-
Best Defense
Robots: Killing Our Warrior Spirit?
-
The Cable
Whistleblower: I'm Being Bullied By State Dept.
-
Passport
Syria: Is It the Sunnis' or Shiites' Fault?
Posted By Evgeny Morozov
Wednesday, September 15, 2010 - 1:10 AM
Share
So the Haystack Affair (is there a Wikipedia page named after this already?) continues generating food for thought for those of us working at the intersection of free expression, Internet censorship, and media development.
Yesterday I blogged about what the Haystack Affair suggested about the responsibility of "Internet intellectuals." Ethan Zuckerman, who was one of the intellectuals I singled out in that post, eloquently responded to my criticism on his blog.
"I’ve not published on Haystack for a very simple reason: I haven’t been able to conduct a proper evaluation of either the tool or the protocols behind it," wrote Ethan.
But I think that Ethan's rebuttal fundamentally misunderstood the origins and the direction of my original criticisms. Ethan writes:
"Evgeny’s concern in his recent post appears to be that I haven’t publicly critiqued Haystack, a proposed censorship circumvention tool that’s received a great deal of laudatory press coverage."
That's not my concern; I apologize if I didn't state it more cogently in the original post. My concern is that Ethan hasn't joined the public pressure campaign on Haystack to a) open up their code to external examination b) provide more information about how they operate.
Once again, I know that this post will make me sound extremely self-righteous so there is no need to point that out in the comments (I'm looking at you, David Sasaki!).
To understand what exactly I'm driving at, I need to elaborate on the history of the Haystack Affair. Here is my brief understanding of what has happened. (I'm almost sure I am overstating my own role in this -- but I hope Jake Appelbaum and others can chime in the comments and set the record straight.
***
Around early August 2010, many people on Stanford's Liberation Technology mailing list started asking a lot of serious questions about Haystack's model; their unwillingness to have their code examined; and their overall lack of transparency.
Based on my own long-running investigation of Haystack -- which long predates my membership in the Lib Tech mailing list (I discuss Haystack in my book, so I did a lot of research around them in the past) -- I wrote a provocative blog post, which got some media attention and triggered an angry -- some might say nearly hysterical -- reaction from Austin Heap.
This, in turn, led to even more questions about Haystack on the Lib Tech mailing list and elsewhere in the blogosphere. Austin's nervous reaction surprised me, prompting me to continue digging into Haystack. It also pushed me to join forces with Jake Appelbaum, who has had many similar concerns, and voiced support to my criticism of Haystack on the Lib Tech mailing list.
I also started working on a second, much longer blog post for Foreign Policy. I decided to indulge Austin's call for more and better reporting around Haystack and put my heart into the investigation.
In the meantime, the attention that all of this brought to Haystack pushed Austin to release some major information about its inner workings in responses to my questions. For the first time, we actually got a short technical note from Haystack's developer Daniel; it discussed some basics about Haystack's steganography.
I believe such close scrutiny of Haystack -- in my blog posts and by others in the blogosphere and on the mailing list -- has also pushed Austin Heap to demo the software to more people in San Francisco. Some of them noticed flaws in Haystack's design. (Of course, it's also possible that Austin had been planning those meetings for a long time; the fact remains that the fact that Haystack was everyone's favorite subject last week probably resulted in much more scrutiny being paid to how well it matches the claims made by its founders. )
Jake gleaned some information about Haystack from my communication with Heap (much of it was on the record -- and Austin himself promised to publish his answers) and conducted his own investigation. We did share a lot of notes in the process -- it was a collaboration I greatly enjoyed! In addition, some of the details that emerged from the demos that Austin Heap showed to people in San Francisco helped Jake grasp that it was extremely insecure and push Austin to shut it down (which, as we later found out, he didn't).
I kept digging into Haystack, reading everything I could find and spending a lot of time talking to people on Skype and on the phone. Eventually I got hold of several Iranians in London who had helped Austin Heap to recruit some of Haystack's developers in the country. It was them who gave me a copy of Haystack, which I then passed on to Jake for analysis. You all know the rest: Haystack was shut down on Sunday night.
Now, my conclusion -- and I'm curious as to what Jake thinks about this - is that we wouldn't have been able to expose Haystack without the public campaign that aimed at forcing Austin to start sharing more information about the project.
Even before seeing a copy of their code, Jake knew enough about how Haystack works to force Haystack to shut down. What he learned on Sunday was devastating -- but we knew ENOUGH by end of day Friday -- BEFORE we got hold of a copy of Haystack's code.
Thus, where I do think Ethan and many other academics/intellectuals failed to act responsibly was in not joining that public pressure campaign on Austin -- on the mailing list or on their blogs and tweets (not to be a complete jerk about it but Ethan's only public noise about Haystack was a retweet of someone else's suggestion that Austin Heap and me go on Jerry Springer).
Anyone who would go through that Lib Tech mailing list would not fail to notice that many of the questions raised about Haystack -- once again without anyone seeing the code -- were valid. I don't think it was a particularly hard campaign to notice -- and I think that Ethan himself acknowledges that he has been watching it from the sidelines.
Could Austin Heap be pressured into opening up his virtual (in all senses) empire earlier had people like Ethan Zuckerman joined our efforts? I don't know -- but I do think that Ethan and others did HAVE a responsibility to join that debate and voice their concerns about Haystack's methods and strategy.
One doesn't have to look inside Haystack's code to notice that the kind of risks its founders were putting their users under required a completely different operating model and probably a different working relationship with the rest of the community.
Evaluation of technology requires more than just close scrutiny of the code and the protocols involved; it also requires some hard thinking about the appropriate norms & the context. Academics -- and especially academics with a public profile who take it upon themselves to explain technology to non-technologists -- are well-aware of what those norms and contexts are. As far as I am concerned, it seemed pretty clear that Haystack violated both. If Ethan and others can make a convincing case that this was NOT clear, I'll be happy to acknowledge that I'm wrong and retract my criticism.
On the other hand, let's just imagine what would have happened if that public campaign had NOT occurred. Chances are that Austin would still be meeting with senators, raising money, and putting even more Iranians at risk. Ethan and others would still be waiting until a copy of Haystack's code would suddently drop from the sky.
To know that people's lives may have been put at risk and fail to act when such an opportunity to came around -- well, I just don't think that this is a valid excuse. I don't want to go all Sartre on Ethan or anyone else at the Berkman Center and outside, but to me it seems quite obvious that the noble desire to publish respectable papers about how circumvention technology works does not absolve one of the necessity to engage in public debate about it, especially when one has so much to contribute to it. One doesn't have to stop being an academic to participate in such debates; I don't think that a couple of critical emails to a mailing list somehow compromise anyone's academic integrity.
(And I do find it quite hilarious that two people without a PhD -- me and Ethan -- are arguing about the responsibility of academics. For the record, I deliberately framed this as the “responsibility of intellectuals” debate for that purpose.)
Evgeny,
Enjoyed reading this and your earlier blogs on the subject.
As I thought I'd explained in my previous post, Evgeny, there's a tension between the role you'd like me to play - joining in the group condemnation of Haystack - and the role I am obligated to play as an evaluator of tools in the space. If I had joined the Liberation Tech discussion or your subsequent campaign, it would have been very difficult for me to offer an impartial evaluation of Haystack as part of a set of available tools later this year. As I expressed in my response to you yesterday, I find this position frustrating, but I don't see a way that I can both be a responsible evaluator and be the advocate you hope I would be. Fortunately, there's been criticism by the security community of Haystack for many months, much of it in private, some of it in public. As I expressed before, I'm glad that the Lib Tech list and others brought this issue into the open - charged with evaluating these tools, I was not able to be part of that effort.
At the end of this post, I believe your critique is off the mark and unfair. "To know that people's lives may have been put at risk and fail to act when such an opportunity to came around - well, I just don't think that this is a valid excuse." Haystack was being used by less than a dozen testers. I have been in dialog throughout with Iranian dissidents for several months on the topic of Haystack - none I was in touch with it were using it or knew anyone who was using it. If the tool had been in use, my colleagues and I would have been far more concerned. We also would have been able to obtain a copy, at which point we could have tested it and shared concerns based on analysis rather than speculation.
Thanks, Ethan. Let's agree to disagree here. I don't think it matters whether it was 12 or 1200 people testing Haystack in Iran; for all I know the fact that there were just 12 only makes it worse, as they would probably be even easier to identify.
Besides, no one asked you to forego impartiality and bash Haystack's code before you had a chance to examine it. Going on the record and saying that there are many troubling signs about Haystack does not sound like a compromise of academic integrity to me - especially given that you have already expressed those reservations in private and, thus, I assume made it clear that you were skeptical/concerned.
Having followed the affair from both sides and working to publish over the past few days warnings in both English and Farsi that there are potential risks in using Haystack, I'm going to have to say Ethanz makes the better argument here. In evaluating tools there is a responsibility for impartiality in spite of what you might think of the rhetoric or development model chosen by the developers. Evengy seems to be revelling more in that some of his assertions happened to turn out to be correct.
Bandwagoning was what pushed this product into the spotlight well before it should have been, and bandwagoning against it simply to join the chorus is not the best response. What's missing from this and many other tools that are touted as useful for bypassing censorship and/or protecting anonymity are public, observable and repeatable tests in different conditions that back up claims, and Haystack is not exactly in the minority in this respect. We don't hear nearly enough about the limits and how narrow window of use that other tools, including those such as Tor, have. That sets up just as dangerous a situation.
While valid concerns did emerge and seem to have a solid basis, there's also an incredibly vindictive tone that goes beyond the pale and doesn't look steeped in concern for Iranian dissidents nearly as much as it seems to come out of a general scorn for the CRC and Austin's methods. That's well enough, but masking one for the other is cheap.
I fault HBO. I watched the "For Neda" documentary, and saw the interview with Austin Heap mentioning Haystack. Sounded interesting, but I searched everywhere online, and found nothing of substance. I searched counterpane.org and saw no mention of Haystack. I can't answer why HBO didn't do the due diligence there.
But it's not like Heap was then awarded the Nobel Peace Prize, or people lost their lives due to vaporware, no? I
I'm straining to understand your grasping at straws to find some fault with Ethan Zuckerman.
Evgeny, I get your general thesis: the social media space is absolutely crowded with boosters who are all-too-happy to claim victory without pausing to even consider an objective analsyis. From the blog-triumphalism of the 2004 tsunami response, to the would-be twitter revolutions I've seen it all. Kudos to you for regularly flogging this horse. The tech world needs to hear from less boosters.
And then there's Ethan Zuckerman. He's the real deal. I've watched his presentations at various Berkman Center events, and read his citizen-research online over the years, and always waited for him to slip. No dice: he knows his stuff, and he knows when to measure his words. If I ever bothered to re-jigger who I could follow on Twitter, it would be people with Ethan's sense and sensability. Heck, I will add to my confessional chanting at Yom Kippur services that I haven't used my spare time as Ethan Zuckerman does.
At the risk of hyperbole, I'd say that calling out Ethan for more actively taking a stand on something he hasn't looked at is like calling out Bono for not tending to every last humanitarian catastrophe.
I will add here that I likely don't know half the background story (the emails on the Tech Lib list)-- I knew some of it before today, and read through many more of the connected posts this evening. My comment above was the coincidence of my needing to praise Ethan's work from somewhere else this week, and then seeing him in this context, which I thought was a bit of an unfair attack.
I would agree with a larger point you may be trying to make here -- for all of the chatter about new media (blogs et al) encouraging "self-corrections", that didn't really happen here. And it was even more so ironic because the topic was a technical one.
As Richard Dawkins never said, it's hard to keep a good meme down. The league of informed social media critics is still quite small.
One other point, while I still have nobody's attention: I mentioned the "2004 tsunami response" above. This brought up a question from an acquaintance of mine who was involved with that. I was critical then about the blog triumphalism around this -- as the blog in actuality was an unreadable mess. In response, the organizers readily pointed that it was the wiki (then emerging to popular use) that performed much better. But the message got lost on the way to the media. :-)
You are criticizing Ethan because he "hasn't joined the public pressure campaign on Haystack"? Dude, whatever. We obviously don't live on the planet. Under what theory does Ethan have an ethical or moral obligation to join in a public pressure campaign? That's just ridiculous. I can't believe you are suggesting such a ridiculous position.
I heard someone say something dubious on CNN the other day. Under your theory, what are my ethical obligations? Am I obligated to create a pressure group to lobby the world and issue press releases and spam around email messages condemning the person as an idiot? Come on. Get real.
I think your argument has no merit whatsoever, and I feel bad for Ethan that he would be publicly called out in this way. I think you are being deeply unfair to Ethan and the rest of the academic community, and I urge you to take a deep breath and rethink your position. Rather than aiming your fire at your allies, perhaps you should look at the structure of the system that allowed such a flawed system to be adopted, and focus on more constructively how we can improve the tools available to dissidents in countries with repressive governments.
Evgeny Morozov, originally from Belarus, is a visiting scholar at Stanford and a Schwartz Fellow at the New America Foundation.
Read More
May/June 2013
-
Profile
-
FP Power Map
-
Think Again
Follow us on Twitter | Visit us on Facebook | Follow us on RSS | Subscribe to Foreign Policy
About FP | Meet the Staff | Foreign Editions | Reprint Permissions | Advertising | Writers’ Guidelines | Press Room | Work at FP
Services:Subscription Services | Academic Program | FP Archive | Reprint Permissions | FP Reports and Merchandise | Special Reports | Buy Back Issues
Privacy Policy | Disclaimer | Contact Us
11 DUPONT CIRCLE NW, SUITE 600 | WASHINGTON, DC 20036 | Phone: 202-728-7300 | Fax: 202-728-7342
FOREIGN POLICY is published by the FP Group, a division of The Washington Post Company
All contents ©2013 The Foreign Policy Group, LLC. All rights reserved.
(7)
SHOW COMMENTS LOGIN OR REGISTER REPORT ABUSE