Who bytes your bits?
The internet was originally created as an open space for communication and sharing of information as well as a sight for freedom of expression. It has now become a place of danger for many. Danger of exposure of a personal nature, danger to those who criticise governments and multinationals, danger to proponents of free speech. But there are ways of fighting back against censorship and attacks on privacy. Dmitri Vitaliev explains how.
Imagine teaching Biology to 9th graders and realising that the material for this day's lesson, be it on HIV or contraception, has been blocked by your friendly ISP's (Internet Service Provider) web content filter as falling into the 'pornography' category of its software. In fact, all websites containing the word 'sex' get routinely blocked, be they about online escort agencies or anthropology.
Imagine two burly types appearing at your door with questions regarding the email you sent to your overseas friend last week. Yes, you did mention in your message how unhappy you were with the elections in your country, but you clearly remember sending it just to him. How did these guys hear about it?
Imagine being exposed in your local newspaper as an admirer of communism, or fascism, or as having bad breath, venereal disease or fondness for marijuana? You had kept these secrets to yourself, merely satisfying your urge for knowledge on the Internet at home. You did not sign up to any mailing lists, did not create any accounts or logins - how did this information get out?
These and many other scary scenarios are becoming reality with ever worrying frequency. Not only people are unaware of the dangers they face when using the Internet, they are actively nonchalant to the fact that ALL email they send and the Internet sites they visit are being recorded, and this information is being stored by global corporations and governments for reasons of homeland security, financial benefit etc.
According to Reporteurs Sans Frontiers [1] there are currently 60 people imprisoned for their activities on the Internet. “Cyberdissidents” is the name attributed to those who are persecuted for publishing or seeking information online. Although the majority of such cases occur primarily in China, the trend is quickly spreading, with countries like Syria, Tunisia, Iran, Vietnam, Egypt, Lybia etc. actively pursuing and jailing those wishing to express their opinions on the World Wide Web.
Where did it all go wrong? How did the Internet - a revolution in global communication, inclusiveness and understanding turn into a watchdog ready to pounce on us for a wrong word here, a bit of curiosity there?
The first bits...
The foundations of today's Internet were laid in the 70's by the people working for ARPA (Advanced Research Project Agency) in the United States. Robert Khan demonstrated the ARPANET during a Computer Communications Conference in 1972 and laid the first stone for the grand daddy of the Internet.
According to the Internet Statistics Survey [2], there were over 1 billion Internet users in January 2006. It has become a primary method of information storage and exchange for many people. In its essence, it encourages participation and global community awareness.
In the beginning, most people assumed that the Internet would not be popular, for too much investment was needed to make it a useful source of information, similar to a library. The breakthrough came when it became clear that anyone could construct web pages and contribute to them. Amazon.com was flooded with book reviews, while enthusiasts of various sports or hobbies would start their own websites, inviting like-minded people from anywhere in the world to join them in discussions, thus creating a virtual community. People embraced the technology and the possibilities offered by the Internet.
The Internet crossed administrative and geographic boundaries with the ease and speed never seen before. It provided a pioneering method of communication, in which one's voice could be heard simultaneously by all those connected. As opposed to traditional media, where information is sourced, rationed, edited and summarised – on the Internet people choose what they want. They are not fed political propaganda, celebrity news or sports round-ups unless they choose them. Users select what they want to read, who they want to communicate with and which truth is the right one for them. We hear of events minutes after they happen without any journalist present at the scene. All it takes to tell the story one has just witnessed (with photos and possibly audio/video) to a worldwide audience and at no cost is a single person with a mobile phone, or sitting in an Internet café. Unsurprisingly, this has caused a major headache for the countries wishing to maintain political, social and religious freedoms of their citizens within their grasp and influence.
Who bytes?
The Internet was meant to be an open platform, connecting the world through a protocol that made communication easy and instantaneous. Computer software was written to assist us in difficult tasks and make this process easier and quicker to perform. Neither had considered security an important feature for the digital world of tomorrow. And both have been catching up ever since.
In essence, the Internet is just a bigger version of your office network. It is also just a bunch of computers, connected by cables, and assisted by servers, routers and modems. Even though your message on the Internet may cross an ocean via an underground cable, bounce off two different satellites and be delivered to someone's mobile phone on a moving train - the system resembles an updated version of the telephone exchange. And when you are an operator, or a wire tapper, or a jealous boyfriend - all you need to do is create an additional receiver on the communicating line and you will hear the entire conversation that goes on. The same with the Internet. Anyone can intercept and read your message on its way around the computers of the world. And so it happens.
Internet surveillance systems have been implemented at national levels for some time. In 1998, the Russian government passed a law stating that all ISPs must install a computer black box with a link back to the Russian Federal Security Services (FSB) to record all Internet activity of its citizens at their own cost. The system is known as SORM-2. The United States introduced a similar system - CARNIVORE. China’s ‘Golden Shield’ project was announced on 2001. Rather than relying solely on the national Intranet, separated from the global Internet by a massive firewall, China is preparing to build surveillance intelligence into the network, allowing it to 'see', 'hear' and 'think'[3]. A global surveillance system known as ECHELON (reportedly run by the United States in cooperation with Britain, Canada, Australia and New Zealand) was set up at the beginning of the Cold War for intelligence gathering and has developed into a network of intercept stations around the world. Its primary purpose, according to the report [4], is to intercept private and commercial communications, not military intelligence.
Surveillance and monitoring techniques have passed from the hands of intelligence personnel to the hardware and software systems, operated by private companies and government agencies. Phone bugging and letter opening has been superseded by the technology that allows monitoring of
everyone and everything at once. Now, we are all under suspicion as a result of the surveillance and filtering systems our governments install on the Internet. The technology does not often differentiate between users as it waits for certain keywords to appear in our email and Internet searches and, when triggered, alerts surveillance teams or blocks our communications.
For instance, when surfing the Internet in Iran, if you were to type in any of the following words into the Google search engine, your query will be blocked and fail:
condom
annmarie
chandice
chastity
bath
belly
dita
ebony [5]
Apart from feeling puzzled while guessing how someone searching for the word 'bath' could be plotting to undermine the current Iranian government, you have to bear in mind that the above words are for English languages web searches, and if you wish to surf in Farsi from Iran, you would encounter many other words, including 'woman', 'human rights' and so on.
Surfing the Internet from Hoi Chi Minh city (Vietnam), you would find that access to websites from Human Rights Watch, Hao Hao Buddhism Organisation, Committee for Religious Freedom, all opposition and most pro-democracy sites and many others is blocked [6]. Your Internet browser will show a blank page, explaining that the URL (the address of the website) is not allowed. These type of denial messages differ from one filtering state to another. In Saudi Arabia, for instance, you will be presented with an online form to fill in, should you wish to protest against the censoring of a website. Needless to say that few would be willing to submit their name and address as those opposing the government policy to the communication police. Browsing to a banned website from Tunisia will just bring up a message saying that nothing exists under that name (a 403 error in techspeak). Repeated attempts of access to blocked websites will cause your whole Internet connection to crash, should you be surfing from China. Probably the most sophisticated surveillance and censorship system anywhere in the world, the Chinese filters will begin to block any Internet queries should you repeat your attempts of accessing a banned website, and you could soon expect a visit from the police to your house.
The Chinese are able to pinpoint an Internet operation from your computer to the house where you live because every time we are on the Internet we receive what is known as an IP address. It acts as a unique identifier, like a postal address, to pinpoint our computer on the global network. Any IP address can be traced back to your Internet Service Provider and, more often than not, they keep a list of which client gets what IP address at a given time. In most countries ISPs are obliged to cooperate with the local government and provide details of who was browsing under what IP. This methodology was used to crackdown a worldwide Internet paedophile ring last month [7]. Whilst we may all agree with using this technology for the purpose of catching paedophiles and terrorists, the problem arises when we realise that these methods are being used to trace and punish a wide variety of Internet users operating within international legislations and moral covenants. You and I, in other words.
Writing this article in a local café with a wireless Internet connection for its customers, I was able to perform some surveillance of my own. Choosing the unsuspecting café punters sitting around the room on their Apple laptops, I switched on a 'sniffing' program that I had downloaded for free from the Internet [8] a few minutes ago. Within 30 seconds I was able to read that Roger was writing to Jessica about meeting up next week at this very café to discuss some sort of a publishing event. If I were up to malice, I could have written Jessica another email, purporting to be Roger and change our place of meeting...
Biting back...
Newton's third law of motion states that 'For every action there is an equal but opposite reaction'. It applies to the Internet as well. In lieu of the surveillance and censorship infrastructures described above, the Internet community has come up with many options of bypassing these blocks and protecting your privacy. Tools range from a simple webpage that will help you to circumvent the censorship rules in your country to installing on your computer an anonymity system that would nullify the majority of sophisticated surveillance and filtering systems.
Whenever you cannot access a website from your country, you could ask another computer on the Internet to do it for you. This is known as using a proxy server, as this intermediary computer becomes a proxy between you and your desired website. There are numerous proxy services on the Internet, the easiest of which are web-based proxies. This means that all you need is to access a website, from which you can continue to browse the Internet unrestricted by your in-country censorship rules. A popular service is provided by Peacefire (www.peacefire.org), and if you sign up to their mailing list, you will receive news of all new web-based proxy sites they are setting up every fortnight or so.
If you have a group of friends in a country where the Internet is not censored, you could ask them to install a proxy server on their computer for you to use. A recent program, released by the CitizensLab in Toronto, has made this process incredibly simple and quite secure. The program is called Psiphon (www.psiphon.civisec.org) and will allow anyone with an Internet connection and the Windows operating system to install a web-based proxy on their computer. Your friend will then provide you with the IP number and password for accessing their proxy. Since this system is based on closed trust networks (small groups of friends), it is quite difficult for the surveillance agencies to detect and block.
A more sophisticated approach would be to join one of the anonymity networks that exist on the Internet. Browsing the Internet through such a network would disguise your true identity from any computer or website and will probably make any filtering in your country powerless to stop you. One such network is Tor (http://tor.eff.org), with an interface in many different languages and a huge team of supporters and contributors around the world. When you are using Tor, the ISP or the national surveillance agencies do not know what websites you are looking at and hence cannot prevent you from doing so. The website that receives your query does not know where this query originated. You are even hidden from the anonymity system itself - i.e. no one in the Tor network can successfully pinpoint you to a certain location.
There are many other tricks and methods to achieve a higher level of privacy and security on the Internet. They include different types of encryption - a way to make your information completely unreadable to all but the intended party; steganography - hiding text in a picture or sound file or even in other text; choosing good passwords to protect your Internet accounts and so on. There is not enough space in this article to dwell upon them all, but you could refer to numerous publications and blogs out there on the Internet.
Please note that in the world of security nothing is 100% guaranteed. You must be aware of the security provided by the tool you choose and its possible vulnerabilities. In other words, should you wish to increase the security and privacy of your operations, you must take time to study the possible risks and outcomes yourself, in order to decide which is the right tool for you and when you should refrain form using it.
Last bits...
This article touches but a tip of the iceberg of all the issues of Internet security. I hope it makes you feel a little worried for this is often the only way to bring about change in your habits and processes. If security and privacy are important to your work and leisure activities, then don't feel too comfortable next time you sit down behind a computer. There is a Big Brother out there and he is probably watching you.
But don't throw up your hands in despair. Install one of the tools mentioned above or those available on the Internet. Many do not agree with the way the Internet is being reigned and controlled. Start fighting back for that very basic reward - your rights.
Dmitri Vitaliev is the author of the recently published book titled 'Digital Security and Privacy for Human Rights Defenders' [9] (http://www.frontlinedefenders.org/manual/en/esecman/) and the co-editor of the NGO in a Box - Security Edition (http://security.ngoinabox.org) project.
[1]
[2] http://www.internetworldstats.com/stats.htm
[3] Privacy International www.privacyinternational.org - Privacy and Human Rights Report 2004
[4] European Parliament, Temporary Committee on the Echelon Interception System (2001) Report on the Existence of a Global System for the Interception of Private and Commercial Communications (ECHELON interception system) , May 18, 2001.
[5]
[7] www.wireshark.org
[9] http://www.frontlinedefenders.org/manual/en/esecman/
* Please send comments to [email protected] or comment online at http://www.pambazuka.org