TECHNOLOGY

CITIZEN HACKTIVIST

Breaking down firewalls set by repressive regimes comes at a cost

November 13 2006
TECHNOLOGY

CITIZEN HACKTIVIST

Breaking down firewalls set by repressive regimes comes at a cost

November 13 2006

CITIZEN HACKTIVIST

TECHNOLOGY

Breaking down firewalls set by repressive regimes comes at a cost

Although many countries would consider Ronald Deibert a criminal, he doesn’t particularly look like one. His fashionably dishevelled hair, chalky complexion and world-weary demeanour are more suggestive of a lapsed punk rocker than someone intent on fighting Internet censorship in the name of human rights. But Deibert heads an internationally respected group of hacktivists, and the impending release of software they’ve developed to circumvent censors is going to keep him in a lot of people’s bad books for the foreseeable future.

Formally, Deibert is the director of the Citizen Lab, part of the University of Toronto’s Munk Centre for International Studies. Located in a dimly lit cavern in the centre’s basement, the lab is made up of altruistic geeks devoted to the task of freeing the Net. In places such as China, Iran and Saudi Arabia, where firewalls filter Web content deemed too “sensitive” for the citizenry to view, the clandestine, online challenges to authority by Deibert and his cyber-colleagues would get them locked up, or worse. Now, in what is expected to be a blow against the censors, the Citizen Lab is preparing to release a free, easy-to-use program called psiphon. Designed to scale those firewalls by stealth, psiphon promises anyone living in a censored country unfettered access to previ-

ously blocked websites. “It’s going to have a huge impact,” Deibert says of psiphon’s launch on Dec. 1. “It’s the most significant piece of software to be released in Canada this year, there’s no doubt about it in my mind.” Deibert and his colleagues move in dangerous circles so that others—psiphon users, in particular—won’t have to. Recently, an investigator engaged in electronic detective work for the Citizen Lab in a Central Asian republic was fatally shot. “We’re still in shock here in the lab,” Deibert says. “The report was suicide, but there were two bullets in

his head, so...” The victim, whom Deibert declines to identify to protect the family, was involved in other human rights activities, so Deibert can’t be certain the man was killed because of his connection to the downtown Toronto lab. Still, he says, “it’s certainly the nature of the business, in the parts of the world we deal with, that people who challenge authority in this way are ‘taken care of.’ Everybody involved in this project has stories.”

ONE INVESTIGATOR WAS FATALLY SHOT. THE REPORT SAID SUICIDE, BUT THERE WERE TWO BULLETS.’

That’s why such a heavy emphasis has been placed on making psiphon safe, and virtually undetectable by the authorities, Deibert says. He knows because the Citizen Lab spies on the spies. This is accomplished through the OpenNet Initiative, a collaboration between Deibert’s lab and Harvard and Cambridge universities. Under OpenNet, some 80 investigators living under oppressive regimes probe the inner electronic workings of more than 40 countries suspected of censoring the Internet, or known to do so. From this knowledge, psiphon was developed over a number of years.

Here is how it will work: beginning next month, uncensored Internet users in Canada, the United States, Europe and elsewhere will be able to download psiphon from the lab’s website at http://psiphon.civisec.org and install the application on their home computers. “It’s so easy,” Deibert says, “my sixyear-old could do it.” The goal is to launch versions in English, French and Russian, while Chinese and Arabic translations may also be ready by the release date, or shortly thereafter. After installing psiphon, the uncensored user communicates by telephone with friends and family in a censored region to relay a unique, ll-digit Web address. That person then enters the secret URL into his or her browser to connect to the psiphonenabled computer. Up pops a log-in page that requires a username and password, also supplied by the uncensored contact. The person can then surf the Net at will.

Elijah Zarwan, a Cairo-based consultant who last year wrote a report on Internet censorship in the Middle East and North

Africa for Human Rights Watch, has high hopes for psiphon. “Repressive governments are in a cat-and-mouse game with Internet users—as new means of circumventing cen-

sorship come online, governments find ways to shut these avenues,” Zarwan says. “The advantage of psiphon is that so long as it remains within trusted circles, it will be very difficult for governments to shut off.” Because no software is installed on the computer in the censored country, a machine seized by the authorities won’t incriminate the user, says Rafal Rohozinski, a security expert at the University of Cambridge, and member of the OpenNet Initiative. “There’s no actual trace of the application,” says

Rohozinski, “or of what psiphon does on a user’s computer.”

Communications between computers running psiphon are encrypted, and cleverly disguised. Web content deemed objectionable—Western news sites such as CNN or the BBC, or blogs by opposition parties—is sent through port 443 on the computer, the same outlet used when someone banks online or buys something from a secure website. Deibert says

that to anyone eavesdropping electronically, the illicit surfing “will be indistinguishable from any of the millions of financial trans-

actions that are going on—it would be like looking for needles in haystacks.”

‘THE ADVANTAGE OF PSIPHON IS THAT IT WILL BE VERY DIFFICULT FOR GOVERNMENTS TO SHUT OFF’

Aside from the user, the Web content will also be visible to the person with psiphon installed on the home computer, which will dissuade psiphon from being used to view, for example, child pornography, Deibert says. And while it is theoretically possible for the authorities to track down someone using psiphon, Michael Hull, psiphon’s lead software engineer, says current computing capabilities will first have to undergo an exponential explosion in capacity—which, in practical terms, he says is “impossible” at the moment. The risk to psiphon users, Hull adds, is “never zero, but if you take all the steps you can to make it as safe as possible, in the end you’ll end up having something that is much safer than using any other method to visit a censored site.”

In this world of cyber-spy versus cyberspy, Deibert has had his own run-ins, albeit relatively minor ones. Last spring, he says the Canadian Security Intelligence Service sent two agents to his lab’s computer-lined office to warn him his research into statesponsored firewalls placed him at personal risk, perhaps from the Chinese. “Their explanation for why they got in touch with us was we were a possible taget for foreign agents,” Deibert says. “Not that we need to be told that.” He says the CSIS warning was appreciated, but he already knew of an Atlanta programmer who had been visited by what were assumed to be Chinese agents. “They beat the hell out of him and took his computer.”

CSIS says it isn’t in the habit of confirming or denying whom it visits. “What we do is we investigate threats to national security and then we provide advice to the government,” says Barbara Campion, a CSIS spokeswoman. “We don’t, as a rule, provide advice to individuals.” Regardless, Deibert is sticking to his story. “Interesting,” he says of the response from CSIS. “I guess we were the exception to the rule.”

Deibert now says it’s up to those who live free to step up. And Canada, with its large diasporas, is particularly well-placed to play a leading role in downloading psiphon and spreading the word. “It’s like extending a hand across borders to help your cousins whose human rights are being denied,” says Deibert. And where’s the crime in that? M