Since the publication of that report, there have been several new developments which provide further evidence that Blue Coat technologies are in use in the Burma. These new findings are documented in a new Citizen Lab blog post, Behind Blue Coat: An Update from Burma.

In recent weeks, users of Burmese ISP Yatanarpon Teleport have been presented with a network status message in their web browser which refers to Blue Coat systems. This message is consistent with the manner in which Blue Coat devices present notification messages to users. These findings contribute further evidence that Blue Coat devices are actively in use in Burma.

The Citizen Lab continues to call on Blue Coat to investigate these claims and take action to prevent the further use of its technology in Syria and Burma.

Click here to read the full update.

Behind Blue Coat: Investigations of commercial filtering in Syria and Burma documents Citizen Lab research into the use of Blue Coat technology in countries under the rule of authoritarian regimes. This research identifies additional devices in use in Syria and describes attempts to obfuscate the use of these devices.

The report also documents the use of Blue Coat devices in Burma. Evidence indicates that these devices are actively in use in Burma and are being used to filter Internet content and facilitate surveillance. Given that Burma, like Syria, is also under strict U.S. trade sanction, the use of technology developed by a U.S. firm to restrict free expression and facilitate surveillance is troubling.

The Citizen Lab calls on Blue Coat to investigate these claims and take action to prevent the further use of its technology in Syria and Burma.

(CNN) — It seemed so easy for Egypt. Just order a shutdown of the country’s internet connections and — bam — it happens.

But is such an authoritarian action transferable? Could the U.S. government shut down American internet connections? And is it possible for the global internet to be toppled?

Technically, yes, internet experts said Wednesday, shortly after Egypt’s government restored internet connections there as violent political protests continued. But it’s highly unlikely.

“Could you break the internet? Yeah. Can you shut it down? No. Shutting down the entire internet would be pretty much impossible at this point,” said Jim Cowie, co-founder of Renesys, an worldwide internet tracker.

Cowie spoke of the internet as if it were a giant, adaptable worm.

“The funny thing about the internet is even if you break it in half, the two halves will function as [separate] internets,” he said.

How Egypt shut down the internet

Understanding what happened in Egypt helps frame the discussion about what could happen to the internet in the United States or around the globe.

According to internet traffic monitors and experts, Egypt’s government likely called the country’s five main internet service providers — like on the phone — late last week and ordered them to barricade online traffic.
That’s sort of like calling all of the post offices in the country and telling them to throw the mail away instead of delivering it, said Robert Faris, research director at Harvard’s Berkman Center for Internet & Society.
Google connects Egyptians to Twitter Egyptians cut off from internet

But instead of shredding paper mail, the Egyptian internet providers altered their Border Gateway Protocols, the software that routes online information.

“There’s not an on-off switch,” Faris said. “What it is, it’s a list of IP addresses that route information between nodes on the internet. And what they did (in Egypt) is they changed all the software and the list in there to something called null routing. So all the traffic going in and out was essentially thrown away.”

Faris called these measures extreme. They have been carried out in only two other instances, he said: In Myanmar during 2007 protests; and in Nepal in 2005, when the king seized power.

Iran and China filter the internet instead of blocking it, he said.

Could the United States do the same?

Technically, the United States could do the same thing Egypt did to block internet access, Faris said.
The government would have to call four or five top internet providers and order them to disrupt Border Gateway Protocols in a way that shut down the majority of American internet traffic, he said. Others said the government would have to deal with the country’s thousands of internet providers in order to fully clamp down on internet access, which would be logistically difficult.

But that’s unlikely to happen here, experts said.

For one thing, the internet in the U.S. is bigger. There are more companies involved, more data at play and more locations where the internet comes in and out of the country.

Moreover, U.S. law would prevent such an authoritarian shutdown.

“The internet is a network of networks,” said Andrew Blum, a correspondent for CNN content partner Wired magazine and author of an upcoming book on internet infrastructure, “and they’re all commercially operated.
“They’re all businesses. Their autonomy is sort of their bread and butter. And they’re mostly unregulated. So the idea of having to comply fully with any government order to shut them off is pretty extreme. It’s as if there were a government order to close every McDonald’s — all at once.”

A country’s legal framework, not its technical infrastructure, determines whether it is able to shut down its citizens’ access to the internet, said Cowie.

“It really comes down to the fact that somebody has to have the legal authority to go to a company that runs a large part of the internet in the United States and say, ‘Turn off your connection to the outside world.’ ”

However, as CNET reports, three U.S. senators have submitted legislation to give the president emergency powers over the internet in the event of a cyberattack or other disaster scenario.

On Wednesday, the bill’s authors tried to distance themselves from what’s happened in Egypt, issuing a statement:

“Our bill already contains protections to prevent the president from denying Americans access to the Internet — even as it provides ample authority to ensure that those most critical services that rely on the Internet are protected.”

What about elsewhere?

Shutting down the global internet would be more of a trick, requiring a level of global coordination that would be extremely unlikely if not impossible, the experts said.

“If you really wanted to turn off the global internet, you’d have to seek out people on every continent and every country,” said Cowie from Renesys. “The internet is so decentralized that there is no kill switch.”

“No you can’t do that,” said Harvard’s Faris. “The internet is designed to be robust. Certain links break and then other links are opened.”

In Egypt, for example, people who couldn’t access the broadband internet were able to place international phone calls to Europe to log on to dial-up internet service, he said, which, of course, operates on phone lines.
Google even announced a service that would let people in Egypt use landline telephones to post to Twitter using voice messages.

“Communication continues and people revert to other modes,” he said. “You can shut the internet down but it’s not the end of organization. People are still there in the square, and they’re figuring out how to do it.”

Myanmar authorities appear to be deliberately slowing down the Internet ahead of this weekend’s election to make it more difficult for journalists to get images and news out of the country, rights groups said Monday.

The highly secretive military junta has not announced any Internet slowdown but analysts say it fits a pattern of new restrictions put in place ahead of Sunday’s vote, including tighter controls over the movement of aid agencies and the suspension of a visa-on-arrival system for travellers. Other measures include barring entry to foreign journalists and outside observers.

The poll will be Myanmar’s first elections in 20 years, but critics have widely dismissed it as designed to ensure the military retains power with a civilian facade.

The junta aggressively censors the Internet, routinely blocking politically sensitive websites. During a crackdown on pro-democracy protesters in 2007, the junta completely cut access to the Internet and shuttered many cybercafes.

“I’m not surprised to hear that the Internet is grinding to a halt,” said David Mathieson, a Myanmar researcher with New York-based Human RightsWatch.

“It’s a slow squeeze,” Mathieson said. “They’re slowing everything right down so the potential for negative information to come out is greatly reduced.”

Hotels and travel agents that rely on the Internet for business say the slowdown started a week ago and many are advising travellers that Internet connections cannot be guaranteed for at least a week.

“The situation with the Internet connection is not stable. We don’t know exactly how long it will last. We hope it will be better after this weekend,” said a worker on the reservation desk at Yangon’s upscale, colonial-era Strand Hotel. She spoke on condition of anonymity for fear of drawing unwanted attention from authorities.

The slowdown has been mentioned in Myanmar’s tightly controlled media, none of which have blamed the government.

The “7 Day News” weekly reported in its Oct. 28 issue that the problem appeared to stem from a hacker attack and was affecting all Internet service providers.

The Committee to Protect Journalists issued a statement over the weekend that put Myanmar at the top of its list of the “10 Worst Countries to be a Blogger.”

“It does appear that the authorities are deliberately slowing down Internet connections to make it more difficult for journalists to file images and video over the Internet ahead of the upcoming elections,” the statement said.

BANGKOK — Leading Myanmar exile media organisations said their websites had been crippled by cyber attacks Monday on the third anniversary of a crackdown on the “Saffron Revolution” monk-led protests.

The Internet sites of the Democratic Voice of Burma, the Irrawaddy Magazine and the Mizzima news service were overwhelmed by a flood of incoming messages known as a Distributed Denial of Service (DDoS) attack.

“All the fingers are pointing at the regime and regime-hired mercenary hackers — these are the people who are behind the attack I’m sure,” Aung Zaw, founder and editor of the Irrawaddy, told AFP.

There was a similar attack on the main exile media in September 2008, on the first anniversary of the Saffron Revolution, which crippled websites for several days.

Toe Zaw Latt, the Democratic Voice of Burma’s Thailand bureau chief, said the Norway-based group was now better prepared to cope with cyber attacks, and had restored its site on Monday after an 18-hour interruption.

The 2007 protests in Myanmar began as small rallies against the rising cost of living but escalated into huge anti-government demonstrations led by crowds of monks.

At least 31 people were killed by security forces while hundreds were beaten and detained in a crackdown by the authorities on the protests.

Myanmar is gearing up for its first elections in two decades, set for November 7, but the vote has been widely criticised by activists and the West as a charade aimed at putting a civilian cloak on military rule.

During the monk-led protests in 2007, Myanmar’s citizens used the web to leak extensive accounts and video to the outside world, sparking a total Internet ban by the iron-fisted regime.

Sein Win, Mizzima’s managing editor, said the timing of the latest attack was “very strange”, adding some people were speculating it could be a test by the hackers of their ability to block websites during the upcoming election.

First Published: 00:04 IST(26/3/2009)
Last Updated: 01:52 IST(26/3/2009)

The Indian military fears a ‘Chinese aggression’ in less than a decade. A secret exercise, called ‘Divine Matrix’, by the army’s military operations directorate has visualised a war scenario with the nuclear-armed neighbour before 2017.

“A misadventure by China is very much within the realm of possibility with Beijing trying to position itself as the only power in the region. There will be no nuclear warfare but a short, swift war that could have menacing consequences for India,” said an army officer, who was part of the three-day war games that ended on Wednesday.

In the military’s assessment, based on a six-month study of various scenarios before the war games, China would rely on information warfare (IW) to bring India down on its knees before launching an offensive.

The war games saw generals raising concerns about the IW battalions of the People’s Liberation Army carrying out hacker attacks for military espionage, intelligence collection, paralysing communication systems, compromising airport security, inflicting damage on the banking system and disabling power grids. “We need to spend more on developing information warfare capability,” he said.

The war games dispelled the notion that China would take at least one season (one year) for a substantial military build-up across India’s northeastern frontiers. “The Tibetan infrastructure has been improved considerably. The PLA can now launch an assault very quickly, without any warning, the officer said.

The military believes that China would have swamped Tibet with sweeping demographic changes in the medium term. For the purposes of Divine Matrix, China would call Dalai Lama for rapprochement and neutralise him. The top brass also brainstormed over India’s options in case Pakistan joined the war to. Another apprehension was that Myanmar and Bangladesh would align with China in the future geostrategic environment.

So here’s a provocation: We can’t circumvent our way around internet censorship.

I don’t mean that internet censorship systems don’t work. They do – our research tested several popular circumvention tools in censored nations and discovered that most can retrieve blocked content from behind the Chinese firewall or a similar system. (There are problems with privacy, data leakage, the rendering of certain types of content, and particularly with usability and performance, but the systems can circumvent censorship.) What I mean is this – we couldn’t afford to scale today’s existing circumvention tools to “liberate” all of China’s internet users even if they all wanted to be liberated.

Circumvention systems share a basic mode of operation – they act as proxies to let you retrieve blocked content. A user is blocked from accessing a website by her ISP or that ISP’s ISP. She wants to read a page from Human Rights Watch’s webserver, which is accessible at IP address 70.32.76.212. But that IP address is on a national blacklist, and she’s prevented from receiving any content from it. So she points her browser to a proxy server at another address – say 123.45.67.89 – and asks a program on that server to retrieve a page from the HRW server. Assuming that 123.45.67.89 isn’t on the national blacklist, she should be able to receive the HRW page via the proxy.

During the transaction, the proxy is acting like an internet service provider. Its ability to provide reliable service to its users is constrained by bandwidth – bandwidth to access the destination site and to deliver the content to the proxy user. Bandwidth is costly in aggregate, and it costs real money to run a proxy that’s heavily used.

Some systems have tried to reduce these costs by asking volunteers to share them – Psiphon, in its first design, used home computers hosted by volunteers around the world as proxies, and used their consumer bandwidth to access the public internet. Unfortunately, in many countries, consumer internet connections are optimized to download content and are much slower when they are uploading content. These proxies could get the homepage at hrw.org pretty quickly, but they took a very long time to deliver the page to the user behind the firewall. Psiphon is no longer primarily focused on trying to make proxies hosted by volunteers work. Tor is, but Tor nodes are frequently hosted by universities and companies who have access to large pools of bandwidth. Still, available bandwidth is a major constraint to the usability of the Tor system. The most usable circumvention systems today – VPN tools like Relakks or Witopia – charge users significant sums annually to defray bandwidth costs.

Let’s assume that systems like Tor, Psiphon and Freegate receive additional funding from the State Department. How much would it cost to provide proxy internet access for… well, China? China reports 384 million internet users, meaning we’re talking about running an ISP capable of serving more than 25 times as many users as the largest US ISP. According to CNNIC, China consumes 866,367 Mbps of international internet bandwidth. It’s hard to get estimates for what ISPs pay for bandwidth, though conventional wisdom suggests prices between $0.05 and $0.10 per gigabyte. Using $0.05 as a cost per gigabyte, the cost to serve the Internet to China would be $13,608,000 per month, $163.3 million a year in pure bandwidth charges, not counting the costs of proxy servers, routers, system administrators, customer service. Faced with a bill of that magnitude, the $45 million US senators are asking Clinton to spend quickly looks pretty paltry.

There’s an additional complication – we’re not just talking about running an ISP – we’re talking about running an ISP that’s very likely to be abused by bad actors. Spammers, fraudsters and other internet criminals use proxy servers to conduct their activities, both to protect their identities and to avoid systems on free webmail providers, for instance, which prevent users from signing up for dozens of accounts by limiting an IP address to a certain number of signups in a limited time period. Wikipedia found that many users used open proxies to deface their system and now reserve the right to block proxy users from editing pages. Proxy operators have a tough balancing act – for their proxies to be useful, people need to be able to use them to access sites like Wikipedia or YouTube… but if people use those proxies to abuse those sites, the proxy will be blocked. As such, proxy operators can find themselves at war with their own users, trying to ban bad actors to keep the tool useful for the rest of the users.

I’m skeptical that the US State Department can or wants to build or fund a free ISP that can be used by millions of simultaneous users, many of whom may be using it to commit clickfraud or send spam. I know – because I’ve talked with many of them – that the people who fund blocking-resistant internet proxies don’t think of what they’re doing in these terms. Instead, they assume that proxies are used by users only in special circumstances, to access blocked content.

Here’s the problem. A nation like China is blocking a lot of content. As Donnie Dong notes in a recent blogpost, five of the ten most popular websites worldwide are blocked in China. Those sites include YouTube and Facebook, sites that eat bandwidth through large downloads and long sessions. Perhaps it would be realistic to act as an ISP to China if we were just providing access to Human Rights Watch – it’s not realistic if we’re providing access to YouTube.

Proxy operators have dealt with this question by putting constraints on the use of their tools. Some proxy operators block access to YouTube because it’s such a bandwidth hog. Others block access to pornography, both because it uses bandwidth and to protect the sensibilities of their sponsors. Others constrain who can use their tools, limiting access to the tools to people coming from Iranian or Chinese IPs, trying to reduce bandwidth use by American high school kids who’ve got YouTube blocked by their school. In deciding who or what to block, proxy operators are offering their personal answers to a complicated question: What parts of the internet are we trying to open up to people in closed societies? As we’ll address in a moment, that’s not such an easy question to answer.

Let’s imagine for a moment that we could afford to proxy China, Iran, Myanmar and others’ international traffic. We figure out how to keep these proxies unblocked and accessible (it’s not easy – the operators of heavily used proxy systems are engaged in a fast-moving cat and mouse game) and we determine how to mitigate the abuse challenges presented by open proxies. We’ve still got problems.

Most internet traffic is domestic. In China, we estimate (Hal’s got a paper coming out shortly) that roughly 95% of total traffic is within the country. Domestic censorship matters a great deal, and perhaps a great deal more than censorship at national borders. As Rebecca MacKinnon documented in “China’s Censorship 2.0“, Chinese companies censor user-generated content in a complex, decentralized way. As a result, a good deal of controversial material is never published in the first place, either because it’s blocked from publication or because authors decline to publish it for fear of having their blog account locked or cancelled. We might assume that if Chinese users had unfettered access to Blogger, they’d publish there. Perhaps not – people use the tools that are easiest to use and that their friends use. A seasoned Chinese dissident might use Blogger, knowing she’s likely to be censored – an average user, posting photos of his cat, would more likely use a domestic platform and not consider the possibility of censorship until he found himself posting controversial content.

In promoting internet freedom, we need to consider strategies to overcome censorship inside closed societies. We also need to address “soft censorship”, the co-opting of online public spaces by authoritarian regimes, who sponsor pro-government bloggers, seed sympathetic message board threads, and pay for sympathetic comments. (Evgeny Morozov offers a thoroughly dark view of authoritarian use of social media in How Dictators Watch Us On The Web.)

We also need to address a growing menace to online speech – attacks on sites that host controversial speech. When Turkey blocks YouTube to prevent Turkish citizens from seeing videos that defame Ataturk, they prevent 20 million Turkish internet users from seeing the content. When someone – the Myanmar government, patriotic Burmese, mischievous hackers – mount a distributed denial of service attack on Irrawaddy (an online newspaper highly critical of the Myanmar government), they (temporarily) prevent everyone from seeing it.

Circumvention tools help Turks who want to see YouTube get around a government block. But they don’t help Americans, Chinese or Burmese see Irrawaddy if the site has been taken down by DDoS or hacking attacks. Publishers of controversial online content have begun to realize that they’re not just going to face censorship by national filtering systems – they’re going to face a variety of technical and legal attacks that seek to make their servers inaccessible.

There’s quite a bit publishers can do to increase the resilience of their sites to DDoS attack and to make their sites more difficult to filter. To avoid blockage in Turkey, YouTube could increase the number of IP addresses that lead to the webserver and use a technique called “fast-flux DNS” to give the Turkish government more IP addresses to block. They could maintain a mailing list to alert users to unblocked IP addresses where they could access YouTube, or create a custom application which disseminates unblocked IPs to YouTube users who download the ap. These are all techniques employed by content sites that are frequently blocked in closed societies.

YouTube doesn’t take these anti-blocking measures for at least two reasons. One, they’ve generally preferred to negotiate with nations who filter the internet to try to make their sites reachable again than to work against them by fighting filtering. (This attitude may be changing now that Google has announced their intention not to cooperate with Chinese censorship.) Second, YouTube doesn’t really have an economic incentive to be unblocked in Turkey. If anything, being blocked in Turkey (and perhaps even in China) may be to their economic advantage.

Sites that enable user-created content are supported by advertising traffic. Advertisers are generally more excited about reaching users in the US (who’ve got credit cards, more disposable income and are inclined to buy online) than users in China or Turkey. Some suspect that the introduction of “lite” versions of services like Facebook are designed to serve users in the developing world at lower cost, since those users rarely create income. In economic terms, it may be hard to convince Facebook, YouTube and others to continue providing services to closed societies, where they have a tough time selling ads. And we may need to ask more of them – to take steps to ensure that they remain accessible and useful in censorious countries.

In short:
- Internet circumvention is hard. It’s expensive. It can make it easier for people to send spam and steal identities.
- Circumventing censorship through proxies just gives people access to international content – it doesn’t address domestic censorship, which likely affects the majority of people’s internet behavior.
- Circumventing censorship doesn’t offer a defense against DDoS or other attacks that target a publisher.

To figure out how to promote internet freedom, I believe we need to start addressing the question: “How do we think the Internet changes closed societies?” In other words, do we have a “theory of change” behind our desire to ensure people in Iran, Burma, China, etc. can access the internet? Why do we believe this is a priority for the State Department or for public diplomacy as a whole?

I think much work on internet censorship isn’t motivated by a theory of change – it’s motivated by a deeply-held conviction (one I share) that the ability to share information is a basic human right. Article 19 of the Universal Declaration of Human Rights states that “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.” The internet is the most efficient system we’ve ever built to allow people to seek, receive and impart information and ideas, and therefore we need to ensure everyone has unfettered internet access. The problem with the Article 19 approach to censorship circumvention is that it doesn’t help us prioritize. It simply makes it imperative that we solve what may be an unsolvable problem.

If we believe that access to the internet will change closed societies in a particular way, we can prioritize access to those aspects of the internet. Our theory of change helps us figure out what we must provide access to. The four theories I list below are rarely explicitly stated, but I believe they underly much of the work behind censorship circumvention.

The suppressed information theory: if we can provide certain suppressed information to people in closed societies, they’ll rise up and challenge their leaders and usher in a different government. We might choose to call this the “Hungary ‘56 theory” – reports of struggles against communist governments around the world, reported into Hungary via Radio Free Europe, encouraged Hungarians to rebel against their leaders. (Unfortunately, the US didn’t support the revolutionaries militarily – as many in Hungary had expected – and the revolution was brutally quashed by a Soviet invasion.)

I generally term this the “North Korea theory”, because I think a state as closed as North Korea might be a place where un-suppressed information – about the fiscal success of South Korea, for instance – could provoke revolution. (Barbara Demick’s beautiful piece in the New Yorker, “The Good Cook“, gives a sense for how little information most North Koreans have about the outside world and how different the world looks from Seoul.) But even North Korea is less informationally isolated than we think – Dong-A Ilbo reports an “information belt” along the North Korea/China border where calls on smuggled mobile phones are possible from North to South Korea. Other nations are far more open – my friends in China tend to be extremely well informed about both domestic and international politics, both through using circumvention tools and because Chinese media reports a great deal of domestic and international news.

It’s possible that access to information is a necessary, though not sufficient, condition for political revolution. It’s also possible that we overestimate the power and potency of suppressed information, especially as information is so difficult to suppress in a connected age.

The Twitter revolution theory: if citizens in closed societies can use the powerful communications tools made possible by the Internet, they can unite and overthrow their oppressors. This is the theory that led the State Department to urge Twitter to put off a period of scheduled downtime during the Iran elections protests. While it’s hard to make the case that technologies of connection are going to bring down the Iranian government (see Cameron Abadi’s piece in FP on the limitations of using Facebook to organize in Iran), good counterexamples exist, like the role of the mobile phone in helping to topple President Estrada in the Philippines.

There’s been a great deal of enthusiasm in the popular press for the Twitter revolution theory, but careful analysis reveals some limitations. The communications channels opened online tend to be compromised quickly, used for disinformation and for monitoring activists. And when protests get out of hand, governments of closed societies don’t hesitate to pull the plug on networks – China has blocked internet access in Xinjiang for months, and Ethiopia turned off SMS on mobile phone networks for years after they were used to organize street protests.

The public sphere theory: Communication tools may not lead to revolution immediately, but they provide a new rhetorical space where a new generation of leaders can think and speak freely. In the long run, this ability to create a new public sphere, parallel to the one controlled by the state, will empower a new generation of social actors, though perhaps not for many years.

Marc Lynch made a pretty persuasive case for this theory in a talk last year about online activism in the Middle East. It’s possible to make this case by looking at samizdat (self-published, clandestine media) in the former Soviet Union, which was probably more important as a space for free expression than it was as a channel for disseminating suppressed information. The emergence of leader like Vaclav Havel, whose authority was rooted in cultural expression as well as political power, makes the case that simply speaking out is powerful. But the long timescale of this theory makes it hard to test.

The theory we accept shapes our policy decisions. If we believe that disseminating suppressed information is critical – either to the public at large or to a small group of influencers – we might focus our efforts on spreading content from Voice of America or Radio Free Europe. Indeed, this is how many government forays into censorship circumvention began – national news services began supporting circumvention tools so their content (painstakingly created in languages like Burmese or Farsi) would be accessible in closed societies. This is a very efficient approach to anticensorship – we can ignore many of the problems associated with abusing proxies and focus on prioritizing news over other high-bandwidth uses, like the video of the cat flushing the toilet. Unfortunately, we’ve got a long track record that shows that this form of anticensorship doesn’t magically open closed regimes, which suggests that increasing our bet on this strategy might be a poor idea.

If we adopt the Twitter Revolution theory, we should focus on systems that allow for rapid communication within trusted networks. This might mean tools like Twitter or Facebook, but probably means tools like LiveJournal and Yahoo! Groups which gain their utility through exclusivity, allowing small groups to organize outside the gaze of the authorities. If we adopt the public sphere approach, we want to open any technologies that allow public communication and debate – blogs, Twitter, YouTube, and virtually anything else that fits under the banner of Web 2.0.

What does all this mean in terms of how the State Department should allocate their money to promote Internet Freedom? My goal was primarily to outline the questions they should be considering, rather than offering specific prescriptions. But here are some possible implications of these questions:

- We need to continue supporting circumvention efforts, at least in the short term. But we need to disabuse ourselves of the idea that we can “solve” censorship through circumvention. We should support circumvention until we find better technical and policy solutions to censorship, not because we can tear down the Great Firewall by spending more.

- If we want more people using circumvention tools, we need to find ways to make them fiscally sustainable. Sustainable circumvention is becoming an attractive business for some companies – it needs to be part of a comprehensive internet freedom strategy, and we need to develop strategies that are sustainable and provide low/zero cost access to users in closed societies.

- As we continue to fund circumvention, we need to address usage of these tools to send spam, commit fraud and steal personal data. We might do this by relying less on IP addresses as an extensive, fundamental means of regulating bad behavior… but we’ve got to find a solution that protects networks against abuse while maintaining the possibility of anonymity, a difficult balancing act.

- We need to shift our thinking from helping users in closed societies access blocked content to helping publishers reach all audiences. In doing so, we may gain those publishers as a valuable new set of allies as well as opening a new class of technical solutions.

- If our goal is to allow people in closed societies to access an online public sphere, or to use online tools to organize protests, we need to bring the administrators of these tools into the dialog. Secretary Clinton suggests that we make free speech part of the American brand identity – let’s find ways to challenge companies to build blocking resistance into their platforms and to consider internet freedom to be a central part of their business mission. We need to address the fact that making their platforms unblockable has a cost for content hosts and that their business models currently don’t reward them for providing service to these users.

- The US government should treat internet filtering – and more aggressive hacking and DDoS attacks – as a barrier to trade. The US should strongly pressure governments in open societies like Australia and France to resist the temptation to restrict internet access, as their behavior helps China and Iran make the case that their censorship is in line with international norms. And we need to fix US treasury regulations make it difficult and legally ambiguous for companies like Microsoft and projects like SourceForge to operate in closed societies. If we believe in Internet Freedom, a first step needs to be rethinking these policies so they don’t hurt ordinary internet users.

The danger in heeding Secretary Clinton’s call is that we increase our speed, marching in the wrong direction. As we embrace the goal of Internet Freedom, now is the time to ask what we’re hoping to accomplish and to shape our strategy accordingly.

Thanks to Hal Roberts, Janet Haven and Rebecca MacKinnon for help editing and improving this post. They’re responsible for the good parts – you can blame the rest on me.

Police don’t need intrusive powers to tackle modern Internet crime – there’s a new paradigm

I’m at the Citizen Lab, an interdisciplinary research facility at the Munk Centre for International Studies, University of Toronto. I am reviewing reports on cyber security. With me is Nart Villeneuve, senior research fellow and chief research officer for our partner company, SecDev.Cyber.

Nart is busy doing what he usually can be found doing: following hunches, deeply engaged in cyber forensic investigations. In his latest work, he has gained backdoor access to track a very large, Russian-operated botnet – a collection of infected computers under the control of an attacker.

No doubt about it, the perpetrators of this botnet are into criminal behaviour. Although it is Russian in origin, the botnet uses control servers in China and manipulates thousands of compromised computers in the United States and Germany (so-called “zombies [http://en.wikipedia.org/wiki/zombie_computer]“) to launch computer network attacks. Russian criminal organizations are known to contract out such attacks to anyone who will pay. We witness a real-time attack against an obscure Russian website, lasting a few minutes.

This botnet also appears to be connected to a massive spam operation that sends out bogus links to gambling, pornography, pharmaceuticals and fake anti-virus software. Nart’s probes uncover directories containing four million recipient e-mail addresses. They are also engaged in widespread “click fraud,” redirecting browsers of infected computers to online ads without the users’ knowledge in order to generate microincome on a massive scale.

In fact, botnets like this one are at the heart of just about every imaginable menacing and serious act of Internet crime, from espionage to child pornography. They are so vexing for law enforcement and intelligence, we are often told, because of the so-called “attribution” problem – the challenge of identifying the perpetrators.

It has become a truism to say the Web facilitates anonymity. “On the Internet, no one knows you are a dog,” went the famous New Yorker cartoon [http://weblogs.mozillazine.org/gerv/archives/2007/images/internet_dog.jpg] – or in this case, a fraudster, terrorist or gangster. Perpetrators can mask their real identities through proxy computers located in foreign jurisdictions, or contract out to third parties who carry out their criminal deeds.

Some have advocated radical solutions to this problem, including the end of anonymity, the requirement for Internet users to have permanent IDs, even the wholesale scrapping of the Internet as we know it. Bills C-46 [http://www2.parl.gc.ca/housepublications/publication.aspx?docid=4008179&language=e&mode=1] and C-47 [http://www2.parl.gc.ca/housepublications/publication.aspx?pub=bill&doc=c-47&parl=&ses=〈uage=e], currently working their way through Canadian parliamentary committees, would require Internet service providers to install new surveillance equipment, collect personal data, retain it for longer periods of time and allow law enforcement and intelligence to see that personal information, in some circumstances without a court warrant. The Privacy Commissioner of Canada and others have raised serious concerns about this.

Although attribution, anonymity, and investigation of Internet crime remain very real challenges, I believe they are not insurmountable and do not require radical infringements on privacy or wholesale alterations to the Internet as we know it. In fact, the Internet itself, and the mass of data it contains, points to the solution.

Shortly after our observations, Nart uncovered a lead to the possible botnet operator: a Russian student registered at Moscow State University. There was no magical sniffing tool or lawful access provisions clearing his way. He simply pieced together bits of seemingly disparate information – a name here, a string of code there, a domain registration, a recurring handle, an e-mail address, all pieced together by searching Google results.

It’s not the first time Nart has done this. In 2008, he uncovered a massive spy network being run through the Chinese version of Skype, and was able to locate, access and archive the control servers behind them using creative Google searches.

Earlier this year, the Information Warfare Monitor (one of our projects with SecDev.Cyber) tracked down Ghostnet [http://www.theglobeandmail.com/news/technology/meet-the-canadians-who-busted-ghostnet/article732409], a massive cyber espionage network infecting 1,295 computers in a 103 countries. Nart provided a critical break in the investigation by Googling a 22-character string collected during field research. It led to one of the poorly secured command server interfaces.

The Information Warfare Monitor is now working on a report about attacks against the websites of prominent Burmese human-rights groups. Many people suspect the attacks are connected to Myanmar’s military regime, but our investigation leads conclusively to a single individual. We even have his picture from his social networking pages.

The reason for such successes are twofold: our methods and the nature of superabundant information in the cyber age.

As university-based researchers and private sector researchers without access to warrants and private information, we have been forced to do more with less. We rely on qualitative, as opposed to quantitative, approaches. We engage in multidisciplinary analysis of data, as opposed to its automated mining. We search for connections between disparate sources of open information, instead of digging through that which is private.

The problem for law enforcement and intelligence today is not the lack of information; it is the deluge of it. The U.S. National Security Agency reportedly sucks up the equivalent of the contents of the Library of Congress every six to eight hours, every single day.

This is an old paradigm, based on methods where information is easy to hide and hard to find. It’s ill-suited to our modern hypermedia environment, which includes more than four billion cellphones around the world, according to the International Telecommunication Union. Many of them are equipped to snap pictures and videos, and upload them instantly to YouTube or Twitter. These images can be geotagged through Google Maps, which now includes street-level images of many major cities.

In other words, who needs more surveillance powers when people willingly monitor themselves? Social networking has brought us the Age of Auto-Surveillance. These are my friends, here is my house, this is the bus I take, here is my dog, this is my e-mail address, here is my phone number, this is my place of work, this is what I like to eat for lunch.

Criminals and terrorists rarely tweet about their crimes, true. But they cannot escape the digital traces and electronic signatures that everyone, even the most determined criminal, now leaves. In the case of the Russian student, it was a user name posted on a hacker forum that was also used as part of a website domain, which then showed up as a prefix on an e-mail address of an innocuous undergraduate essay that was posted online, along with the student’s name.

In a time when every person’s digital life is now turned inside out and electronically dispersed and disaggregated, does it really make sense to think solutions lie in adding to that flood? Law enforcement and intelligence don’t need to sidestep court protections and civil liberties to meet the challenges of cyber crime – they need a new investigatory paradigm.

Ron Deibert is director of the Citizen Lab and a principal with the SecDev Group. He is a cofounder of and principal investigator for the Information Warfare Monitor.