The article discusses “Big Data”, which refers to “the endless digital grains of sand we produce as we move, think and act” on the Web. Professor Deibert argues that a massive cyber industrial complex has emerged around the commercial exploitation of large volumes of information about each and every one of us. He maintains that civil society, including NGOs like Privacy International, plays a critical role in “maintaining a vigilant watch on the cyber security industrial complex” in order to preserve human rights and democracy.

Click here to read the full article.

Since the publication of that report, there have been several new developments which provide further evidence that Blue Coat technologies are in use in the Burma. These new findings are documented in a new Citizen Lab blog post, Behind Blue Coat: An Update from Burma.

In recent weeks, users of Burmese ISP Yatanarpon Teleport have been presented with a network status message in their web browser which refers to Blue Coat systems. This message is consistent with the manner in which Blue Coat devices present notification messages to users. These findings contribute further evidence that Blue Coat devices are actively in use in Burma.

The Citizen Lab continues to call on Blue Coat to investigate these claims and take action to prevent the further use of its technology in Syria and Burma.

Click here to read the full update.

Behind Blue Coat: Investigations of commercial filtering in Syria and Burma documents Citizen Lab research into the use of Blue Coat technology in countries under the rule of authoritarian regimes. This research identifies additional devices in use in Syria and describes attempts to obfuscate the use of these devices.

The report also documents the use of Blue Coat devices in Burma. Evidence indicates that these devices are actively in use in Burma and are being used to filter Internet content and facilitate surveillance. Given that Burma, like Syria, is also under strict U.S. trade sanction, the use of technology developed by a U.S. firm to restrict free expression and facilitate surveillance is troubling.

The Citizen Lab calls on Blue Coat to investigate these claims and take action to prevent the further use of its technology in Syria and Burma.

Do #occupywallstreet and its siblings across the globe represent a new type of social mobilization? What is the role of social media in the organization, unfolding, and diffusion of the protests? Here I argue that, as a result of the diffusion of social media, we have now entered the age of cloud protesting, where individuals and networked collective action have taken central stage.

In computing, “cloud” indicates the delivery of services such as storage space and software over a network, typically the Internet. Services can be customized with overall reduction of costs for the end user. Everything, from databases to personal document folders, is online, and organizations can reach their resources stored remotely through a web interface.

What has the cloud to do with protesting? Contemporary protest is best described as a cloud where a set of ingredients enabling mobilization coexist: identities, narratives, frames and meanings, know-how, and other “soft” resources. They are fundamentally different from the “old” pre-packaged ideals and beliefs soaked in ideology, because they can be customized by and for individuals. Resources are in the cloud to be shared in a ‘pick and choose’ fashion, allowing each individual to tailor his or her participation. Anyone can join anytime; one can bring along his or her identity, cultural and political background, grievances and claims, and even groups of friends. Anyone fits in the broad narrative of the cloud, anyone can contribute. Identities, resources, narratives are negotiated on and offline, but they mostly “live” online. They are mediated by the web interface offered by commercial social media.

How have organizational patterns changed: From organizations to informal groups to individuals

Focusing our attention on organizational patterns, we can identify three phases in Western social mobilization after WWII. During the mass protests in the 1960s, people took the streets under the aegis of students groups, anti-war organizations, identity-based or church groups – all of them characterized by a strong sense of belonging and clear-cut membership. The so-called social movement organizations steered the crowds, and monopolized the symbolic production of the movement(s), managing resources like funding and championing a joint narrative. They were the voice and the entrepreneurs of social movements, providing a collective identity and leadership. They also served as access points for journalists and news media. In short, formal groupings had organizational control over the movement.

In the second half of the 1990s new organizational patterns emerged, spurred by the diffusion of the Internet, which became the backbone and metaphor of new ways of organizing. Informal groups and networks characterized by multiple and flexible identities, temporary nodes and horizontal leadership, staged noisy protests and disruptive actions against global summits and multilateral institutions. Easily mobilized and connected across borders through the Internet, the movement(s) became transnational. What was new was the informal character of most of the actions, still however anchored to (informal) groups and collectives. The cultural and normative production of the movement(s), a crucial step towards norm change, which all movements seek, was no longer monopolized by resource-rich large-scale organizations, but the different nodes would voice their claims and build their narratives in a number of scattered websites and online self-organized platforms, bypassing mainstream media.

Partially inspired by the recent uprisings in the Middle East and North Africa, protesters are now back to the streets. They protest against financial inequality; express disaffection towards institutions of all kinds; reclaim recognition and participation. But organizational patterns have changed again. Activists seem to reject pre-packaged non-negotiable identities and organizations. Movement networks are no longer the exclusive terrain of membership-based organizations or loosely organized groups, but many of the nodes are individuals. The cloud reduces the costs of mobilization by offering resources that can be accessed and enjoyed independently by individual activists: solidarity networks, a relaxed affiliation working on an individual basis, the option to reclaim and reinvent a collective space (both virtual and real), an occasion for self-expression, and the possibility to customize one’s own participation and narrative. The cloud is also the platform where the cultural and symbolic production of the movement takes place. There is no need for (and no means of) organizational control over the collective narrative of the protest, as the cloud ‘votes’ and collectively determines what fits and what does not. The cloud is the group: it provides a (perhaps loose) sense of belonging but less responsibility – in short, the cloud has no strings attached.

Why this wouldn’t be possible without social media

Social technologies and platforms are at the core of cloud protesting.

First, social media enables speed in protest organization and diffusion: rallies and sit-ins are called for and organized through Twitter and Facebook, and using smartphones. They unfold on these same platforms as much as they take place in real life. This allows for high-impact disruptive actions that look rather improvised and that can easily make the news. (Yet, this is nothing new – already back in the 1990s scholars observed how the Internet had accelerated the pace at which people organized and protested.)

Second, the cloud is grounded on everyday technology that any of the digital natives, and many of the newbies to social technologies, have right in their pockets. And, as in cloud computing, the user is not expected to have any knowledge of the system, as the friendly interface makes it easy for everyone to participate. It fits resource-poor activists, who would otherwise lack the resources to organize a grand protest.

Third, the cloud has the power to deeply influence not only the nature of the protest, but also the tactics adopted by activists (up to now, mostly peaceful if noisy sit-ins). Essentially, so far the #occupy protests have been about “being there” and making it visible over the Internet. In a sort of late techno-determinist fashion, the visibility offered by social media (and the current fascination of news media for such platforms and their social implications) has enabled the protest to maintain a low profile, and yet be under the mainstream media spotlight.

The fourth and main contribution of social media to the protest is to be found is their ability to enable the creation of a customizable narrative and a tailored collective identity that virtually fit all. Social media allow activists to shape in first person the meanings attached to collective action. This is made possible by two socio-techno-mediatic dynamics at play in contemporary mobilizations: firstly, through social media, protesters actively participate in building a collective identity (in other words, the ‘us’ of the protests). By taking part in the protests and making it visible via, for example, Twitter, each individual becomes the hero of the story. Each participant defines herself, and by extension the mobilization, by means of posts, tweets, links, pictures, short videos. She selects other similar material posted on the web by fellow co-protesters and passes it on (e.g., re-tweets) what she believes is exciting, interesting, appropriate to the collective representation of “who we are”. In addition, anyone can easily identify with the network of individuals engaged in the protests as the collective identity is built on minimum common denominators and ephemeral 140-character slogans rather than ideological strongholds. Secondly, social media give voice and visibility to personalized yet universal narratives, whereby everyone participates in building the collective plot. This hashtag-style collective narrative (a tag is a keyword assigned to a piece of information to make sense of it by assigning it to categories) is flexible, real-time, and crowd-controlled. It connects individual stories into a broader context that gives them meaning. This is not very different from the role played by “real-life” groups in relation to individual participation in a movement. In turn, it scores very low in organizational control – thus, the cloud leaves little room for “classical” social movement organizations.

To conclude, the #occupy protests do represent a new type of social mobilization which has brought individuals (and their individualized media) to the forefront of dissent. These protests might even represent the nucleus of an embryonic new social movement wave. It is worth observing how they will develop in the near future to trace if and how the specific socio-technological configuration of the protest, the cloud, influences the mobilization outcomes and the future tactical choices of activists.

It is also worth observing the evolution of the perception of risks and benefits associated with social media platforms. Cloud protesting is an indication of a (relatively) new awareness for the role of digital and mobile technology not only as a tool for networking and organizing, but as backbone of the cultural and normative production of the movement. Unfortunately, protesters seem to be disconnected from earlier generations of computer-savvy activists who would be wary of relying on commercial platforms such as Twitter, Facebook, and Google Groups. There seems to be still little awareness of the risks in terms of cybersurveillance and repression of dissent these technologies and platforms expose activists to, and many people seem to ignore that social media can also become a tool of social control.

The report, entitled Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet reports on a series of real-world tests to deliver access to BBC websites into Iran and China, where they are regularly blocked by authorities. The research combines data from three major sources: two years’ worth of traffic data from the BBC’s web content services, in-field testing of Iranian and Chinese Internet censorship undertaken by the OpenNet Initiative (ONI), and service delivery of Psiphon Inc, a Canadian “circumvention” service that delivers uncensored connections to the web for citizens living behind national firewalls.

Casting a Wider Net sheds a bright spotlight on what is typically a shadow game: the race among government censors to block content, and those determined to sidestep those efforts. China and Iran are among the world’s most pervasive filters of Internet content, and present a special challenge to global media broadcasters who are often targeted by governments for blocking. BBC’s Mandarin and Farsi services are normally subject to intense blocking efforts by both countries.

The full report can be downloaded freely online at http://uoft.me/casting.

To read the New York Times article on the report, click here.

The report examines how companies have struggled to balance ethical and economic interests in their bid to capture the world’s largest market of internet users. It provides an overview of the “Great Firewall” of China, the past participation of five US technology giants (Google, Yahoo!, Microsoft, Skype, and Cisco) in China’s censorship regime, and the legal and ethical obligations and commitments that are violated by censoring online content.

Read the report online here.

The tally of digital certificates stolen from a Dutch company in July has exploded to more than 500, including ones for intelligence services like the CIA, the U.K.’s MI6 and Israel’s Mossad, a Mozilla developer said Sunday.

The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531, said Gervase Markham, a Mozilla developer who is part of the team that has been working to modify Firefox to blocks all sites signed with the purloined certificates.

Among the affected domains, said Markham, are those for the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft’s Windows Update service.

For the full article, see here.

These 175 phishing messages were received over the course of 18 months by one recipient, who also happens to be a former Taiwan government official and an expert on China. The recent exploits used are mostly CVE-2010-3333 and CVE-2011-0611 and CVE-2010-2883 but you will find a good variety, as well as a lot of RAR files with RTLO and exe. The senders and the recipient are in Asia so these document give you a good idea about the phishing landscape there (in many ways it is similar to what you see in USA, for understandable reasons).

There might be a few documents that are not malicious, esp. image files.

The first folder inside zip contains files named as DATERECEIVED_NAME.EXT and the second has the same files named DATERECEIVED_SENDERADDR_SUBJECT_NAME.EXT.

For the full article, see here.

Agents of the East German Stasi could only have dreamed of the sophisticated electronic equipment that powered Col. Muammar el-Qaddafi’s extensive spying apparatus, which the Libyan transitional government uncovered earlier this week. The monitoring of text messages, e-mails and online chats — no communications seemed beyond the reach of the eccentric colonel.

What is even more surprising is where Colonel Qaddafi got his spying gear: software and technology companies from France, South Africa and other countries. Narus, an American company owned by Boeing, met with Colonel Qaddafi’s people just as the protests were getting under way, but shied away from striking a deal. As Narus had previously supplied similar technology to Egypt and Saudi Arabia, it was probably a matter of public relations, not business ethics.

For the full article, see here.

¶40. (U) Worldwide – Has “GhostNet” been seen within the USG?

¶41. (S//REL TO USA, FVEY) Key highlights:
o Canadian researchers recently identified a “cyber-espionage” network.
o Domain names identified in the IWM report have been identified during previous BH activity.
o Tenuous connections were made between the reported hostile domains and the PLA First TRB.
o The Gh0st RAT tool used in Tibetan attacks has also been detected in incidents involving a DoS LES in Japan.

¶42. (U) Source paragraph: “A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. … The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.”

For the full cable, see here.