Talks at linux.conf.au often cover a wider range of topics than those held
at many other Linux-related events, and LCA 2012 was no exception. The
final keynote at this conference was from Jacob Appelbaum, a lead developer
no-holds-barred session took an uncompromising look at surveillance and
censorship and the people behind them. It was a strong call for action -
and for more free software -
from a courageous man who clearly lives by the words written on his
T-shirt: "be the trouble you want to see in the world."
We live, Jacob said, in a surveillance society. We don't really live in
independent states anymore; instead, we live in different surveillance
cones on a surveillance planet. Increasingly, the world resembles the Panopticon, a prison
designed in 1786. Anybody who thinks otherwise need only look at, for
example, the widespread warrantless wiretapping of US citizens with AT&T's
help under (at least) the Bush administration. We are, indeed, being
There are a number of coping strategies that we all adopt in the face of
this kind of surveillance, starting with the specious claim that "I have
nothing to hide." The fact that the attendees decided to put clothes on
before going to the conference that morning (a decision your editor, at least,
much appreciates) demonstrates otherwise. Or we say that yes, people are
watching, but bad things will never happen to us personally. Which is a
fine position until something does happen.
The problem with this kind of surveillance structure, according to Jacob,
is that "it attracts assholes." Once this machinery is put into place, it
will be put to bad uses regardless of its original intent. For example,
the "Echelon" spy network was put into place as part of the cold war, but
it was also alleged to be used to, for example, funnel information to
Boeing to be used to win aircraft orders.
Many (or most) countries allow for "lawful" interception of some
communications by governments without a warrant. Traffic data for phone
calls or text messaging, for example, falls under this umbrella. It's said
not to be "content" that requires a warrant to access, but it still tells a
story about a person and will be abused by governments. We need to make it
harder for governments to get at this data.
But it gets worse. The switches at the core of the phone system and the
Internet all have governmental backdoors built into them. Sometimes those
backdoors are more widely used than intended; Jacob recommended reading The
Athens Affair, an IEEE article about the use of surveillance backdoors
to spy on the Greek government (and many others). These backdoors are an
attractive target, to the point that the operators of these systems should
think hard about what their lives are worth; the man in charge of planning
the Greek Vodafone-Panafon network died suspiciously as the compromise of
that network was discovered.
Jacob played a video advertisement for the "FinFly" device, meant to be
installed in an Internet provider's equipment rack. The FinFly is a highly capable
man-in-the-middle attack device, able to pick out traffic associated with
specific targets, record it, and even install malware on the target's
systems. This device, sadly, is built on top of the Backtrack-Linux distribution.
Among its customers was the former government of Egypt, which used it
against pro-democracy activists there. Jacob does not want to live in a
world where governments can do things like that.
FinFly is just the beginning; there is a whole range of products designed to meet the needs
of the surveillance state. Quite a bit of information about this
particular area of commerce can be found in the Spyfiles release from
WikiLeaks. There is a lot of money to be made in surveillance equipment,
but the companies involved should be held culpable for the uses to which that
equipment is put.
Pervasive surveillance allows the government to put together a picture
about almost anybody. That picture is based on facts, but may still not be
true. But it is useful for the purposes of control, enforcement of power
structures, and harassment. Jacob knows that latter aspect well, having
been detained several times, threatened with jail, and subjected to
seizures of his electronic equipment.
Along with surveillance goes censorship - the determination by people in
power that there are things they do not want others to know. Practices
like Internet filtering are designed to promote ignorance and
retain power. It's done in lot of different ways. There is the famous
great firewall of China, which, he said, is more of a spider web catching
those who try to stray beyond the boundaries. In the US, censorship is
accomplished through "legal threats and illegal tactics." In Lebanon, the
national firewall uses a version of squid - a good thing, Jacob said, since
they haven't gotten around to patching it for a long time. In Syria,
off-the-shelf products are used. And so on.
Not all censorship is equal, and it is often easy to bypass. But
censorship, combined with surveillance, often leads to self-censorship.
The net was not built to make us fear our own state, but that is what is
happening. When a company like Google is frightened by a law like SOPA, we
should all be scared; Richard Stallman's The Right to
Read was not meant to be a manual.
History has shown us over and over again that people with power
will turn into thugs. The Stanford
prison experiment also demonstrated that quite clearly. With so much
experience in this area, why is it that we keep repeating the experiment?
The good news, according to Jacob, is that we have the power to change
things. And, in particular, we can challenge surveillance and censorship
with anonymity. The American revolution was fueled by anonymous pamphlets
that could be circulated without their authors ending up in prison. We
need the ability to distribute anonymous pamphlets in this century as well.
So what can we do? We need to reframe the issues so that freedom and
openness come first. We need to observe - and report on - surveillance
and censorship on the net. We should write more free software and get more
people to use it, and everybody writing software should be thinking about
their users' freedom and security. Free software needs to be free as in
freedom, though; "open source for business" is not the same thing.
He looks forward to the day when the
only binary blob running on his system is the government rootkit.
Tor is one piece of the puzzle, certainly, but there are others. Jacob
which allows encrypted text messaging between Android phones, as an
important piece of freedom-related technology. He also called out FreedomBox, the GNOME project, the Ada Initiative (what does freedom mean,
he asked, if half of our population is oppressed?), and the Electronic Frontier Foundation.
In the end, he said, it comes down to freedom for everybody - no
exceptions. But that is not how the surveillance state works. Securing
that freedom will require a dedication to open standards, open designs,
free software, free hardware, and decentralization. We can, he said, push
back the surveillance state and create for ourselves an accountable
government and freedom for all.
[Your editor would like to thank the LCA 2012 organizers for assisting with
his travel to the event.]
to post comments)