September 2011

4 5678910

Style Credit

Expand Cut Tags

No cut tags
hasimir: (Default)
Monday, September 5th, 2011 02:38 pm

Last week the complete unredacted diplomatic cables obtained by WikiLeaks last year were revealed to the world following a series of events involving WikiLeaks, the Guardian and possibly others. There has been much finger pointing regarding who is to ultimately blame for this, which is essentially pointless. The deed is done and the information is out. A couple of days later WikiLeaks, under the direction of Julian Assange, elected to update their Cablegate site with the unredacted data and provide a full mirror archive [torrent] and PostgreSQL database copy [torrent].

Already there are interesting revelations being brought to international attention by the latest data releases. There are also very valid concerns regarding the safety of intelligence sources, victims of crime and political dissidents who are identified in the cables. Amongst these have been the revelation that one or more cables identify current Australian intelligence officers, as reported in The Age and The Sydney Morning Herald.

Last Friday a statement [PDF] was made by Robert McClelland, the Australian Attorney-General, regarding this fact and confirming that the Australian Security Intelligence Organisation (ASIO), along with other agencies, were reviewing the material. Mr. McLelland reiterated that Section 92 of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) makes it a crime to “publish or cause to be published in a newspaper or other publication, or by radio broadcast or television, or otherwise make public, any matter stating, or from which it could reasonably be inferred, that a person having a particular name or otherwise identified, or a person residing at a particular address, is an officer (not including the Director-General), employee or agent of the Organisation or is in any way connected with such an officer, employee or agent or, subject to subsection (1B), is a former officer (not including a former Director-General), employee or agent of the Organisation or is in any way connected with such a former officer, employee or agent.” That second part is obviously aimed at protecting the families of ASIO employees, while subsection 1B deals with exceptions where former officers have consented to their previous employment being made public.

This has led to speculation that Julian Assange could face prosecution under Section 92 of the ASIO Act. There may be the possibility of additional charges relating to officers of other Australian agencies, such as the Office of National Assessments (ONA) or the Australian Secret Intelligence Service (ASIS). In adition to the cable referred to by The Age and The Sydney Morning Herald there is at least one cable which lists the names of a number of senior ONA analysts and there may be more buried amongst the quarter of a million cables.

One of the problems facing any Australian prosecution in this matter will be whether or not charges can be laid based on the sequence of events. The initial revelations of the complete data came from a GPG encrypted file which had been available online via BitTorrent for several months and which was decrypted using a passphrase published by the Guardian. Each on its own could not reveal the information, they had to be used together to obtain the data. If charges were to be laid related to that, who would be charged? Julian Assange for creating the encrypted file? Another WikiLeaks staffer for putting it on BitTorrent? David Leigh and Luke Harding at the Guardian for publishing the decryption passphrase in WikiLeaks: Inside Jullian Assange’s War on Secrecy? John Young at Cryptome for providing the decrypted CSV file? Raymond Hill at Cablegate Search for using that data in his online database? Others?

That’s just dealing with the initial release of the data. The next question is whether or not Julian Assange or others involved with WikiLeaks can be charged for effectively republishing the data after it has already been decrypted by others? No doubt this is something which Australian Commonwealth prosecuters will consider following the reviews of the diplomatic cables being conducted by ASIO and others.

On Sunday the Attorney-General followed the national security theme with a statement [PDF] announcing a new national security awareness campaign promoting the National Security Hotline (NSH). The NSH was introduced in 2002 by the Howard Government and the initial advertising campaign in 2003 featured much derided fridge magnets for every household.

What is unclear about the latest NSH advertising campaign is whether it was already planned, whether or not it is in response to or accelerated due to the release of the unredacted cables or whether it is part of a push to turn public opinion against WikiLeaks. When the cables were being dribbled out with effort taken to redact information that could identify people at risk of violence or retaliation it was difficult for many people to take the government’s objection too seriously. The complete release last week changes that scenario completely and the publication has been condemned by the traditional media organisations, which had previously worked with WikiLeaks to redact and publish the cables. It is possible that the Attorney-General’s department views an elevation of national security in the public consciousness will make it easier for people to draw the conclusion that the cable publication and, by extension, WikiLeaks is to be condemned.

Regardless of one’s opinions of Julian Assange and WikiLeaks, either for or against, the fact is that the facility to provide a platform for the global release of sensitive material has been a major change for both national and international politics. It has shifted the concentration of power in ways which governments are not used to. They are beginning to learn a similar lesson to that of the media: that the people formerly known as the audience are able to actively engage to a greater extent than previously possible. Not only are people able to do this, but they actually do it.

As I type this there are people around the globe pouring through the released cables looking for interesting information. Some of the results are published by traditional media outlets, some are blogged about and some are included in the running commentary on Twitter or other social media networks. Most people refer to the latter as crowd-sourcing, but governments and intelligence agencies refer to it as open source intelligence. It is another example of ordinary citizens being able to level a playing field which has previously been restricted to governments, intelligence agencies, law enforcement and corporations with the budgets necessary to obtain and mine vast amounts of data. This shift is, unsurprisingly, of real concern to those organisations which have traditionally maintained a monopoly on information.

As a consequence, moves by governments around the world to attempt to limit or discourage this power shift are to be expected. Where that coincides with existing national security legislation, such as that protecting intelligence officers here in Australia, a link is able to be drawn between the power shift and a subtext of potential sedition. It’s not quite accusing anyone engaged in any aspect of the shift in power and sharing (versus control) of information of treason, but it is a manner of presenting opposition to people doing so as in the interests of national security. It is a subtle and dangerous approach to the changing nature of politics and intelligence, which could backfire. Yet it is one which will be pursued by any government seeking to maintain a concentration of power; that being, all of them.

It also won’t work, not completely, that genie is well and truly out of the bottle. The governments, intelligence agencies, law enforcement and corporations already know this; their game is now to limit anything which they see as potentially damaging. The extent of their success or failure in this will only become apparent over time; not just in relation to the various releases from WikiLeaks, but also information which will be released by other sources and organisations in the future.

There are new players in the Great Game of international politics, players who were previously viewed almost entirely as pawns. It will be very interesting to see how it plays out as the power and the rules shift.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
Sunday, April 3rd, 2011 04:09 am

I have started experimenting with BitCoin, which is a relatively new form of digital currency. It’s an interesting idea and design which cuts out all the usual middlemen in online payments through a peer-to-peer network, though the price of that is being unable to obtain a refund of a transaction (e.g. a chargeback).

It does, however, provide a method of performing transactions which are simultaneously transparent and anonymous. Users create BitCoin addresses, which are a hash of relevant data (and appear like this: 19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5). A user can create as many such addresses as they wish, even to the extent of creating a new address for each transaction. So even though an address and associated transactions can be viewed by anyone it is still very difficult to determine the parties involved, if not impossible.

So what’s the point? Well, aside from the currency being unable to be manipulated by the normal state based actors (e.g. the Reserve Bank of Australia or the US Federal Reserve), there are a small, but growing number of people and sites accepting BitCoin payments. There is also currency trading between BitCoin and state currencies, as well as sites like CoinCard which enables purchasing BitCoins through PayPal or converting BitCoins to PayPal funds.

This means that it provides a very real method of exchanging money with no real state based scrutiny. This would certainly appeal to people who may wish to disguise what a certain transaction actually involved or who the parties involved were. While many people may assume that only certain illegal transactions (e.g. drugs and arms trafficking) would benefit from this, there are actually plenty of others. One obvious example of often legal, but potentially embarassing, transactions is the sex industry. Really, though, any transaction in which one or both of the parties involved wants a degree of privacy can benefit from BitCoin.

Some governments might raise the spectre of tax evasion via BitCoin, but that is easily countered. When converting BitCoin currency to one’s local currency and bank account, it becomes income which would be declared like any other and the tax paid on that income. Even without converting the BitCoin currency to the local currency of a recipient it would still be possible using the BitCoin currency markets to calculate the tax owed on any given transaction. Other alternative currencies, like Barter Card, have already found methods of addressing tax related issues and they are not insurmountable.

Given the level of distrust with a number of currencies, particularly following the global financial crisis, BitCoin has the potential to gain more than just a handful of computer geek users. Especially since the software is simple to use and available for Windows, Mac and Linux. The source code is also available to guarantee transparency of the entire system.

I have, of course, installed it and obtained a tiny amount of BitCoin currency using the BitCoin Faucet to see just how easy it is to use. The answer is that it is very easy to use. The example BitCoin address I included in this post (19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5) is an active one I generated using the software. It did not take very long to generate and could be used by anyone to send BitCoin donations or payments to me, not that I really expect that to happen. That, however, is all it takes: providing an address hash to another party to send a payment through.

As with any other online payment method, BitCoin can be configured to accept payments via a web server. Alternatively the free MyBitCoin service can be used to accept online payments through BitCoin on a commerce site quickly and easily. The advantage there is not having to worry about maintaining one’s own BitCoin payment code to integrate with an existing shopping card. The disadvantage is that the BitCoin wallet is stored on the MyBitCoin servers instead of one’s own system, although this disadvantage can be minimised by automatically forwarding payments to a local BitCoin address.

All things considered, I think this particular implementation of a virtual currency has great potential, depending on the degree to which it is adopted.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
Saturday, January 29th, 2011 12:23 pm

By now most people will have heard or read about the civil unrest in Egypt and the Egyptian government’s response of shutting down communications networks, including all Internet connectivity. This is, of course, one of the most complete forms of electronic censorship available to a totalitarian state.

Already there are people attempting to solve the technical aspects of routing around this kind of denial of service attack. In particular the OpenMesh project that has been reported on TechCrunch.

Personally I think that any solution in this area will have to involve a return to a real peer-to-peer networking model, rather than the client-server networking model that is so prevalent these days. I suspect that wireless networks will be the transmission path of choice for most such networks, at least as far as maintaining communications within a region affected by a government orchestrated black-out.

I am clearly not the only one who thinks this and fortunately a great deal of work has already been done on this by wireless community groups, like The biggest implementation of such a network, of course, is the One Laptop Per Child program’s wireless mesh network.

The tricky part is getting connectivity out of such a censored region without having to rely on telecommunications carriers or government controlled networks. The level of difficulty in resolving this aspect will almost certainly depend on the physical distance between the censored region and the nearest location able to provide Internet connectivity. Some more obvious and long used methods would have to include satellite and radio transmissions, but a tolerance for data or packet loss would be beneficial.

I do not know whether a wireless mesh network or even some other solution could be deployed in Egypt before the current crisis is resolved, but I do think that making sure the information to rapidly deploy one in the future is essential for defending human rights.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
Friday, January 28th, 2011 06:13 am

Five people have been arrested in England for their roles in the distributed denial of service (DDoS) attacks performed by the group calling itself Anonymous, claiming to be defending WikiLeaks and retaliating over the arrest of Julian Assange.

Initially this group formed to protest the activities of the Church of Scientology, both online and offline. They opposed the authoritarian protocols and abuses of Scientology. Seeing some success there, they have moved on to opposing what they view as tyrannical censorship in other realms. In 2009 the target of their ire was the Australian Federal Government over the proposal to introduce mandatory Internet censorship in Australia.

So where is the problem? The problem lies in the hypocrisy of their tactics. A DDoS is nothing if not a tool of censorship, it prevents the free flow of information. The simple fact is that Anonymous are pathetically trying to enforce their own authority on everyone else and are doing so by using the same tactics as those they profess to oppose.

When Anonymous launched a DDoS against Australian Government servers in September of 2009, they did not prevent the Parliament from continuing to work on legislation and policy, including continued work on the censorship proposal. They did, however, risk associating their childish tactics with the work of others seeking to oppose that censorship in a more reasonable and open manner. They also prevented some people seeking information about the censorship proposal in order to rebut it. I know this because I was one of the campaigners whose research efforts were hampered by those attacks. Fortunately enough anti-censorship campaigners, particularly from the EFA, condemned the attacks quickly enough that Senator Conroy was unable to use the attacks as ammunition against the campaign against censorship. Still, there was a risk that that could have happened.

Now Anonymous have turned their attention to acting in the name of WikiLeaks and launching similar attacks against any organisation which has opposed, harmed or withdrawn support (usually of a commercial nature) from WikiLeaks or Julian Assange. They have even gone so far as to say that “Julian Assange deifies everything we hold dear.” In their eyes Assange can never, under any circumstances do or be wrong and that this is their holy crusade. Now what could possibly go wrong there?

Unsurprisingly their targets in this crusade have chosen to fight back. When commercial juggernauts like Mastercard and Visa are attacked they will retaliate with the full force of the law and indeed they have. This is not something which Anonymous have seen before and as they have not really lived up to their name, their attacks being launched by an application run on the PCs of participants, rather than using remotely controlled botnets, they have been caught. Anonymous are not nearly as clever and as powerful as they have deluded themselves into believing and now their members are beginning to pay the price for this. They have been behaving like children throwing a tantrum in an adult world and now they are going to be spanked.

Meanwhile those of us who promote and work for civil liberties around the globe in a way which does not impinge upon the freedom of our opponents will continue as we have always done. We will not miss the distractions of brats like Anonymous. Except, of course, that they’re not just going to go away after a handful of arrests. No doubt the arrests will scare some of them off, but others will want to fight back more. They will view these arrests as tyrannical oppression, rather than seeing it as an obvious consequence of attempting their own censorship regime.

Now, I suppose, it is my turn to find out whether Anonymous are willing to accept criticism online or whether I will find my own server crippled by retaliation for writing this. Well, I believe we should all be free to express our opinions so I hope that will be reciprocated and that any criticism comes in the form of comments rather than a denial of service attack.

Originally published at Organised Adversary. Please leave any comments there.