For Austin Heap, there was nothing particularly remarkable about June 14, 2009. The 25-year-old computer programmer was home in his San Francisco apartment, spending his evening the same way he spent much of his free time: playing videogames. “I was sitting at my computer, as I usually do, playing Warcraft,” recalls Heap. “My boyfriend asked if I was following what was going on in Iran, and I said no. I was busy killing dragons.”
Later that night, Heap logged on to his Twitter account. He read about the growing number of Iranians claiming that their votes had been stolen in the presidential election, and he saw people complaining that the government was censoring their cries of fraud and election rigging. For Heap—who says, “I am for human rights, the Internet, and I check out from there”—something clicked. At that moment, he decided to become involved in a battle more than 7,000 miles away in a country he admits he knew next to nothing about. “I remember literally saying, ‘OK, game on.’?”
Since the Internet came into its own, there has been no shortage of breathless expectation about what technology would do for the world’s least-free places. Put simply, democratizing technologies were supposed to lead to democracy. They didn’t. Only later did people realize that the technology was just a tool; what mattered was how it was used. And authoritarian regimes initially proved to be more sophisticated than their opponents at wielding these new weapons.
View a list of the world's biggest cyber attacks.
The History of Computer HackingNow a new generation of hacktivists like Heap is fighting back. They are not seeking silver-bullet solutions but scalable technologies that will unlock the one advantage the people always had—the sheer power of their numbers. “The technology variable doesn’t matter the most,” says Patrick Meier, director of crisis mapping for Ushahidi, a group of digital activists doing cutting-edge work in open-source interactive mapping. “It is the organizational structure that will matter the most. Rigid structures are unable to adapt as quickly to a rapidly changing environment as a decentralized system. Ultimately, it is a battle of organizational theory.”
That’s one of the first lessons Heap learned when he took on the Iranians. In many authoritarian countries with a closely monitored Internet, citizens evade the state by using proxy servers that mask their identity as they surf the Web. So, at first, Heap thought it would be helpful to create safe proxies that people in Iran could use. He posted advice on his blog about how people could run proxies from home. He soon had nearly 10,000 people following his instructions. But his efforts were almost pointless; Heap was taking on the Islamic Republic in a game of one on one, and he was no match. The regime’s censors apparently read his blog, too, and simply trailed behind him, closing proxies as he pronounced them ready to use. “We could watch Iran respond,” says Heap. “We would do something, and they would block it.”
But then he had a stroke of luck. Someone with the online handle Quotemstr asked Heap to join a specific chatroom. Quotemstr wasn’t interested in making idle conversation. He was a disaffected Iranian official with information to share. He provided Heap with a copy of the internal operating procedures for Iran’s filtering software. The 96-page document was in Farsi, but the diagrams told Heap what he needed to know. (A computer savant, Heap learned his first programming language in fourth grade; he was programming in 18 languages by his senior year in high school.) “Four days ago I was killing dragons with my firepower,” he recalls, “and now I was getting leaks from inside the Iranian government.”
Less than a month and many all-nighters later, Heap and a friend had created Haystack. The anti-censorship software is built on a sophisticated mathematical formula that conceals someone’s real online destinations in-side a stream of innocuous traffic. You may be browsing an opposition Web site, but to the censors it will appear you are visiting, say, weather.com. Heap tends to hide users in content that is popular in Tehran, sometimes the regime’s own government mouthpieces. Haystack is a step forward for activists working in repressive environments. Other anti-censorship programs—such as Tor, Psiphon, or Freegate—can successfully hide someone’s identity, but censors are able to detect that these programs are being run and then work to disable the communication. With Haystack, the censors aren’t even aware the software is in use. “Haystack captures all outgoing connections, encrypts them, and then masquerades the data as something else,” explains Heap. “If you want to block Haystack, you are gonna block yourself.”
The biggest hurdle Heap had to clear was, surprisingly, his own government. Because of the United States’ strict sanctions laws barring trade with Iran, it was actually illegal for Heap to distribute a software program in Iran, even if it was aimed at promoting freedom. But his innovation caught the attention of the State Department, and it was fast-tracked for speedy approval. In the past year, he has also cofounded the Censorship Research Center, a nonprofit dedicated to fighting censorship everywhere. When I first met Heap in January, he was regularly shuttling to Washington, D.C., for meetings at State and Treasury and with senior lawmakers. “Tomorrow I meet with [Sens. John] McCain, [Bob] Casey, maybe [Carl] Levin, but I don’t know if I will have enough time,” he told me, wearing jeans and a well-worn T shirt that said SUPER CHEVROLET SERVICE.
With his U.S. government waivers in hand, Heap is now deploying Haystack in Iran. His one-word mantra is “scalable.” Heap intends to gradually develop Haystack’s presence in the country. He has started to share it with select activists and trusted individuals on an invitation-only basis. They will then be asked to share it with their friends. It is the same model that was originally followed by Google’s Gmail. The targeted approach is smarter from a security standpoint. Also, he doesn’t want the software to collapse from low-value demand. “It is better to focus on people who are active than people pirating music,” says Heap. “Organic growth is going to be much more successful than trying to blanket the country.”
Of course, Iran will use any method—sophisticated or not—to counter such efforts. The Iranian regime has long made its presence felt online, blocking sites or redirecting traffic to government-run Web sites. Tehran frequent-ly throttles the country’s bandwidth, especially when protests are planned, to make uploading video or images painfully slow, if not impossible. And, just as the Revolutionary Guards have taken a greater role in most areas of the country’s political, social, and economic life, so too have they become the dominant force policing Iran’s virtual world. In May, a senior member of the Revolutionary Guards bragged that the regime has built the world’s second-largest cyberarmy, after China’s. Created last year and known as the Cyber Defense Command, this unit is believed to be behind most of the hacking and infiltration of opposition Web sites and e-mail accounts. Heap says it would be naive to think the regime won’t target Haystack, and he claims to have thought through not only the countermeasures “one, two, and three…but also four, five, and six.”
The only way to stay ahead in this cyberwar, though, is to play offense, not defense. “If it is a cat-and-mouse game,” says Meier of Ushahidi, “by definition, the cat will adopt the mouse’s technology, and vice versa.” His view is that activists will have to get better at adopting some of the same tactics states use. Just as authoritarian governments try to block Voice of America broadcasts, so protest movements could use newer technology to jam state propaganda on radio or TV. In Iran, activists are experimenting with ways to use new tech tools to cripple the government’s surveillance cameras, effectively blinding its eyes in the sky. The hacktivists will also have to reappraise their technology constantly, to see how else it might be used. Meier’s own organization began as a Web platform to map violence erupting in Kenya after that country’s elections in 2007. As a tool, Ushahidi—which means “testimony” in Swahili—works in near real time to create crisis maps by integrating reports from people on the ground via e-mail, text, or the Web. The technology proved critical in shaping the disaster response to the earthquakes in Haiti and Chile and is credited with saving hundreds of lives. Although Ushahidi is best known today for aiding humanitarian missions, opposition groups are now using this scalable open-source technology to expose election tampering or voter intimidation in places like Burma and Sudan. It has also been downloaded in Iran.
The gradual, go-slow approach of Heap and others shouldn’t mask their ambition. After such an extraordinary year, I asked him where he hoped his organization would be a year from now. “I hope we are ready to take on the next country,” he replied. “We will systematically take on each repressive country that censors its people. We have a list. Don’t piss off hackers who will have their way with you. A mischievous kid will show you how the Internet works.” The world’s dictators should consider themselves on notice.
Dobson is writing a book on the challenges to democracy, to be published by Doubleday.
No comments:
Post a Comment