Encrypted iPhone Calls

While Marlinspike worked a stint as a Twitter security engineer, however, Whisper’s apps were open-sourced and increasingly adopted around the world. Today, he says Redphone and Whisper’s encrypted text messaging app for Android called Textsecure have been installed on hundreds of thousands of phones, the majority of which are outside the United States. Users in China, Iran, and the Middle East have adopted the services to evade their intrusive governments’ surveillance techniques. The apps got another boost when Whatsapp, which has an especially large user-base in Europe, was acquired by Facebook, spooking many of its privacy-conscious users. “For people around the world, providing credible alternatives to not be spied on by their governments is very important for freedom,” says Moran.
Your iPhone Can Finally Make Free, Encrypted Calls: Wired.com

As someone interested in the logistical side of dragnet surveillance, it’s particularly gratifying to see apps like Signal launch. As a corollary to Moran’s point about oppressive governments: given that groups like the UN General Assembly have affirmed the right to privacy in the digital age, I don’t think it’s an exaggeration to say that encryption apps like these are pro-human rights as much as they’re anti-surveillance apps.

Somewhere along the way, someone decided that e-mails weren’t deserving of the same rights to privacy as paper letters. Technology empowers governments and so there’s a big temptation to overreach. Think how much harder the Stasi had to work: they had to steam envelopes open, maintain paper records, and manually listen to telephone conversations. Technology makes it so much easier to overreach, and so in terms of fighting against this sort of intrusive surveillance, the focus has to be on restraint and on responsible use of technology. The genie’s out of the bottle (nobody’s going to uninvent the Internet), and so now it’s a question of developing tools that fight mass surveillance on a logistical level. It’s not a perfect fix, but it’s faster than waiting for legislation.

Applied Crypto

I’ve been tinkering with online cryptography for almost a year and for some reason have only discovered Tim Bray’s blog this evening. This guy has the right ideas, and writes well:

Now, Key­base isn’t per­fec­t; it has a super-slick Web GUI, but to de­crypt and sign stuff you have to store your pri­vate key with them; this makes re­al cryp­to geeks blanch in hor­ror, and just­ly so, be­cause if NSA comes in and waves com­pelling le­gal doc­u­ments at Key­base, they could fid­dle with the soft­ware in such a way as to give the spooks your pri­vate key. Any­body who thinks that isn’t a re­al risk has their head up their as­s.
Practical Cryptography

I got talking to someone yesterday about my major, and I realized that, whatever my on-paper major says, what I’m really studying right now could best be summed up as Applied Cryptography — how to maintain privacy on the web, and why that’s important. My go-to example of how the internet is changing traditional professions like journalism is that governments don’t have to go through reporters to uncover a source. Before, they would jail journalists who refused to disclose their sources — now, they can use technology to sniff a leak out. Snowden:

An unfortunate side effect of the development of all these new surveillance technologies is that the work of journalism has become immeasurably harder than it ever has been in the past. Journalists have to be particularly conscious about any sort of network signalling, any sort of connection, any sort of licence plate reading device that they pass on their way to a meeting point, any place they use their credit card, any place they take their phone, any email contact they have with the source because that very first contact, before encrypted communications are established, is enough to give it all away.

 

Choosing To Read

At the start of August, I’ll have been keeping a list of books read for near enough three years. Each year, I try and look over the list and see what’s notable about it. I’m choosing to do this now rather than at the end of the year not only because the list started in August 2011, but also because this time last year I was in the final stages of getting ready to move to college, and so it’s interesting to look back at freshman year reading.

Growing up outside a small town in Ireland, “with nothing but mooing cows”, as Patrick once said, made reading a pretty attractive pastime for three nerdy kids. Patrick would buy books with names like PHP for the World Wide Web and build websites, John read a lot about history, and I was mostly interested in young adult fiction. I read a fair amount, but probably not enough to be considered a bookworm.

That seems to have changed, particularly over the last year or so. On any given weekday, I spend at least an hour reading books (as opposed to RSS or Twitter), and that number can easily be 4 or 5 on the weekends. I’ve also gotten better at just sitting somewhere and not moving until I’ve read what I want or need to — a useful skill for a major with a hefty required reading list.

Since August 2011, I’ve read 121 books. That’s a book roughly once every 9 days. Since August 2013, I’ve read 71 books, roughly a book every 5 days.

On a whim, I decided to chart this increase in reading against number of tweets sent over the last few years. Twitter’s an interesting one — while there are arguments to be made that reading your stream can be productive (the three internships I worked during high school were all organized through Twitter connections), there’s little evidence that sending tweets is all that useful, and I feel that the law of diminishing marginal returns comes in fast and steep on Twitter. In 2009, I tweeted 7,692 times. In 2013, I only tweeted 2,020 times. It’s obvious that less time sending tweets means less time spent on Twitter itself.

I don’t think it’s unreasonable to say that less time tweeting is more time reading. Reading a book a week is a big investment and, yes, is a bit of a lifestyle choice. Having the Kindle version of the book would also allow me to read a page or two on my phone on the go. Think of how much time we spend on line or waiting for a subway. Thanks to smartphones, we have a choice of how we entertain ourselves: we can check Facebook for the third time that hour, we can play the latest 99c app game, or we can read. [2] To a large extent, deciding to read more does mean grabbing every single chance to read as possible.

Since I have cerebral palsy, it can often be hard for me to lug heavy books around, and my joints will sometimes get too tired to hold long books open. Reading a lot means figuring out how you read best: I have no problem staring at a screen for 6+ hours a day, so I would buy books on Kindle or iBooks and read them directly on my laptop — I call it “lazy reading” because all my tired joints have to do is hit the space bar to go to the next page. I also bought some books from Audible and would tackle them, at 1.5x, while walking to class.

Earlier this year, I decided to do an experiment where I wouldn’t read any more fiction in 2014. I did this mostly because there were so many great non-fiction books I wanted to get to, and excising all the fiction from my current reading list seemed like the fastest way of doing that. Considering how much I have to learn about crypto, digital rights, and activism (my current interests), this has proven to be a worthy choice.

I’ll do a post in December with 2014 book picks, but if you’re looking for recommendations now, I’ll point you to this post from June or my reading log, where my recommendations are in bold.

Tommy Collison is an activist and writer. He studies at New York University and tweets as @tommycollison.

[1] Pro-tip: if you actually read/listen to them, the credit system is worth it.
[2] About 10% of the non-listserv e-mail I get these days is PGP-encrypted, which I can’t read anywhere but on my laptop. Unexpected productivity upside: I’ve found myself checking e-mail less frequently since starting to use PGP in January.

This Is Not A Call To Arms: A Hackers On Planet Earth Post-Mortem

New York City
July 21, 2014

“Everyone is welcome at HOPE events, regardless of race, class, gender identity or expression, [...], text editor choice, and other aspects of who we are.”
– HOPE X Code Of Conduct

If you were following my tweets about the Hackers on Planet Earth (HOPE) conference this weekend in New York, you probably have a good idea what I got up to and how I enjoyed it. Otherwise, here’s a summary.

Since this was also my first conference, so I wasn’t entirely sure what to expect. My understanding of HOPE was that it was a conference for those interested in areas of intersection between technology and social change. This made it very much of interest to me, since I’ve recently become very interested in (and am trying to change my major to study) how politics and new technology interact.

IMG_0524

With recent events like Wikileaks and the Snowden files, technology is very much a hot political topic, and so it’s unsurprising that this HOPE conference (the 10th one held) seemed to focus on dissidents and information security. Barton Gellman, Harlo, and Aure Moser held a panel discussion on how journalists can secure their communications, and Alexander Muentz gave the rather self-explanatory talk entitled Bless the Cops and Keep Them Far from Us: Researching, Exploring, and Publishing Findings While Staying out of Legal Trouble.

Obviously, the most talked-about part of the conference was Daniel Ellsberg’s keynote and his conversation with Edward Snowden. One of the most interesting parts of that talk was Snowden throwing down the gauntlet to people attending the conference. It’s up to you, he said, to interpret technology and make sure the less tech-savvy people are still secure. (See also: Quinn Norton’s talk on “infosec needs of the 99 percent” — security tools don’t have to be perfect, they just need to be used.)

Christopher Soghoian of the ACLU made the same point in his talk Blinding the Surveillance State — the calibre of people who go to HOPE are the knowledgable ones who should be informing congresspeople and lobbyists on tech issues. We had the Office of Technology Assessment in Congress up to 1995, which, according to Wikipedia provided “objective and authoritative analysis of the complex scientific and technical issues of the late 20th century”.

The conference cemented my belief that there’s space for someone knowledgable about tech issues to explain the importance of these issues to people who don’t yet understand them. Such people will literally shape public policy, if they’re listened to. The tech community can make fun of people calling the internet “a series of tubes” or shake their head in disbelief at a judge thinking that having two cellphones is suspicious.

To me, this represents a failure case on the part of tech advocates in educating people who don’t have the same evangelical zeal for this stuff — nothing else. Sure, in a perfect world, we would have congresspeople who knew enough about the technological aspect of bills they were debating that they wouldn’t have to suggest that they “bring in the nerds”. But that isn’t the world we live in. We need to adopt the language congresspeople and lobbyists are using and get through to them that way. We can’t be puritans on the high moral ground laughing at people who don’t realize the connotations “cyber” have to people under 30.

As Soghoian said in his talk, we (the tech community) need to figure out what rhetoric politicians and policy-writers are using. They call for more secure digital communications because they’re afraid of the real or imagined threat of foreign hackers stealing US business secrets. The tech community is calling for more secure digital communications because of the NSA, and if more people start to use encryption, then both groups get what they want, even though they had different motives. It’s hard to sell anti-surveillance moralizing to government committees, not least because it’s probably hard to get one branch of the government to rebuke the NSA, for example, in any meaningful capacity. Basically, digital rights activists need to change their tone and adopt the words that other people, people more in a position to effect meaningful change, are using. Here’s what Soghoian had to say (transcribed from a video of his talk and edited for clarity):

What this means: [The Tor browser] is not an anonymizing service that hides you from the NSA. Tor is a cybersecurity solution that protects US private information from foreign threats. Silent Circle and RedPhone [two apps that provide end-to-end encryption for phone calls on Android] are not secure technologies that blind the NSA or wiretap-proof technologies that keep the FBI out. They are cybersecurity technologies which stop foreign governments from stealing US secrets. The WhisperSystems TextSecure app [which provides end-to-end encryption for text messages on Android] is not a tool for terrorists or criminals. It is a cybersecurity solution, and we should all be pushing “cybersecurity solutions”.

After Jesselyn Radack, Thomas Drake’s lawyer, spoke at HOPE I tweeted that my urge to go to law school was rising. I’m considering law school because, as Radack says, someone who speaks computer and legalese is going to be well-placed in the next few years as we navigate things like network neutrality and dragnet surveillance.

Except that a lawyer who speaks tech is only one possibility — we would also benefit from technologists who understand law. Going to law school is 3 years that I could be doing something else, and also includes a lot of information that, while useful, is unrelated to my area of interest. Part of me thinks that my time would be better spent reading a ton about law in this area and becoming acquainted with organizations like the ACLU. As always though, I’ve only just finished freshman year and I have ages to figure this out.

In any case, roll on HOPE 2016!

3 Years

Hotel Pennsylvania,
July 19, 2011-July 19, 2014

Three years ago yesterday, I sat in the Jeffrey S. Gould Welcome Center as a representative of New York University talked to about 100 prospective students about what NYU was like.

Zero years ago yesterday, I sat in the Hotel Pennsylvania in Midtown as Thomas Drake and his lawyer spoke about how privacy is a fundamental human right. Later, I spoke briefly about the work I was doing on-campus raising awareness of students’ digital rights. Last night, I met some of my best friends in the East Village for dinner. As we all sat together, I turned to one and told him about the job I had gotten with NYU’s LGBTQ center as a student educator, organizing panels and workshops. He nodded once, saying nothing as he fist-bumped me. Knowing how much he’s advocated for LGBTQ rights over the last two decades, it was an intensely gratifying moment

As I walked around Washington Square Park in the oppressive heat of July 2011, I was struck by the realization that, without even beginning to bring grades into the equation, I would be incredibly lucky to go here. Now that I’ve finished first year, I like to think that I used the opportunities given to me, both inside and outside the lecture hall. If you had approached the too-hot-but-too-excited-at-NYU-to-be-miserable ginger around the park that July in 2011 and told him that, in three years time, he’d be an activist representing NYU’s LGBT community and teaching people about why their rights ought to follow them online, I would’ve thought you were crazy.

#HOPEX Talk

Here’s the text of the 5-minute lightning talk I gave at the Hackers on Planet Earth conference in New York City this weekend. Video to come.

When April Glaser, a staff activist at the Electronic Frontier Foundation, threw down the gauntlet and charged me and two other NYU students to write a letter raising awareness of mass surveillance on college campuses, I was a little apprehensive.

Was a letter really going to change things? Would anyone actually care? All I knew about the EFF was from their site — they were a digital rights group that fought so that your rights followed you online. Well, that seemed great, and the project seemed more interesting than, y’know,
actually studying for finals.

And so I registered the domain Students Against Surveillance dot com two days later and we set about writing the letter. We only had two rules as we revised it, line by line:

One, was this something we could imagine someone with a tinfoil hat saying? If it was, we cut or rewrote the line. We had to appeal to people on the fence. (It’s interesting to note that after Snowden and Wikileaks, we really had to revise what sounded tinfoil-hat-ish to us. Before now, if you told me of a plan where the world’s remaining superpower tried to collect biometric data on foreign diplomats, I’d say that that sounded like a great James Bond plot, and you should definitely pitch the screenplay to MGM.)

Two, was this something students would care about? We needed this letter to be a call to action.

Using my HTML 101 skills and my unparalleled skill at yelling at computers at 3am when they didn’t work right, I designed and launched the site. The first month we were up, about 600 students and faculty-members signed their name. I had some friends at other universities who took an interest in this, my latest hair-brained scheme, and wanted to sign the letter. I charged them with writing a letter petitioning /their/ universities. Soon, we had 18 university letters up and running, including Stanford and UC Berkeley. Around the same time, NYU officially responded to our own letter, affirming their support of open communication.

As introductions to college rabble-rousing go, this was a pretty good one. On the back of the awareness the letter raised, I’m planning a slew of events next year — a crypto party, a digital rights expo, and getting an ACLU lawyer in to talk to us.

From a technical standpoint, I’m most interested in talking to journalism students right now. Most of the ones I’ve talked to don’t seem to realize yet that their job of keeping sources anonymous has gotten exponentially harder in the last 10 years.

Most people think that millennials are apathetic and selfish, but in 2012, 75% of us were active members of a non-profit. We’re the lawyers of tomorrow, but we’re also the Jake Applebaums. We combat mass surveillance with the laws of physics and the laws of man. I’m just trying to start the conversation. Thank you.

Tommy Collison is an activist and writer. He studies at New York University and tweets as @tommycollison.