the world choose free and open source tools that avoid the risk of copyright claims altogether.)
Fortunately, at this juncture, Microsoft has recognized this as an important human rights issue, and has responded responsibly and innovatively. The company plans to offer protection to advocacy groups and others who might be targeted for political reasons by issuing a blanket software license to advocacy groups and opposition newspapers in Russia and at least some other places in the world. The software license — which would allegedly be made easily and widely available — should help groups insulate themselves from political attacks and human rights violations clothed as accusations that Microsoft software has been stolen. (Whether or not law enforcement officials will respond to such a license when they're about to bust down the door of an advocacy group's office is another question entirely.) Microsoft has not said in which other countries it would offer this blanket license. We urge Microsoft to extend this offer worldwide.
But this issue isn't limited to Microsoft or to software. A sprawling, powerful group-of-groups in the content industry, including movie and music industry lobbyists, software companies, and others, is constantly demanding that governments worldwide be given new powers to search for and seize allegedly pirated materials, and that those governments should act on those powers forcefully. In the name of copyright enforcement, the lobby shortsightedly demands provisions that put human rights at risk throughout the world: the power for governments to censor parts of the Internet with so-called copyright filtering, power for governments' border agents to search travelers' goods for "infringing" items, power for governments to detain alleged infringers pre-trial.
If the copyright lobby gets their way with the Anti-Counterfeiting Trade Agreement (ACTA) or if governments continue to act on the claim that "piracy" demands sweeping changes to Internet privacy and freedom, then we can generalize the New York Times headline — "Russia Uses Microsoft to Suppress Dissent" — into something we'll surely see more often: "Regime Uses Copyright Violations to Curtail Freedoms."
This episode should remind legislators and policymakers worldwide of the real risk that powers enacted in the name of copyright enforcement can to be used to do real harm. Ensuring balance in copyright law is not just good copyright policy — it's necessary to protect human rights and fundamental freedoms worldwide.
UPDATE: On September 23, 2010, Microsoft published details about their software license for non-governmental organizations (NGOs) and media organizations.
The 9th Circuit Court of Appeals, ruling en banc in a case called Mohamed v. Jeppesen Dataplan, yesterday adopted the Bush and Obama Administration's joint Executive Branch power grab in the form of the state secrets privilege. The Court, in a 6-5 en banc ruling, dismissed a case brought by victims of horrendous torture and forced disappearance against a Boeing subsidiary whose employee admitted that they knew they were handling the "torture flights." In refusing to hear the case, even the portions that could be based solely on already public evidence, the Court shunned its role as a co-equal branch of government protecting the rights of individuals against overreaching government. It also demonstrated just how badly we need Congress to step in and reform the state secrets privilege.
EFF had filed an amicus brief in the case, warning about this outcome: "Adopting the government's position would abdicate the Judiciary's Article III responsibility to adjudicate the constitutional and statutory limits on Executive authority."
Unfortunately, abdicating its responsibility is just what the Court did. It ordered summary dismissal of the complaint without allowing any discovery, or presentation of the public evidence or even a plan by the plaintiffs to litigate the case while respecting the necessary secrecy, something that has been regularly done in cases involving national security. And in doing so it created a dangerous risk that the Courts will allow the Executive broad unfettered powers to "turn the Constitution on and off at will," exactly what the Supreme Court refused to do in Boumediene v. Bush. In that case, the Supreme Court directly addressed and rejected the government's main argument in Mohammed, that the case involved a "painful conflict between human rights and national security." The Supreme Court said:
Security subsists, too, in fidelity to freedom's first principles. Chief among these are freedom from arbitrary and unlawful restraint and the personal liberty that is secured by adherence to the separation of powers.
So what does this mean for Jewel v. NSA, EFF's case against the government for mass warrantless wiretapping of ordinary Americans which has also faced broad state secrets claims from the government?
Likely nothing. The Ninth Circuit expressly noted that its analysis would be different where, as with FISA, Congress has passed a specific law on the subject.
In its almost apologetic Jeppesen Dataplan ruling, the 9th Circuit also emphasized that "it should be a rare case where the state secrets doctrine leads to a dismissal at the outset of the case." We strongly agree. And while we think the Court got it wrong in Jeppesen Dataplan, where the victims were foreigners who were injured largely on foreign soil by foreign agents, it would be an even worse tragedy if the Court abdicated its role to protect individual rights and privacy when the victims are millions of American citizens on American soil who have no connection to terrorism and who simply want basic privacy in their use the phone and the internet.
The Censorship Research Center announced on its blog today that it has halted testing of the Haystack anti-censorship software in Iran pending a security review by a third party. Based on this announcement, we recommend that users stop using all versions of the Haystack software immediately.
EFF is pleased to announce two new additions to our FOIA Litigation for Accountable Government (FLAG) Project: Staff Attorney Jennifer Lynch and Open Government Legal Fellow Mark Rumold. Our FLAG Project uses the Freedom of Information Act (FOIA) and other tools to uncover and expose important government information, protect individual liberties, and hold government agencies accountable.
Jennifer is already well-known in cyberlaw circles. Before joining EFF, Jennifer was the Clinical Teaching Fellow with the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley School of Law. At the Samuelson Clinic, Jennifer specialized in privacy and intellectual property issues, including privacy and the smart electrical grid, digital books, open source and biotech, fair use in educational materials, and government use of social media in criminal investigations. Before the Clinic, Jennifer practiced with Bingham McCutchen in San Francisco, where she focused on commercial litigation and represented several California prisoners in a large civil rights case against state prison wardens.