All Content Related to Surveillance

Internet Censorship in Saudi

charles — Sun, 30 Nov 2008 23:50:11 -0500

Saudi Arabia has one of the most restrictive Internet filters in the world, yet according to BusinessWeek news reports, the Saudi censorship regime is vastly unlike that of most countries. Employing a mere twenty-five people, the country’s Communication and Information Technology Commission (CITC) uses software to “block broad swaths” of the Internet, while relying on citizens who send 1,200 requests daily for offensive sites to be blocked to cover the rest of the Internet.

In addition to pornography and online gambling, which are filtered by the CITC software, Saudi citizens (mostly students and religious figures) voluntarily filter cites that they deem offensive, including those that violate religious and cultural mores. According to consultant Khalid Baheyeldin, “there’s a feeling of moral conviction that obliges people to have these sites blocked.”

As far as blogging is concerned, the majority of the country’s 2,000 bloggers post anonymously, fearing repercussions. Earlier this year a local blogger was jailed for advocating political reforms.

CITC states that only 40 percent of Saudi citizens are concerned with Internet filtration. Haitham Abu Aisha, general manager of a Riyadh ISP claims that censorship can be defined “in many ways.” “We want censorship of pornography and harsh ideas,” he continues. Regardless of the interpretation or voluntary aspect of Saudi’s censorship regime, this type of Internet filtration violates the right to free access of online content.

ONI Affiliate Reveals Chinese Surveillance of Skype Messages

jillian — Thu, 02 Oct 2008 20:38:58 -0400

Groundbreaking research by an ONI affiliate made major news today. Nart Villeneuve, a fellow at Citizen Lab at the University of Toronto, revealed in a joint Information Warfare Monitor/ONI Asia report Wednesday TOM-Skype, a special software for using Skype in Chinese, is being used to snoop on text chats containing certain keywords relating to topics such as Taiwanese independence and Falun Gong. Additional information not related to certain keywords has also been captured; Villeneuve's research indicates that perhaps certain usernames also trigger the system.

According to the report:

"The collected data affects all TOM-Skype users and also captures the personal information of any Skype users that interacted with registered TOM-Skype users."

Skype itself was not affected, as Villeneuve indicated in an FAQ:

"The Skype software downloaded from skype.com is not affected by the behavior. The only time “normal” Skype users are affected is when they communicate with TOM-Skype users."

The New York Times presented Skype's side of the story:

"Jennifer Caukin, an eBay spokeswoman, said, “The security and privacy of our users is very important to Skype.” But the company spoke to the accessibility of the messages, not their monitoring. “The security breach does not affect Skype’s core technology or functionality,” she said. “It exists within an administrative layer on Tom Online servers. We have expressed our concern to Tom Online about the security issue and they have informed us that a fix to the problem will be completed within 24 hours.” EBay had no comment on the monitoring."

TOM Group, the parent company of TOM-Skype's majority owner TOM Online, on the other hand, stated that as a Chinese company, they adhere to rules and regulations in China.

Of course, Skype is not the first US company to come under fire for kowtowing to Chinese authorities. Among others, Microsoft, Cisco, google and Yahoo have all been accused of complicity in building the Great Firewall of China.

Surveillance Clamp-down in Beijing

kanu — Thu, 07 Aug 2008 14:15:58 -0400

Only one day before the 2008 Beijing Olympic Games begin….and we’re not the only ones to notice.

The Chinese government has spread a stifling net of surveillance around the capital to allegedly ensure that the Olympics remain “safe”. This comes as no surprise to onlookers as China has, from the very start, tried to guarantee a secure event. However, this clampdown has generated greater controversy than previous reported surveillance measures. The New York Times reports:

"Officials are being accused of transforming the capital into a fortress; surface-to-air missiles take aim at the sky above the Olympic stadiums, surveillance cameras are mounted on light poles scan sidewalks and police officers are searching thousands of cars and trucks entering the city."

However, the government defends itself by warning that terrorism is a constant threat to the county and event, “particularly from Muslim separatist groups in the Xinjiang region of western China”. On Monday morning, Xinhua, the state news agency, reported that 16 policemen were killed and 16 others injured when rioters threw two grenades after driving into a border patrol police station near Kashgar in the remote western part of the Xinjiang Uighur Autonomous Region. Two reporters from the Japanese Kyodo News Agency were dragged away from the scene and beaten, suffering light injuries, while the Reuters correspondent chased from the scene by “baton-wielding policemen.”

And China’s surveillance isn’t just limited to the streets; it is suspected that Internet surveillance continues as before. Although rumors do fly about certain search engines, in certain places, being able to escape the surveillance radar, the majority of domestic search engines and content providers are being tightly regulated by the government.

One of the most traditional methods of surveillance where designated Chinese citizens serve as neighborhood watchdogs, has been expanded. Thousands of middle-age to elderly citizens of the capital can be observed wearing red armbands and Yanjing Beer-sponsored t-shirts pronouncing their role as “public order volunteer,” patrolling their areas for signs of any suspicious people and/or events.

And so the question arises- are these measures called for?

Li Wei, a counterterrorism expert at the China Institutes of Contemporary International Relations recently stated in the New York Times, “I believe that Beijing’s Olympics are now facing real threats from terrorist attacks.”

“I think the Olympics are the most important international sports event in four years,” he said, “and it’s the biggest focus of the international media in four years, so this might draw some attention from terrorist groups.”

Experts on terrorism locally and internationally claim that the biggest threat to the Olympics will most likely come from the western province of Xinjiang and say that the extensive preparations for these Olympics are among the most extensive of any in the past.
There is, however, a flip side. Human rights advocates accuse the government of over-emphasing the threat from terrorists in order to crack down on ethnic minority groups, dissident organizations and other individuals. China has reportedly spent over 6 billion USD on security in Beijing and has installed about 300,000 surveillance cameras that will remain in place after the Games.

Nor are athletes and other official visitors exempt. All telephone communications of European delegations, athletes and journalists will reportedly be under constant surveillance during the Games, through the use of equipment produced and deployed by companies such as Ericsson and Nokia Siemens and surveillance methods developed at the European Telecom Standards Institute. While actual phone conversations will not be monitored, traffic data analysis will track the caller, recipient, location and time of calls.

A moderate threat has now been elevated either because, or under the pretext of, the Olympics.

Bloggers Unite Against FISA Bill

amina — Thu, 31 Jul 2008 11:19:38 -0400

Since the Senate approved the new FISA bill, the blogosphere has been in a state of upheaval, declaring it an infringement on the Bill of Rights. NPR recently reported that liberal and conservative bloggers have joined forces to oppose the legislation by raising money to launch ads against those Congressmen who supported it. The rewrite of the 1978 Foreign Intelligence Surveillance Act, which grants retroactive immunity to telephone companies which cooperated with the NSA’s post-9/11 domestic spy program, has received widespread opposition from the online community for allotting “the president too much power to tap into private communications without court oversight.”

Reminiscent of complaints from the Brazilian blogosphere about Brazil’s new cybercrime bill, American bloggers across the political spectrum remain skeptical of Congressmen’s claims that protecting citizens is the FISA bill’s primary purpose. Many bloggers have expressed their disappointment in Democrats’ decision to give in to the legislation, which has caused an online rift among Obama supporters who urged the senator to “get FISA right” on his website.

FISA has raised concerns in the civil liberty community about how much information government surveillance technology, such as filters and data searches, will collect. The ACLU implored a no vote on the bill and listed several talking points against it, including that it “permits the government to conduct mass, untargeted surveillance of all communications coming into and out of the United States, without any individualized review, and without any finding of wrongdoing.”Government representatives, too, have echoed these fears. In his interview with Amy Goodman from DemocracyNow! Senator Russ Feingold found the bill to be “one of the greatest intrusions, potentially, on the rights of Americans protected under the Fourth Amendment of the US Constitution in the history of our country.”

The FISA debate continues to intensify the dialogue surrounding the relationship between ever-evolving electronic surveillance technologies, government transparency and liability, and how we define privacy and individual citizen rights in the digital age.

Facebook Faceoff

kanu — Mon, 21 Jul 2008 15:47:39 -0400

As spite spurs activism among the nation’s youth, Egypt contemplates banning Facebook- the infamous Social Networking Site (SNS) that has taken the country by storm.

The rising food prices and consequential rise in cost of living in Egypt has caused a great deal of unrest, especially in the lower strata of society. Interestingly, though, it is the middle and upper classes that have been using the Internet (namely social networking sites) and other digital goods as a medium to organize protests and strikes comprising of over 80,000 people. Despite the class divide that is apparent in the Egyptian social structure, it seems that their mutual dislike of the governing system has united them, and thus instilled the use of Facebook and other social networking sites as a means to ‘spread the word.’

In a Los Angeles Times’ op-ed, Sherif Mansour (of the US based human rights group Freedom House) wrote that the Egyptian government is considering blocking Facebook soon; a site that the Egyptian government heeds as an eminent threat to the ruling National Democratic party. Mansour praises Facebook’s ability, or rather the medium it provides for activists, to mobilize and engage massive numbers of young Egyptians. This was confirmed by the crucial role the site played in recent protests against textile workers’ salaries and soaring food prices. Facebook is lauded for having opened real space for media and also for providing a venue for secular activists- as opposed to the Islamist opposition representing the banned Muslim Brotherhood.

The opinion of the Egyptian government, however, differs. Facebook and other social networking activists are being targeted by government-based media campaigns defaming the website and the youth activists who use it. In fact, Egypt has the third highest number of Facebook users - after the U.S. and Canada – but this has not gone unnoticed, and so the deliberation on banning the site altogether continues.

Thus, the government and its state-run media are lashing out against what Mansour describes as the “Facebook movement” and authorities have jailed dissidents like Ahmed Maher who was also tortured for his activities. Young activists have flocked to the site to choreograph widespread protests against President Hosni Mubarak’s 27- year rule as it is the perfect tool for them to voice their opinions, especially in a country that outlaws gatherings of more than five people. With the use of blog sites, Facebook and YouTube, their messages can now be projected not only within the country but also globally.
“They [the government] were horrified by Facebook because it was something totally new that they could not control,” says Nadia, a key promoter of a recent day-long general strike in which three protestors were shot dead and 400 were jailed, including her.

For now the government is only contemplating and hasn’t, as yet, taken any immediate actions to carry out their threats. The only thing that can be stopping them, it seems, is the outrage that will occur with the banning of such a popular site or the fact that many commercial businesses and companies in Egypt use the site to attract consumers and would suffer heavily if it were to be banned.

But is that enough reason to stop the government? Well, that is yet to be seen.

-Kanupriya Tewari

South Korea considering closer watch on Internet after mass protests

yushu — Tue, 24 Jun 2008 13:50:26 -0400

After weeks of tumultuous protests inspired largely by South Korea’s young netizens, this country, one of the most wired and technology savvy in the world, is considering new ways to monitor the Internet.

In April, South Korea’s President Lee Myung-bak’s decision to resume US beef imports quickly ignited a national web protests among young people and led to widespread fears of mad cow disease. It fast became a month-long series of street demonstrations that have been difficult for Lee’s government to cope with. In past two months, Lee’s fledgling administration was beleaguered by a spate of unconfirmed cyberspace rumors and his public approval ratings plunged below 20 percent.

Last week, President Lee called for the Internet to “be a space of trust”, and warned that “the spread of false and incorrect information through the Internet and spam email is threatening the people’s rational thinking and mutual trust.” But he did not mention the protests against him.

Although President Lee ruled out any intention to censor cyberspace, the Korea Communications Commission said it would consider strengthening its identity verification system, introduced last year, to curb cyber bullying. For example, users may be required to verify their identity, or be asked to register nickname, when they post comments or participate in online discussion. And portal operators must disclose identities of cyber attackers if victims want to sue for libel or infringement of privacy.

Admittedly, netizens are often inspired to protest by misleading information in cyberspace and some web activities are described as akin to cyber terrorism. It is necessary to discourage cyber bulling and online malicious messages. However, due to the unclear definition of cyber bullying, attacks, and malicious online messages, South Korea’s new regulations may suppress legitimate online speech and violate the freedom of speech. Even if the government has the legitimate rights to deal with rumors, how do we ensure these regulations rights will not be abused? In fact, in order to restrict cyber bullying or other irrational online behaviors, the best way may be self-regulation, a set of norms for cyber behavior. Tim O’Reilly, one of the web’s most influential thinkers, noted that “I do think we need some code of conduct around what is acceptable behavior, I would hope that it doesn't come through any kind of [legal/government] regulation it would come through self-regulation.”

Surveillance

sally — Tue, 27 May 2008 12:02:27 -0400

Research on surveillance has been of growing importance. Here is some information we have compiled:

Content around the site related to surveillance

Phorm's Webwise

chrisc — Mon, 07 Apr 2008 12:06:47 -0400

In recent weeks, there has been considerable press coverage of Webwise, an application designed by Phorm to track Web browsing behavior by ISP users and then target advertising at those users based on the sites that they visit. The coverage followed news that several UK ISPs were considering implementing the system and that at least one, British Telecom, had in fact tested the system despite previously denying doing so.

Notably, Phorm has been aggressive in promoting not only the commercial advantages of its product but also the privacy concerns. Its Web site claims that Webwise "takes consumer privacy protection to a new level. Our technology doesn't store any personally identifiable information or IP addresses, and we don't retain information on user browsing behaviour. So we never know - and can't record - who's browsing, or where they've browsed."

The response by privacy advocates is unsurprisingly skeptical, for several reasons. First, the system is expressly designed to collect browsing information and use that to target advertisements; by its very definition, this seems to implicate privacy and monitoring concerns. The fact that Phorm itself cannot easily identify the user in question does not remove the privacy implications; to that extent, the statement above blurs the importance and implications of anonymity and privacy.

Second, claims of anonymized data are suspect, as past debacles - such as AOL's release of search data and NetFlix's release of movie rankings - show that simply removing identifying information from a data set does not render that data set anonymous.

In addition, while the Webwise ID is intended to be stripped out so that the destination web site does not see it, that only happens if a browser always uses an ISP running Webwise. If, say, a user with a laptop connects through more than one location, the Webwise ID for that user will be visible both to other ISPs and to web sites that are part of the Webwise program.

Fortunately, the Webwise system appears to be, at minimum, very difficult to de-anonymize. Richard Clayton has spoken with Phorm and provided a terrific technical description of Website. While the Webwise application scans visited Web sites, search terms, and the like for information, it stores only associated "channels" (roughly, the advertising categories that match web sites the user has viewed) rather than the actual sites visited or even the keywords scraped from those sites. It seems likely to be impossible to derive either the user identity or the actual set of Web sites visited by a specific user without additional information captured at the ISP level, and even if the Webwise records could be associated with a specific individual, they appear to have very little forensic or other value, since only authorized advertising channels are recorded (and thus browsing implying illegal activity cannot readily be identified).

Webwise clearly has privacy implications; the fact that it monitors a substantial amount of common Web traffic to derive behavioral profiles and advertise on their basis is reason enough for concern; from a surveillance view, it certainly constitutes monitoring conducted by Phorm, even if only partial information is stored and identifying the specific individual in question is difficult. On the other hand, assuming Webwise conforms with the specifications above, there is very little risk of additional use or abuse of the collected information; unlike other tools that have additional surveillance implications, Webwise's issues are at least self-contained; no one can use Phorm records for other surveillance purposes.

Removing blogs: a new form of Web censorship in the Middle East and North Africa

ONI-MENA — Mon, 03 Mar 2008 15:05:22 -0500

In addition to blocking blogs and arresting bloggers, a new form of censorship has started to emerge in the Middle East and North Africa: blog-hosting services removing blogs from their servers.

Arab bloggers complain that the major blog-hosting services, Maktoob Blog and Jeeran Blog, have removed popular blogs without providing any explanations or prior notice.

For example, bloggers reported that Jeeran Blog has removed a blog run by a Lebanese blogger because it contains sensitive political content. One of the bloggers who reported (Arabic) the blog removal asked Jeeran Blog to let the public know if the blog-hosting service is under pressure from the Arab political regimes.

Bloggers also reported that Maktoob Blog removed a blog run by a Saudi activist. Saudi blogger Khalid Naser reported (Arabic) the removal and posted what he said is a response from the blog-hosting service Maktoob Blog to his protest letter. The response said: “we have received orders from a state authority to shut down the blog. We removed the blog so that we, and our users, shall not be held legally responsible."

Some Arab bloggers have started a campaign to dissuade bloggers from using the Arabic blog-hosting services who they believe try to control what goes on the Arab blogsphere. The campaign promotes the use of the open source platform WordPress.

ONI reviewed the Terms and Conditions (Arabic) set forth by Maktoob Blog and found that they stipulate that bloggers should not publish posts that offend, insult, or humiliate divine religions, religious sects, and “Wulat al Umr”, an Arabic term for political rulers and leaders. Interestingly, the English version of the Terms and Conditions does not explicitly mention the rulers and political leaders. Instead, it states that, “You are kindly requested to refrain from offending others, in doing so please do not to use Maktoob blogs to offend any religion or religious beliefs. You are free to post your comments on the other blogs, however you cannot humiliate, insult or disparage others or other users' families, relatives or dear friends. As well you are refrained from violating any laws and regulations.”

Many countries in the Middle East and North Africa block Web sites and blogs that criticize the Arab regimes and leaders. Removing entire sites and blogs that contain oppositional content is expected to rise, given the increase in measures taken by Arab states against freedom of information. Just last month, the Arab Ministers of Information adopted a TV broadcast charter that restricts criticism of Arab regimes and leaders. The press freedom organization Reporters Without Borders condemned the agreement and described it as repressive and retrograde.

Is "Privacy and Security" a Zero-Sum Game?

chrisc — Tue, 15 Jan 2008 15:51:27 -0500

According to Ed Giorgio, who is working with National Intelligence Director Mike McConnell on a proposed cyber-security plan, "privacy and security are a zero-sum game." (Quoted from The Spymaster, a story about McConnell in the Jan. 21, 2008 New Yorker; story not [yet] available online, but is discussed here.

Calling privacy and security a zero-sum game is not only inaccurate, it is dangerous.

First, a "zero-sum game" is one in which any gain by one side is offset by an equal loss on the other side. This is not necessarily true for tradeoffs between privacy and security; while improving one often comes at the cost of the other, the costs and benefits do not necessarily cancel out. It may be possible to greatly increase security with a small cost to privacy; it may also be possible to slightly increase security with a substantial cost to privacy.

This is not merely a pedantic criticism of a generally accurate description. Thinking of security and privacy as a zero-sum game leads one to conclude that there is no need to actually reflect on the privacy costs of any security-enhancing measure, because those costs are by definition exactly commensurate with the security benefits. Short-circuiting the process of balancing different goods and harms is particularly inappropriate when we are discussing such fundamental values as privacy and security. Existing laws, such as those concerning law enforcement wiretaps, have been designed with just this balance in mind.

Moreover, while increasing either privacy or security often come at the cost of reduction of the other, that is not always the case. Assuming by default that privacy and security are always opposed can cause parties to ignore ways in which either privacy or security can be improved without harming the other. Designing bridges and other critical infrastructure to be less susceptible to terrorist attacks, for example, has substantial security benefits and no clear privacy harms - but this sort of low-hanging fruit can be missed if security actors don't actively seek ways to improve security without harming privacy.

Finally, the assumption that privacy and security is a zero-sum game leads too quickly to another conclusion: there is really no need for oversight. If there is a legitimate actor who is tasked with ensuring national security, the very definition of that task authorizes the actor to intrude upon otherwise private matters. The NSA is mandated with detecting and preventing terrorism, which requires broad access to data, and the FISA court is an unnecessary roadblock en route to the ultimate conclusion. Since privacy and security are a zero-sum game, and security is the agency's mandate, privacy must "take a back seat in the name of security."

The primary role of oversight, whether Congressional, judicial, popular, or in any other form, is to ensure that an authorized actor is in fact weighing the costs and benefits of each action and choosing appropriately. To describe conflicts between privacy and security as a zero-sum game is to obscure the value of such oversight and of careful weighings, and thus is inappropriate whatever one's views of the appropriate tradeoff between privacy and security in any given situation.

Addendum: Ars Technica has a different take on the same issue here, emphasizing that government collection of data can harm both privacy and security interests, and that the best way to secure information is to protect privacy.