Communication Crisis

I recently discussed the currently limited prospects of overcoming internet censorship of ‘kill switch’ proportions and about clandestine outfits as the only viable solution to making a high speed internet network in the face of this type of censorship…and then I stumbled upon an article in the New York Times about the US governments attempt to support these clandestine operations by packing wireless networking components into a suitcase to smuggle across borders to rebels ready to set up ‘shadow’ networks. The New America Foundation’s Open Technology Initiative (OTI), with the support of funding by the US State Department, has created the very tidy ‘Internet in a Suitcase’. Whilst there is scepticism about the US government’s actual intentions, whether they are acting as genuine philanthropist or simply intelligence gathering, it is still a very exciting prospect.

The suitcase contains:

• USB Memory Stick, which holds the networks software
• A repeater, which bridges GSM phones and WIFI mesh networks
• A mobile phone, which also holds the networks software and can be transferred anonymously between phones using bluetooth
• A variety of high power antennas and receivers
• Disks of software
• An easy to use manual

Vodpod videos no longer available.

The idea is that the suitcase will be discreetly passed across borders into the hands of dissidents where they will begin to construct a network of people, through which to disseminate the software ultimately creating an ad hoc WIFI network which sits outside the national internet infrastructure. The hardware constituents play much less of a role than the software, which is also available as a simple download. Unfortunately, the overview of the project and software information is currently unavailable in Arabic, when it does become available I will post the link in the bypassing section of this site. What’s nice is that, whilst the OTI remain elusive about how they intend to deploy the suitcases, the software can be used right now on and between normal GSM phones making it extremely relevant for countries like Libya where traditional internet use is a fringe, or rather elite, activity, but where nearly everyone has a mobile phone.

The challenges the OTI could face would be: 1/ overcoming scepticism about the US government’s political intentions; 2/ finding a viable way to deploy the suitcases; and 3/ avoiding being caught out.

For further information visit the Open Technology Initiative website.

The OTI are currently looking for Arabic speakers  for translation work.  People are asked to join one of their mailing lists to find out how they can help:

Developers List
http://lists.chambana.net/mailman/listinfo/commotion-dev

General Discussion List
http://lists.chambana.net/mailman/listinfo/commotion-discuss

Announcement Only List
http://lists.chambana.net/mailman/listinfo/commotion-announce

Communicate via IRC in #oswc on irc.freenode.net (or http://webchat.freenode.net/ for a web client).

On the 3^rd March the Libyan government took the unprecedented step of making the internet indefinitely unavailable for all but a few within its borders using ‘kill switch’ censorship tactics.  Whilst ‘kill switch’ censorship has been used before (and since, in Syria July 3rd), in Nepal 2005, Burma 2007 and Egypt earlier this year, what is unique about the situation in Libya is the duration of which the internet has been stifled.  The implications of this kind of action are many: 1/ The information available to the wider community becomes limited to that which is produced by state controlled media; 2/It acts to disable the spread of information that upholds opposition ideologies and paradigm shifts; 3/It acts to disable international lobby potential.  The internet can and has been used to raise international awareness of human rights violations and opposition political groups and to mobilise international pressure against offending governments. More recently popular social networking sites such as Facebook and Twitter have been used to widen the reach. Governments tend to exercise more behavioural restraint when being judged by the international community at large and other more powerful entities like the UN and US government.  Cutting the internet cuts some of the exposure from opposition voices within the offending country (Chowdry, 2008); and  4/ Being connected to information is vital for lifelines of the revolution, those with important roles in the crisis (doctors & medical staff, aid agency teams and active rebels) must seek alternative and perhaps less efficient ways of communicating.

Circumvention methods for ‘first-generation’ censorship practices, such as firewalling are fairly extensive and straightforward.  The Citizen Lab of the University of Toronto has put together a user friendly guide to bypassing 1^st – gen censorship; Everyone’s guide to by-passing internet censorship  (2007), which is available in several languages, although I am still awaiting a response from the Citizen’s Lab as to whether the guide is available in Arabic.  If and when a copy becomes available I will post the link on the links section.  It’s a very succinct easily digestible guide on how to circumvent censorship using simple already available/downloadable tunnelling software.  The guide outlines the risks and benefits of using public vs private computers for circumvention and the role of ‘outsiders’ in circumvention support.  It discusses in some detail currently available circumvention software.

From my own research, other software includes but is not limited to hidemyass, hotspot, yourfreedom and disposable email addresses (often included within the circumvention software) including hushmail, spamex, spamgourmet, E4ward, Gishpuppy, Mailnator and Yahoo! Mail Classic (keeping in mind that in 2003 Yahoo! helped the Chinese government to expose and incarcerate Li Zhi, for his role in online message board criticisms of the regime, by handing over details of his email account to the authorities).  For net activists, the Citizen’s Lab have also produced a guide for anonymously publishing online.  There are as many techniques for circumventing as there are for censoring.  Censorship and circumvention is a perpetual cycle; bypassing ‘kill switch’ censorship is the new challenge for hackers of the future.

The current circumvention techniques for bypassing ‘kill switch’ service attacks, such as the blackholing of IP addresses that has happened in Libya, are slightly more old school and much more limited; I’ve put together a small list of ideas which I have compiled from various online sources.  The easiest way to access the internet when connectivity has been damaged centrally is to use dial-up internet.  PC World have written a great article on what you need to get connected.  Whilst it may sound simple, having the right equipment and software is essential to make the connection and this may require advanced planning and preparation.

Internet Relay Chat is a kind of internet text messaging done in real-time. This kind of messaging can be sent to groups or privately to individuals, but it requires both software and a dial up server – both would already need to be in place to  make it possible. As an alternative, Point-to-Point (serverless) chat is available through Microsoft NetMeeting, ACHAT, and others. “ This allows a direct communication between any two computers that can ‘see’ each other on the network.  The network in this case could definitely consist of one computer calling another directly, over the phone lines” (Ketcham, 2011).

Other, more prevalent, forms of technology are currently being used through internet blackouts and where the internet is not commonly used; Mobile phones, whilst also being subject to disrupted services & monitoring, are the most obvious and widespread means of communicating and ham-radio has recently been employed as an alternative.

More modern technologies for circumventing this type of censorship do not currently exist and according to Richard Stiennon of IT-Harvest, overcoming this type of censorship would involve Freedom Fighters building “clandestine Internet infrastructure including satellite links and cables strung across borders,” which is precisely what is happening now in Benghazi, as we begin to see new independent media emerging.  WirelessU is an organisation working towards training individuals how to set up their own wireless communications.  They have produced a guide to wireless networking, Wireless Networking in the Developing World: A Practical Guide to Building Low-Cost Telecommunications Infrastructure.  This is a comprehensive and detailed 425p manual on wireless networking which is not for the faint-hearted.  The book supports people to build high speed data networks using locally available resources: “Using inexpensive off-the-shelf equipment, you can build high speed data networks that connect remote areas together, provide broadband network access in areas that even dialup does not exist, and ultimately connect you and your neighbors to the global Internet” (2007).

Satellite communications already play a significant role in crisis.  Humanitarian organisations working in crisis situations depend on satellite technology & the organisations who are responsible for setting up the technology like the UN-ITU, Telecoms sans Frontieres and Humaninet.  Satellite services & kits are also being sold to individuals for their personal needs.  For most people living in Libya satellite coms would be the more pricey option, but for organisations and businesses, who have a communications budget, satellite is a straightforward and effective option.

For Distributed Denial of Service Attacks (DDoS) there are no circumvention techniques, rather an organisation must tactically prepare and make provisions for the event.  The Berkman Center for Internet & Society at Harvard University, discuss methods for mitigation in their article on The Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites:

-Application attacks can be strongly mitigated by replacing complex content management systems (CMSes) with static HTML or by adding aggressive caching systems to deliver content at the expense of interactivity.

 – All organizations should carefully consider whether to host their sites on a free, highly DDoS resistant hosting service like Blogger, even at the cost of prestige, functionality and possible intermediary censorship. Organizations that choose to host their own sites should plan for attacks in advance, even if those plans include acceptable levels of downtime.

 – Organizations that choose to host their own sites should use systems to detect attacks and, when necessary, degrade site performance and retreat to backup hosting on a free, highly DDoS-resistant hosting service like Blogger. Simple modules for popular content management systems could automate this process and minimize the disruption of an attack.

 – Human rights funders should identify and support local experts in communities of the attack sites, since defending against DDoS and other attacks requires not only technical skill but also knowledge about and trust of each of the local communities.

 – Human rights funders should consider funding a coordinator to identify both local experts for human rights communities and core network organizations willing to help human rights sites and to help local experts and core networks organizations work with one another. 

 – The human rights community should work with Internet service providers (ISPs) and online service providers (OSPs) to identify providers who will work to protect sites from DDoS and who will agree not to remove controversial content unless required by law.

 – We propose a broad public discussion of a range of policy responses to the rise of DDOS attacks against independent media organizations and human rights groups, with a view toward a sustainable long-term approach that balances the range of legitimate interests involved.

(E. Zuckerman, et al, December 2010)

Preparation is the key to communicating through Service Attacks.  Stiennon  recommends Threat Based Management approach.  He says: “Threat Based Management (TBM) is an alternative to risk based management (RBM).  In RBM you identify critical assets first, then determine how much to invest to protect them. This is actually hard to do as every ICT asset is considered critical by someone.   TBM starts by evaluating the threat and taking measures to thwart the threat before it becomes overpowering.  Phishing, spyware, and cyber crime are three examples of threats.  State sponsored cyber espionage is the current threat that organisations should be countering. Government “kill switches” are a threat to freedom of information and communication during crisis. Unfortunately there are rarely official organisations in place to consider this threat before the crisis appears.”  Like the Berkman Center, Stiennon suggests a need for collaborative organisation to address the issue of ‘preparedness’ in communicating through crisis.

What would you put in your internet crisis kit?  To submit ideas communicationcrisis@live.co.uk

For more information on this topic:

Humaninet – http://www.humaninet.org/prepare.html

IT Harvest – http://www.it-harvest.com/CDW

Infowar Monitor – http://www.infowar-monitor.net/

The Citizen Lab – http://citizenlab.org/

Arbor Networks’ Infrastructure Security Reports – http://www.arbornetworks.com/report

For further reading on this topic:

Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites, Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York, John Palfrey, The Berkman Center for Internet & Society at Harvard University
December 2010

Everyone’s Guide to Bypassing Internet Censorship: For Citizens Worldwide, The Citizen Lab, 2007.

Wireless Networking in the Developing World: A practical guide to planning and building low-cost telecommunications infrastructure, Flickenger et al, 2007.

Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace, Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski and Jonathan Zittrain eds, 2010.

The Role of the Internet in Burma’s Saffron Revolution, Mridul Chowdhury, 2008

How to Beat a Web Censor, But How Censors Could Still Shut Down a Site, Sanjana Hattotuwa, 2011

I originally intended this theme to cover both the silencing of the Internet and mobile phones by authoritarian regimes, but decided that in order to do a very dense subject justice I will leave the topic of mobile phone interruptions for a future blog and focus only on how governments stifle and cut internet services within their borders and internationally.

Once hailed as the ultimate platform for freedom of expression and democracy, the internet has, over the course of its short history, proven itself to be as susceptible to state controls as any of the other traditional forms of information dissemination (Goldsmith & Wu, 2006).  It is, by nature of its reach and speed, a larger threat to sovereignty and state control than any other media source ever has been.  It is no wonder, therefore, that states with a poor track record of freedom and fairness would go to elaborate measures to stifle its influence. Whilst a thorn in the side of totalitarianism, the internet is necessary evil for those states wanting to make gains in a now totally global and wired economy.  China fights hardest with this duplicity; it maintains the most elaborate system of internet control and censorship in the world – not surprising as it boasts the most internet users in the world: 389 Million (CIA world factbook, 2011), and an equally grand track record for human rights violations.

Libya, on the other hand, whilst comparable to China in its human rights offences, cannot be compared in its rate of internet saturation: 354,000 users.  As stated in the last blog entry that equates to less than 6% of the population having access to the internet and its censorship techniques are somewhat less involved.

There are various methods employed by authoritarian states (and non-authoritarian states) for controlling content and access to content on the internet.  Whilst we may visualise the internet as a web  in which information can navigate around any road blocks standing in the way, it is important that we understand two faults with this idea:  1/most people who use the internet are not techies or even a little techno-savvy and so have neither the knowledge nor the language for rerouting information and; 2/the internet has international gateways through which information passes from one sovereign state to another and whilst we think of cyberspace as borderless, the infrastructure, which makes it possible, is not.  Instead, the information is passed via chokepoints, nodes and routers all of which serve as loci of control on the internet information path (Diebert, 2007).

The main techniques for censorship are Content Analysis techniques, Address Blocking techniques, Take-Downs, Service Attacks:

Content analysis techniques include Inclusion Filtering where a select number of preapproved sites are allowed through the filter and Exclusion Filtering where sites are restricted through blacklisting.   Local language filtering is more prevalent than say filtering of English language sites.  Content analysis works through analysing site and URL content to find accepted or prohibited keywords.

Programmes such as Smartfilter, Websense & FortiGate are available off the shelf for states and organisations censorship needs.  These offer fairly blanket approaches to censorship, and because the programmes work by filtering general categories (eg ‘politics/opinion’ ) this means that sites which may be acceptable or even desirable are accidentally filtered out.  Ironically, the companies defining these censorship categories and offering & selling these products are not ideologically despotic; in fact they are freedom-loving & American.   Contrary to Ronald Deibert’s findings (2007), in which he directly links Websense to Yemen authorities, Websense’s corporate social responsibility document denies selling to regimes intent on silencing its citizens:

We recognize that some governments restrict access to the Internet by their citizens. Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in government-imposed censorship. Government-mandated censorship projects will not be engaged by Websense. If Websense does win business and later discovers that it is being used by a government, or by ISPs based on government rule, to engage in censorship of the Web and Web content we will remove our technology and capabilities from the project (Websense Social Responsibility Policy, 2011). 

How they would execute removal of their technology and capabilities is not made explicit, but it is certainly an interesting proposition.  But whether with Websense, another brand name or some homemade programme this type of censorship is achieved on various institutional levels from Internet Service Providers (ISP) to organisations and individual computers.

Address blocking is a national measure which takes place at the international gateway or through ISPs.  Routers are configured to block certain Internet Protocol (IP) addresses or domain names.

If you come up against these kinds of blockade you are likely to receive an error page;  governments who are more transparent about their censorship policy may provide information about their censorship policy on the error page others may reroute to other websites.

Herdict Web,  is a unique project of Harvard University’s Berkman Centre, which uses the idea of crowd-sourcing to monitor website filtering and blocking.

The OpenNet Intitiative (ONI), who have been tracking and monitoring internet censorship techniques worldwide, breakdown filtering into the following categories: political (eg opposition party sites, minority rights sites), social (eg pornographic and/or fleshy sites, religiously sensitive sites), conflict/security (eg bomb making sites).  In 2006, the ONI, described Libya’s internet filtering programme as largely political in terms of content and suggested that the level of filtering of these types of sites was substantial.  A follow up study and subsequent report in 2009 revealed that, whilst the type of content being filtered was the same, it had become evident that substantially less filtering was happening.  They suggested that this was due to efforts on the part of the regime to move towards more openness.   Gaddafi’s own son, Seif, complained in 2006 that “in all frankness and transparency, there is no freedom of the press in Libya; actually there is no press, even, and there is no real ‘direct people’s democracy’ on the ground” (Libya Internet Censorship Report, 2009).

Another method of censorship is to remove search results.  If governments can find ways of gaining compliance from search engine services, they are also able to omit undesirable websites from search engines -surprisingly common amongst even major search engine services with vested financial interest in the censoring country (Goldsmith & Wu, 2006).

Take-Downs work when authorities have powers of arbitration over web content hosts and simply force hosts to remove undesirable websites (ONI, 2011).

Another more pathological means of censorship is Induced Self-Censorship where fear and ideology control censorship at the level of the individual.  Authoritarian governments can close down internet cafés for allowing users to surf illicit content and arrests are made of those involved in producing, facilitating and contributing to illicit content.   According to the same ONI report on Libyan Internet Censorship, “ Internet users in Libya have told the Arabic media that security personnel and Internet café operators closely monitor Internet cafés and often harass Internet users. Several Internet cafés have been shut down by security, which has prompted café operators to do the monitoring themselves to avoid being shut down. Internet users also reported that notes are posted in Internet cafés warning users against accessing opposition Web sites” (2009).

The type of censorship increasingly deployed in situations of serious political contention and crisis on a large scale are Service Attacks.  Service Attacks, also known as ‘Kill Switch’tactics, occur at the internet’s chokepoint, the sovereign state.   Deibert & Rohonzinski have suggested that this type of censorship represents a ‘just-in-time blocking’  approach.

Just-in-time blocking differs from the first-generation national filtering practices of countries like China and Iran in several significant ways. First, and most importantly, just-in-time blocking is temporally fixed. Unlike the evolving block lists used by national firewalls, just-in-time blocking occurs only at times when the information being sought has a specific value or importance. Usually, this will mean that blocking is imposed at times of political change, such as elections, or other potential social flashpoints (important anniversaries or times of social unrest) (2008).

Service attacks can be loosely described as a complete denial of access.  More clearly there are several methods for executing service attacks: Distributed denial of service attacks, cutting the power at web servers location, sabotaging fibre optic cables, misconfiguring routing tables, geolocation filters (Deibert, 2007).  Richard Stiennon of IT Harvest, an expert in Cyberwarfare says “The primary means of killing Internet access is to update the primary Internet routers so that all of the IP addresses associated with particular “Autonomous Systems” (AS) are re-routed to nowhere… While that is the most elegant way, a country can also just use a Firewall to limit Internet access such as Myanmar does. China and Australia are other examples.  Or, a country could sever the fibre that comes into their territory – drastic and does not stop satellite connectivity”.

Geolocation attacks work when a server denies requests from internet users based on the actual location of a computer’s IP address.   An interesting example of this type of attack backfiring can be found on Stefan Geens blog, Ogle Earth, Oh the irony: Google Earth ban in Sudan is due to US export restrictions 20^th April, 2007 (Deibert, 2007) (And the follow up, Google Earth coming soon to Sudan, Iran and Cuba 20^th March, 2010).

A Distributed Denial of Service attack (DDoS) involves a coordinated effort to attack a site or service through saturating it with communication requests; the outcome is that the site performs unacceptably slowly or cannot be accessed at all. DDoS attacks, whilst enacted by the perpetrators of internet censorship, have also been used by online communities to attempt retaliation against them.

In the recent Egyptian version of ‘Kill Switch’ tactics some experts believe that is was a simple case of authorities calling the ISPs and telling them to cut the service.  Others have suggested that it was more than figuratively a kill switch – an actual breaker switch at the Ramses exchange caused the cessation.  The difference between what has happened in Libya versus what happened in Egypt is that, as James Cowie of Renesys puts it, Libya has ‘throttled’ the internet rather than killing it.  The internet is still very much available for those within the Gaddafi regime who want to use the information it provides, but it is being denied to the rest of the country.  This is a clear illustration of router misconfiguration at work.

Censorship in the internet age is both convoluted and complex and is ever evolving in response to circumvention techniques.  As Palfrey & Zittrain (2008) put it “a game of cat and mouse is well underway”.

Stay tuned for – Let’s make some noise: techniques for bypassing internet censorship

For any alterations or additions to this article contact communicationcrisis@live.co.uk

For more on this topic visit:

www.opennet.net

www.herdict.org

www.it-harvest.com

www.renesys.com

www.eff.org

Further reading on this topic:

Who Controls the Internet: Illusions of a Borderless world, Jack Goldsmith & Tim Wu, 2006

Access Denied: The Practice and Policy of Global Internet Filtering,  Ronald Deibert, John Palfrey, Rafal Rohozinski, Jonathan Zittrain, eds., 2008.

Routledge Handbook of Internet Politics, Chadwick ed, 2009.

Keep your eyes peeled for the Cyber Roundtable.