Category Archives: Uncategorized

Resources update: July 2014

After checking every link on the resource pages, and culling all outdated information, I’ve now added these new resources onto the relevant pages:

Tools:

Disconnect • Browser plugin to protect privacy while websurfing. For Chrome, Firefox and Safari.

Privacy Badger ª EFF’s browser add-on to protect privacy online. For Firefox and Chrome.

NoScript • Firefox extension for “whitelist based pre-emptive script blocking” to maximise secure browsing.

Martus • A free software technology tool designed to assist human rights organizations in collecting, safeguarding, organizing and disseminating information about human rights abuses.

Shodan • Search engine that lets you “find devices connected to the Internet, with criteria based on city, country, latitude/longitude, hostname, operating system and IP.” “The Google for hackers.” Now also with maps. @shodanhq

Projects:

LEAP Encryption Access Project • Non-profit dedicated to developing secure communications tools. Currently developing an encrypted Internet proxy.

uProxy • “A browser extension that lets users share alternative more secure routes to the Internet. It’s like a personalized VPN service that you set up for yourself and your friends.” An open-source project.

The Locker Project • Building an open-source platform for personal data storage, with the owner able to control how this data is protected or shared. @lockerproject

Data:

Open Integrity Index • Database of digital tools, evaluated so that users can “make sophisticated decisions about the tools they use for privacy and communications, without requiring a high-level security engineering background.” @openintegrity

CrisisNET • “An Ushahidi initiative to build a platform for the world’s crisis data, giving journalists, data scientists, developers, and other makers fast, easy access to critical government, business, humanitarian, and crowdsourced information.”

Institutions:

Center for Media & Social Impact • An “innovation lab and research center that studies, designs, and showcases media for social impact,” based at the American University in Washington, DC. @CMSImpact

Open Knowledge Labs • A “community of civic hackers, data wranglers and ordinary citizens” focussed on “making things – whether that’s apps, insights or tools.” Part of the Open Knowledge Foundation Network.

Alliance for Affordable Internet (A4AI) • A “coalition of private sector, public sector, and civil society organizations who have come together to advance the shared aim of affordable access to both mobile and fixed-line Internet in developing countries.” @A4A_Internet

TechChange • Provides technology training for social change. Builds “online certificate courses to individuals and build customized courses and learning experiences for organizations.” @TechChange

Global Commission on Internet Governance • Launched by two independent global think tanks, the Centre for International Governance Innovation (CIGI) and Chatham House, this 2-year project aims to educate the wider public on the most effective ways to promote Internet access, while simultaneously championing the principles of freedom of expression and the free flow of ideas over the Internet. Chaired by Carl Bildt. @OurInternetGCIG

The Governance Lab @NYU • Aims to “design, implement, and study technology-enabled solutions that advance a collaborative, networked approach to reinvent institutions of governance. The GovLab aims to improve people’s lives by changing how we govern.” @TheGovLab

http://dliberation.org/resources/reference/:

Set of Principles in Fair Use for Journalism • “A statement of principles to help journalists in the United States interpret the copyright doctrine of fair use.” By the Center for Media & Social Impact.

IETF Journal • “Aims to provides an easily understandable overview of what’s happening in the world of Internet standards, with a particular focus on the activities of the IETF Working Groups.” Published by the Internet Society.

Sweden should not be exempt from surveillance scrutiny

(This article was first published on The Local.)

This week, for a third straight year, Sweden is hosting the Stockholm Internet Forum, bringing together 450 activists, experts and business representatives from over 90 countries for two days of discussions on “how freedom and openness on the internet can promote economic and social development worldwide”. Sweden’s Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden’s Internet infrastructure, are sponsoring the event.

A year ago, it still felt necessary to justify why Internet freedom would be a topic worthy of an international forum. Not anymore — Edward Snowden took care of that in a spectacular fashion just a few weeks after last year’s conference, with his revelations of mass surveillance, targeted intrusions and cryptographic sabotage by the US in ways that far exceeded a legal mandate or stated aim.

Since then, the global repercussions of Snowden’s whistleblowing have placed Internet freedom squarely in the sights of mainstream media. And the balance of the debate has shifted, from censorship to a focus on privacy and surveillance — topics where the west’s record has proven far spottier. After Snowden, it’s clearer than ever that a citizen’s right to access and express ideas online is not complete without the defence of an equally important corollary: The right to privacy.

The theme of this year’s Stockholm Internet Forum has adapted to this new state of affairs: It’s “Internet — privacy, transparency, surveillance and control.” But even so, the forum is at a crossroads: How well it navigates three distinct challenges in the next few days and months will decide whether or not it can transition into a sustainable annual institution: These are 1) shifting national priorities, 2) international relevance, and 3) Sweden’s ability to continue projecting soft power among the cyber-activist civil society crowd.

The first challenge is a very possible change of government this coming September. Stockholm Internet Forum is the brainchild of foreign minister Carl Bildt’s longtime adviser Olof Ehrenkrona, who has crafted many of Sweden’s digital human rights initiatives over the past several years, and to whom credit is due for recognising early that Internet freedom is a defining issue of our time. The forum too has gained much of its prominence from Bildt’s sustained investment of his substantial international political capital in this project, but also from the government’s willingness to spend generously on gathering a highly dispersed bunch of people in Stockholm each year.

So the question becomes whether the Stockholm Internet Forum can survive the departure of these two men from the political stage. Behind the scenes, the talented team organising the forum should be able to move this project on to an institutional footing, but a new left-of center government come September might decide the project is an initiative by the right-of-center alliance, and wash its hands of it.

This would be a pity, if indeed the forum serves a genuine function. SIF does not exist in a vacuum: A growing number of global initiatives crowd the Internet governance landscape: The UN-sanctioned Internet Governance Forum aims to bring together all the major stakeholders in Internet governance — governments, corporations and civil society representatives. At the European level, EuroDIG fulfils a similar function. Brazil’s NETmundial conference, inaugurated a month ago as a direct result of Snowden’s leaks, also aims to forward a multi-stakeholder model for Internet governance focused on human rights. Like-minded governments talk to each other at the Freedom Online Conference, while more hard-nosed international telecommunications regulations are negotiated at intermittent ITU conferences. Non-governmental organisations compare best practices at Personal Democracy Forum in New York or Access’s RightsCon, while hackers congregate at venues such as the Chaos Communications Congress or Defcon… And this is just a fragmentary list.

Is there still room for SIF? Yes, and the reason why is hinted at in its list of participants: No other conference is so assiduous in championing the inclusion of civil society groups from the developing world and from authoritarian contexts — groups which otherwise do not have the independent means to take part in multi-stakeholder meetings. At SIF, these groups are able to build their networks to connect with the more established Internet governance stakeholders, which are also invited.

This unique role in broadening the reach of the conversation also plays to one of Sweden’s classic strengths — its ability to build and nurture networks of actors with aligned goals, based on its status as a soft-power superpower.

But herein lies the third challenge: Can Sweden maintain this reputation as a defender of Internet freedom among cyber-activists in the wake of documents leaked late last year by Snowden that reveal its signals intelligence agency collaborated with the NSA on a targeted hacking project?

The story, in short: Sweden’s signals intelligence agency FRA joined the NSA and the UK’s GCHQ in testing a man-in-the middle attack which aims to install malware on targeted foreign computer systems. By law, the FRA is only allowed to passively listen to cross-border signals, after gaining permission from a special court. Although the FRA possibly did not contribute to the intrusion part of the operation (instead forwarding promising signals as triggers for the others to act on) that is at best a case of following the letter of the law in order to blatantly flaunt it in spirit, in the guise of a collaborative effort.

This leak underscores how Sweden, like many other countries, practices a multifaceted approach to statecraft — from projecting soft power for the purpose of promoting human rights online, to secret cyber-security and defence operations rooted in realpolitik. These activities clearly tend to work at cross-purposes. It is important for the credibility of SIF that the organizers acknowledge this. Where to draw that line is very much a recurring topic of discussion at SIF, and as hosts Sweden should not be exempt from that scrutiny.

It has not gone unremarked that neither Snowden nor Glenn Greenwald or Laura Poitras, the journalists who first broke the story, will be attending SIF. It is important that the organisers acknowledge their work, even at the risk of bringing up FRA’s activities. Fortunately, there are ample opportunities for third parties to do so: As moderator, BBC HARDtalk presenter Stephen Sackur will have free reign to get to the heart of the matter, while a participant-led “unconference” is also set to converge on this issue.

Ideally, Sweden’s government would use SIF as a platform to demonstrate its own improving commitment to Internet freedom — for example, by publicly reporting aggregated data about the number of surveillance requests that are granted to FRA. And last year, Bildt became the first foreign minister to endorse a subset of ethical principles proposed by NGOs to constrain state surveillance. This year, why not announce an independent audit to see how well Sweden is complying? These are the kinds of concrete steps that would reassure participants at SIF that Sweden is indeed a committed proponent of Internet freedom, beginning at home.

Stockholm Internet Forum: The future of freedom on the internet is at stake

This article was first published on The Local as a general introduction to the net freedom issues being tacked at the 2013 Stockholm Internet Forum.

This week sees 450 policy-oriented technologists from 90 countries meet at the Stockholm Internet Forum, a two-day conference hosted by Sweden’s Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden’s Internet infrastructure.

Experts from civil society, government and business will tackle “Internet freedom for global development” and its security implications. If this sounds like the typical capacity-building aid summit, it’s not — the stakes are in fact much higher. This forum is not (just) about promoting an inclusive and open Internet in the developing world; it is also about ensuring a free and secure Internet in Sweden. That’s because these days, laws in countries from halfway around the world can affect you directly via your browser. Consider:

  • Many of the best Internet companies are American, subject to US law. When you trust your email correspondence to Gmail or Facebook, it is US law that protects your privacy. Bad laws, like the proposed Cyber Intelligence Sharing and Protection Act (CISPA) currently stalled in the US Senate, would allow law enforcement agencies to access your data without a warrant.
  • Some countries, such as Russia, turn a blind eye to cyber criminals as long as they target users outside their jurisdictions, giving these gangs a safe haven from which to attack, scam and spam. Their presence also provides plausible deniability for state-sponsored cyber attacks and espionage, such as the 2007 attack on Estonia’s banking system.
  • China’s government requires backdoor access to the contents of popular Chinese messaging services like QQ, TOM-Skype and WeChat. Connect via Skype to a user in China and your private conversation will be an open book, no matter where you are.

Still, the primary victims of delinquent Internet governance policies are most often local users: China’s sophisticated online censorship system has made much of the global Internet off-limits to its citizens; South Korea’s real name registration policy makes it harder for whistleblowers and sources to stay anonymous online; Internet kill switches allow dictators to single-handedly drag their county back into the 80s.

Sometimes, European and American firms contribute to the problem by selling surveillance tools to authoritarian regimes. One such company, Gamma International, let its tools be used to spy on the political opposition in Egypt, Bahrain and Malaysia. In 2012 Belarus was caught spying on dissidents using equipment installed and maintained by Sweden’s own Teliasonera. Growing public intolerance for such practices is having an effect, at least in the west: This year, Teliasonera contritely signed on to industry-wide guidelines for defending freedom of expression and privacy.

These and many other examples over the past decade have prompted a movement towards global norms for Internet governance. It’s this process that the organizers of the Stockholm Internet Forum are trying to shape, by keeping human rights concerns at the center of the debate about Internet security. The core message is that Internet governance should ultimately serve the citizen-user, rather than the interests of states or corporations. And yet even liberal democracies sometimes get this wrong, drafting overbearing security laws that gut the Internet of the freedoms that make it worthwhile.

There have been some successes on the human rights front: In 2011 a United Nations report by the special rapporteur Frank La Rue delineated how human rights law applies to online notions of freedom and privacy; in 2012 Sweden and other nations sponsored a successful non-binding UN Human Rights Council resolution affirming “that the same rights that people have offline must also be protected online”. Of course, the same countries that prey on the rights of people offline tend to do so online, using the same excuses.

Today, the situation remains precarious. There are two strongly opposed visions for how best to proceed with Internet governance at the global level. The incumbent arrangement sees responsibilities shared among many actors — technical foundations, corporations, governments, civil society NGOs — none of which individually control the process. The main policy-setting forum for this multi-stakeholder model is the annual Internet Governance Forum, championed by civil society organizations for its inclusive nature, even if the Internet’s core technical policy body, ICANN, remains based in the US.

In the other camp is a slew of countries — predominantly from Africa and Asia — who feel that the current system is too western and, well, democratic. In their vision, Internet policy is the sovereign right of states, with centralized, top-down control within national borders and multilateral treaties governing connectivity globally. Prominent backers of this model are Russia, China, Tajikistan and Saudi Arabia; they recently began promoting the UN’s International Telecommunication Union as a state-centric policymaking body for the Internet. As a result, much of Europe and North America refused to sign the latest ITU regulatory agreement in December 2012; many more countries did sign, however. The Internet may yet balkanize.

The ball is now in the court of those attending the Stockholm Internet Forum, most of whom defend the multi-stakeholder model of governance. Ideas on the table include making the distributed governance model even more inclusive of Asian and African stakeholders, since that is where most of the world’s Internet users now reside. Another proposal is to recast security concerns as compatible with human rights, by redefining security from the perspective of the user. In this same vein, several NGOs have just proposed principles for Internet surveillance that would be compatible with human rights. The hope is to win over the fence sitters in this emerging global schism by convincing them that a freedom-centric Internet is the only path to a mature and developed global information society.

If the Internet freedom movement is to prevail, it needs more opportunities to debate strategy, generate ideas and strengthen its networks. The Stockholm Internet Forum may just make the difference.

Follow the conference live on May 22-23 via video and via the #sif13 hashtag on Twitter.

Resources update: May 2013

Under Institutions > The Internet and society:

The Stanford Center for Legal Informatics (CodeX) • Stanford University center working on “technologies ranging from initiatives that solve content licensing inefficiencies in today’s digital media markets, to initiatives that provide greater access to justice, and initiatives that increase transparency in public markets.”

Under Institutions > Development and ICT:

Open Aid Partnership • A World Bank mapping initiative for open data to improve strategic planning, transparency and accountability of aid projects. Collaborates with the International Aid Transparency Initiative (IATI) and the Open Government Partnership (OGP).

Under Institutions > Crisis management and ICT:

Humanitarian OpenStreetMap Team • HOT “acts as a bridge between the traditional humanitarian responders and the OpenStreetMap Community.” Activities include collecting data, coordinating the design of OSM tools, teaching data quality assurance, collaborating with data imagery providers, and OSM outreach.

Under Institutions > Net Freedom, civil rights, privacy:

Digital Rights Foundation • Pakistan-based advocacy NGO “focusing on ICTs to support human rights, democratic processes and digital governance.” @DigitalRightsPK

IFEX • Global network of advocacy organizations, coordinating the defense of free expression. @IFEX

Under Institutions > Activism:

Demand Progress • US-based grassroots campaign organizers with a focus on civil liberties, civil rights, and government reform, including in the digital domain. @demandprogress

The Internet Defense League • Distributed system that allows websites to display alerts related to Internet freedom campaigns. By Center for Rights and Fight for the Future.

Center for Rights • Advocacy group organizing web-based campaigns defending Internet Freedom.

Fight for the Future • Advocacy group organizing web-based campaigns defending Internet Freedom. @fightfortheftr

Under Institutions > Net freedom technology projects:

Abayima • non-profit founded in Uganda, working to create digital tools that “empower citizens when oppressive regimes use tech infrastructure against the public”. Creators of the Open Sim Kit mobile sim card hacking toolkit. @abayima

OpenITP • “Supports and incubates a collection of free and open source projects that enable anonymous, secure, reliable, and unrestricted communication on the Internet.” @Openitp

Commotion • “Open-source communication tool that uses mobile phones, computers, and other wireless devices to create decentralized mesh networks.”

Under Tools > Tools:

We Fight Censorship • Tools to securely submit, publish and shelter articles censored on the web, by Reporters Without Borders. @FightCensors_en

The Guardian Project • Provides a suite of secure open-source communciations apps for Android, including the Tor client Orbot, and the secure browser Orweb. @guardianproject

Flash Proxy • Experimental plugin-based proxy to ensure access to Tor when common bridge relays are blocked.

Cloudfogger • Encryption tool for securing cloud-based file systems like Dropbox. @Cloudfogger

BoxCryptor • Encryption tool for securing cloud-based file systems like Dropbox. @boxcryptor

Under Tools > Data:

Net Neutrality Map • Map tool to evaluate the net neutrality of ISPs in countries around the world.

FreeWeibo • Search tool for Sina Weibo that also returns censored content. @CensoredWeibo

HoneyMap • Real-time global map of cyber attacks captured by honeypots, by the Honeynet Project. @ProjectHoneynet

Under Tools > Online journals, book series, essay series, manuals, reference texts:

Internet rights are human rights • “A series of training modules concerned with the relationship between human rights, ICTs and the internet” commissioned by the Association for Progressive Communications (APC).

Flash mob rule

Much has already been said about the looting spree that afflicted London and other British cities last week, so I’ll stick to just one observation:

These incidents were traditional flash mobs in every sense but for their destructive intent. All flash mobs — be it a “spontaneous” pillow fight in central Stockholm or a frozen Grand Central Station in New York — share the same dynamic: Social (or semi-social) media are used to gather a group at a pre-defined semi-secret location to engage in a common synchronized activity.

In the case of the London incidents, the looters discovered that this dynamic can be co-opted to overwhelm local law enforcement through sheer numbers at a certain place and for a certain time, thus facilitating looting.

Law enforcement has always been a little skittish about flash mob projects, precisely because there was that “what if” scenario looming — what if the group act was anti-social in its intent, instead of social? Now we know it works very well. And so do the looters.

PDF 2011, and a first post

The seeds of this blog were planted over a year ago, when I found myself more and more fascinated by the implications of a global society where almost all content is digitally stored and transmitted. At the time, the topic felt a little niched, but in the intervening year the news has been invaded by Wikileaks, cyber attacks against major corporations, tightening internet censorship in China and elsewhere, and the emergence of social media-savvy revolutionaries in the Middle East.

Ironically, the topic is itself now ripe for close and constant surveillance; this is what Dliberation.org is for. And there is no better time to start such a project than at Personal Democracy Forum, edition 2011.