A U.S. judge has approved the lawsuit filed by Chinese search engine giant Baidu against its domain register following a cyber attack which occurred in January.

The suit follows the attacks in January which were attributed to a group calling themselves the “Iranian Cyber Army.” Baidu alleges that Register.com gave the hackers access to Baidu’s account when the hackers called the register claiming to be employees of Baidu.

The hackers were then able to change the server number, redirecting users attempting to access the search engine to a site with political messages, according to the BBC.

“It’s like somebody going into the telephone book and changing your phone number,” Graham Cluley of Sophos said.

The search engine claims it lost millions of dollars because of the hack and filed seven lawsuits against the domain register. The U.S. judge allowed two of the suits.

“I hold that Baidu has alleged sufficient facts in its complaint to give rise to a plausible claim of gross negligence or recklessness,” Judge Denny Chin said.

The trial will begin next month in New York. Cluley said it was fortunate the hack didn’t have more serious repercussions.

“Rather than displaying propaganda [the website] could have installed malware or spyware,” he said. “Baidu in China is extremely popular – it could have infected a lot of computers.”

http://www.thenewnewinternet.com/2010/07/23/court-approves-baidu-lawsuit-against-domain-register-for-iranian-cyber-army-hack/

During last year’s election turmoil in Tehran, the Iranian regime’s biggest foe often seemed to be 21st-century technology. While the regime cracked down on supporters of opposition candidate Mir Hossein Mousavi — the so-called Green Movement — with decidedly pre-Web 2.0 tools like truncheons and tear gas, protesters used Twitter, YouTube, and other Web-based applications to publicize their cause, and the regime’s brutal response, to the rest of the world.

A year later, however, Iranian dissidents’ techno-euphoria is mostly a thing of the past. The regime’s Islamic Revolutionary Guard Corps (IRGC) declared victory over the opposition this February, after the Green Movement’s call for massive demonstrations to mark the 31st anniversary of the Islamic Revolution were effectively blocked by the regime’s nationwide shutdown of both Internet and cell-phone access. The Greens, deprived of communications in a society where mass media are under complete state control, suffered a lackluster turnout, prompting some Iran watchers in Washington to (prematurely) declare the movement dead.

That period of triumph, however, seems to be a distant memory for Iran’s hard-line leadership. Today, the IRGC and Supreme Leader Ali Khamenei are obsessed with a more formidable foe in cyberspace: the U.S. government. The United States, the regime avers, is engaging in a cyberwar to loosen its own hold on power. Nearly every day, the state-run newspapers warn of Washington’s well-planned strategy to overcome the Iranian regime’s control of the Internet. “The U.S. military enters the arena of cyber wars in an organized manner,” read a large headline carried by the Fars news agency on May 10. Kayhan newspaper, which distributes Khamenei’s views, has accused the U.S. government of using Iran’s Internet-savvy youth to launch a cyberspace “soft war” against the regime. “The target of this new American plan are the youth who use the Internet more frequently than older people and are easier to deceive,” the paper reported.

The attacks sometimes verge on the obsessive. On April 20, Kayhan devoted an entire column to condemning Haystack, a program that uses sophisticated mathematical algorithms to allow users to circumvent government Internet filters and cover the tracks of their online activities. The paper called the program “a CIA plan.” (Actually, it was these guys.) Kayhan also responded immediately to news of a conference in Washington convened by the Century Foundation (my employer) and the National Security Network on communications technology and dissent in Iran, declaring the event to be proof that the “CIA was stepping up its efforts for Internet freedom” in Iran and tarring its participants — including me — as American spies. Iranian authorities have warned that the “enemy” is gearing up in its Internet war to help protesters fight Iran’s security forces this Saturday; the Green Movement’s de facto leaders had suggested large protests that day, but released a statement today saying it was too dangerous to demonstrate on the the first anniversary of the disputed presidential election.

Why all the concern with an alleged U.S. government plot to overthrow the regime through cyberspace? Well, for one thing, the United States actually is mounting a number of efforts to liberate Iran’s virtual society, even if those efforts don’t quite amount to the fiendish plot of the regime’s imagination. Secretary of State Hillary Clinton gave a major policy speech on Jan. 21, announcing a new Internet freedom initiative, in which she singled out Iran and China as the countries of most concern to Washington. “[D]espite an intense campaign of government intimidation, brave citizen journalists in Iran continue using technology to show the world and their fellow citizens what is happening inside their country,” Clinton said. “And their courage is redefining how technology is used to spread truth and expose injustice.”

Iran is also aware of a little-known U.S. government fund established last year, called the Near East Regional Democracy Program (NERD), which is intended to fund technology initiatives to promote Internet freedom. President Barack Obama has requested $40 million from Congress for it, and the program enjoys broad bipartisan support. While the funds are not restricted to Iran, there is a movement in Congress to allocate the money specifically for the Islamic Republic. In Iran’s eyes, NERD is reminiscent of the notorious $75 million pot of money that former President George W. Bush earmarked for regime change in Iran.

The program is still far from getting off the ground, however — the U.S. government has yet to sort out how it would actually use the money if it received it, much less coordinate with the software companies that would be necessary partners in the endeavor. This delay matters: Anticipating a U.S.-led cyberspace attack, the IRGC is likely to deploy its most advanced technology to shut down Internet access, email, and cell-phone traffic ahead of the anniversary of the presidential election and the expected protests that will accompany it. So far, Washington has shown that it is acutely aware of the communications and other technological difficulties facing Iranian dissidents, but there is no sign that it has come up with a concrete response plan. If the opposition is waiting for U.S. help, it might be slow in coming.

http://www.foreignpolicy.com/articles/2010/06/10/tehrans_lost_connection

Iranian Defense Minister Ahmad Vahidi has said technological advances have amplified the need for defensive preparations against “cyber war.”

“At present, information and communication technologies are of great importance for different countries and we must prepare and equip ourselves against any form of cyber warfare,” IRNA quoted Brigadier General Vahidi as telling a gathering of army commanders in Tehran on Saturday.

The announcement came two months after Iran dismantled a US-backed cyber network, which was set up to gather information on the country’s nuclear scientists and spread unrest after the June 12, 2009 presidential election.

Iran’s Judiciary said the “cyber war” had received presidential funding from former US President George W. Bush with the help of the terrorist Mojahedin Khalq Organization (MKO), pro-monarchy groups and other anti-Iran cells.

Brig. Gen. Vahidi also praised the martyrs of the eight-year Iraqi-imposed war on Iran for their efforts that resulted in the liberation of Khoramshahr, in southwestern Iran, from foreign occupation

http://www.presstv.ir/detail.aspx?id=127386&sectionid=351020101

At a time when the Obama administration is pressing for harsher sanctions against Iran for its nuclear program, democracy advocates in Iran have been celebrating the recent decision by the United States to lift sanctions on various online services, which they say only helped Tehran to suppress the opposition.

But it is still a long way from the activists’ goal of lifting all restrictions on trade in Internet services, which opposition leaders say is vital to maintaining the open communications that have underpinned the protests that erupted last summer after the disputed presidential election. In recent months the government has carried out cyberwarfare against the opposition, eliminating virtually all sources of independent news and information and shutting down social networking services.

The sanctions against online services — provided through free software like Google Chat or Yahoo Messenger — were intended to restrict Iran’s ability to develop nuclear technology, but democracy advocates say they ended up helping the government repress its people. “The policies were contradictory,” said Ali Akbar Moussavi Khoini, a former member of Parliament who now lives in Washington, where he pressed for the change.

The new measure will enable users in Iran to download the latest circumvention software to help defeat the government’s efforts to block Web sites, and to stop relying on pirated copies that can be far more easily hacked by the government.

But the government’s opponents say they need still more help in getting around the government’s information roadblocks.

“The Islamic Republic is very efficient in limiting people’s access to these sources, and Iranian people need major help,” said Mehdi Yahyanejad, the founder of one of the largest Persian-language social networking Web sites, the United States-based Balatarin. “We need some 50 percent of people to be able to access independent news sources other than the state-controlled media.”

Web sites, social networking and satellite television became major sources of news and tools for organizing and mobilizing people. The opposition posted news about the demonstrations and videos of the security forces’ use of violence against protesters. A video of her final moments turned Neda Agha Soltan, the 26-year-old woman who was shot by government forces, into an international symbol.

But the authorities came to realize the significance of the networking tools and began efforts to eliminate them. In December its “cyberarmy” attacked Twitter, which was a major communications tool for the opposition. The hackers redirected Twitter users to a page in English that read, “This page has been hacked by the Iranian cyberarmy.”

In recent months the government slowed the Internet to a crawl, so that users were unable to perform the simplest operations, like opening Gmail or Yahoo accounts. It has become impossible to post a video, and opposition Web sites have been blocked. The government has also jammed opposition and news satellite channels, including Persian-language Voice of America television and BBC Persian, which were watched by millions.

The government has jailed many cyberexperts in recent months, charging some with “waging war against God,” potentially a capital crime, for sending political e-mail messages. This month Parliament announced a $500 million budget for cyberwarfare, the Fars news agency recently reported.

The opposition tried to fight back with software designed to circumvent the restrictions, but that became a losing battle after Internet service was slowed.

Opposition leaders say they would like to have access to Internet hardware — any products made by Cisco Systems, for example, are subject to sanctions — and high-speed satellite Internet service, which experts say is generally harder to jam than broadcasts. That service is available from the American company Hughes Global Services, in Europe and the Middle East, and could be used by Iranians. But Payam Herischi, senior director at Hughes, said that the company was reluctant to allow its satellites to provide service to Iran until sanctions are lifted.

Iran, which has no communications satellites of its own, is dependent on foreign companies for broadcasting all its local channels as well as English, Persian and Arabic channels. Its jamming of BBC Persian and Voice of America violated international regulations.

“What Iran is doing can cause serious chaos in the international satellite order,” said Sadeq Saba, the director of Persian-language BBC television. “If other countries begin to retaliate and jam Iran’s channels, there will be serious chaos.”

After Iranian jamming last December of the Voice of America and the BBC, the French company Eutelsat duplicated the services, which were on one of its popular Hot Bird satellites, on a more advanced satellite that is resistant to jamming. But that required Iranians to purchase new equipment, which is illegal and hard to find.

While most in the opposition focused on the tactical battle with the government, some saw the struggle in broader terms.

“This is not about the opposition Green Movement in Iran now,” said Mr. Khoini, a visiting scholar at Stanford. “This is about democracy and the fact that when people have access to information, they can make wise choices. No one, even the current leaders of the opposition, can hijack the movement like the way the Islamists did in the 1979 revolution if people can have access to free information.”

http://www.nytimes.com/2010/03/19/world/middleeast/19iran.html

The Islamic Revolution Guards Corps (IRGC) on Sunday announced that its cyber teams have hacked 29 websites affiliated with the US espionage network.

According to a statement released by the Persian-language website, Gerdab, affiliated to the IRGC’s Center for Combating Organized Crimes, the hacked websites acted against Iran’s national security under the cover of human rights activities.

The IRGC has recently set up the new center to detect and combat organized crimes on the internet.

The newly-established center is tasked with monitoring the internet to detect and campaign against organized crimes, espionage, economic and social corruption, money laundering and cultural inroad.

The announcement came after Iran said yesterday that it has arrested 30 individuals on charges of waging a US-backed cyber war against the country.

A statement issued by Tehran’s Public and Revolutionary Court on Saturday said that following a series of complicated security operations in area of information and communication technology, the country’s security forces have identified the most important US-backed organized networks of cyber war launched by the anti-revolutionary groups and arrested 30 suspects.

TEHRAN, Iran — Iran says it has dismantled several U.S.-backed cyber warfare networks that were gathering information on nuclear scientists and provoking unrest in the country.

A judiciary statement says the networks were set up by Iranian opposition groups, including the armed People’s Mujahedeen, and that 30 of their members were arrested.

Iran has repeatedly accused the U.S. and Britain of provoking the unrest that followed June’s disputed presidential election — charges both countries have denied.

The judiciary said Saturday that the cyber campaign also involved a group seeking to restore Iran’s monarchy. The statement said the networks sought to destabilize the Islamic ruling system in Iran, according to the official IRNA news agency.

Copyright © 2010 The Associated Press. All rights reserved.

The 10th annual Index on Censorship Freedom of Expression Awards ceremony, hosted by Jonathan Dimbleby at Royal Institute of British Architects on 25 March 2010. This year’s event promises to be the most important in the history of the awards, given the greatly increased profile that Index on Censorship is now enjoying in the UK and beyond.

[...]

At past events there have been poignant moments. Last year, the new media award was won by Psiphon, a revolutionary software programme that allows Internet access in countries where censorship is imposed. At the ceremony, Psiphon dedicated their award to imprisoned Iranian blogger Hossein Derakshan, who still languishes in jail.

…

So here’s a provocation: We can’t circumvent our way around internet censorship.

I don’t mean that internet censorship systems don’t work. They do – our research tested several popular circumvention tools in censored nations and discovered that most can retrieve blocked content from behind the Chinese firewall or a similar system. (There are problems with privacy, data leakage, the rendering of certain types of content, and particularly with usability and performance, but the systems can circumvent censorship.) What I mean is this – we couldn’t afford to scale today’s existing circumvention tools to “liberate” all of China’s internet users even if they all wanted to be liberated.

Circumvention systems share a basic mode of operation – they act as proxies to let you retrieve blocked content. A user is blocked from accessing a website by her ISP or that ISP’s ISP. She wants to read a page from Human Rights Watch’s webserver, which is accessible at IP address 70.32.76.212. But that IP address is on a national blacklist, and she’s prevented from receiving any content from it. So she points her browser to a proxy server at another address – say 123.45.67.89 – and asks a program on that server to retrieve a page from the HRW server. Assuming that 123.45.67.89 isn’t on the national blacklist, she should be able to receive the HRW page via the proxy.

During the transaction, the proxy is acting like an internet service provider. Its ability to provide reliable service to its users is constrained by bandwidth – bandwidth to access the destination site and to deliver the content to the proxy user. Bandwidth is costly in aggregate, and it costs real money to run a proxy that’s heavily used.

Some systems have tried to reduce these costs by asking volunteers to share them – Psiphon, in its first design, used home computers hosted by volunteers around the world as proxies, and used their consumer bandwidth to access the public internet. Unfortunately, in many countries, consumer internet connections are optimized to download content and are much slower when they are uploading content. These proxies could get the homepage at hrw.org pretty quickly, but they took a very long time to deliver the page to the user behind the firewall. Psiphon is no longer primarily focused on trying to make proxies hosted by volunteers work. Tor is, but Tor nodes are frequently hosted by universities and companies who have access to large pools of bandwidth. Still, available bandwidth is a major constraint to the usability of the Tor system. The most usable circumvention systems today – VPN tools like Relakks or Witopia – charge users significant sums annually to defray bandwidth costs.

Let’s assume that systems like Tor, Psiphon and Freegate receive additional funding from the State Department. How much would it cost to provide proxy internet access for… well, China? China reports 384 million internet users, meaning we’re talking about running an ISP capable of serving more than 25 times as many users as the largest US ISP. According to CNNIC, China consumes 866,367 Mbps of international internet bandwidth. It’s hard to get estimates for what ISPs pay for bandwidth, though conventional wisdom suggests prices between $0.05 and $0.10 per gigabyte. Using $0.05 as a cost per gigabyte, the cost to serve the Internet to China would be $13,608,000 per month, $163.3 million a year in pure bandwidth charges, not counting the costs of proxy servers, routers, system administrators, customer service. Faced with a bill of that magnitude, the $45 million US senators are asking Clinton to spend quickly looks pretty paltry.

There’s an additional complication – we’re not just talking about running an ISP – we’re talking about running an ISP that’s very likely to be abused by bad actors. Spammers, fraudsters and other internet criminals use proxy servers to conduct their activities, both to protect their identities and to avoid systems on free webmail providers, for instance, which prevent users from signing up for dozens of accounts by limiting an IP address to a certain number of signups in a limited time period. Wikipedia found that many users used open proxies to deface their system and now reserve the right to block proxy users from editing pages. Proxy operators have a tough balancing act – for their proxies to be useful, people need to be able to use them to access sites like Wikipedia or YouTube… but if people use those proxies to abuse those sites, the proxy will be blocked. As such, proxy operators can find themselves at war with their own users, trying to ban bad actors to keep the tool useful for the rest of the users.

I’m skeptical that the US State Department can or wants to build or fund a free ISP that can be used by millions of simultaneous users, many of whom may be using it to commit clickfraud or send spam. I know – because I’ve talked with many of them – that the people who fund blocking-resistant internet proxies don’t think of what they’re doing in these terms. Instead, they assume that proxies are used by users only in special circumstances, to access blocked content.

Here’s the problem. A nation like China is blocking a lot of content. As Donnie Dong notes in a recent blogpost, five of the ten most popular websites worldwide are blocked in China. Those sites include YouTube and Facebook, sites that eat bandwidth through large downloads and long sessions. Perhaps it would be realistic to act as an ISP to China if we were just providing access to Human Rights Watch – it’s not realistic if we’re providing access to YouTube.

Proxy operators have dealt with this question by putting constraints on the use of their tools. Some proxy operators block access to YouTube because it’s such a bandwidth hog. Others block access to pornography, both because it uses bandwidth and to protect the sensibilities of their sponsors. Others constrain who can use their tools, limiting access to the tools to people coming from Iranian or Chinese IPs, trying to reduce bandwidth use by American high school kids who’ve got YouTube blocked by their school. In deciding who or what to block, proxy operators are offering their personal answers to a complicated question: What parts of the internet are we trying to open up to people in closed societies? As we’ll address in a moment, that’s not such an easy question to answer.

Let’s imagine for a moment that we could afford to proxy China, Iran, Myanmar and others’ international traffic. We figure out how to keep these proxies unblocked and accessible (it’s not easy – the operators of heavily used proxy systems are engaged in a fast-moving cat and mouse game) and we determine how to mitigate the abuse challenges presented by open proxies. We’ve still got problems.

Most internet traffic is domestic. In China, we estimate (Hal’s got a paper coming out shortly) that roughly 95% of total traffic is within the country. Domestic censorship matters a great deal, and perhaps a great deal more than censorship at national borders. As Rebecca MacKinnon documented in “China’s Censorship 2.0“, Chinese companies censor user-generated content in a complex, decentralized way. As a result, a good deal of controversial material is never published in the first place, either because it’s blocked from publication or because authors decline to publish it for fear of having their blog account locked or cancelled. We might assume that if Chinese users had unfettered access to Blogger, they’d publish there. Perhaps not – people use the tools that are easiest to use and that their friends use. A seasoned Chinese dissident might use Blogger, knowing she’s likely to be censored – an average user, posting photos of his cat, would more likely use a domestic platform and not consider the possibility of censorship until he found himself posting controversial content.

In promoting internet freedom, we need to consider strategies to overcome censorship inside closed societies. We also need to address “soft censorship”, the co-opting of online public spaces by authoritarian regimes, who sponsor pro-government bloggers, seed sympathetic message board threads, and pay for sympathetic comments. (Evgeny Morozov offers a thoroughly dark view of authoritarian use of social media in How Dictators Watch Us On The Web.)

We also need to address a growing menace to online speech – attacks on sites that host controversial speech. When Turkey blocks YouTube to prevent Turkish citizens from seeing videos that defame Ataturk, they prevent 20 million Turkish internet users from seeing the content. When someone – the Myanmar government, patriotic Burmese, mischievous hackers – mount a distributed denial of service attack on Irrawaddy (an online newspaper highly critical of the Myanmar government), they (temporarily) prevent everyone from seeing it.

Circumvention tools help Turks who want to see YouTube get around a government block. But they don’t help Americans, Chinese or Burmese see Irrawaddy if the site has been taken down by DDoS or hacking attacks. Publishers of controversial online content have begun to realize that they’re not just going to face censorship by national filtering systems – they’re going to face a variety of technical and legal attacks that seek to make their servers inaccessible.

There’s quite a bit publishers can do to increase the resilience of their sites to DDoS attack and to make their sites more difficult to filter. To avoid blockage in Turkey, YouTube could increase the number of IP addresses that lead to the webserver and use a technique called “fast-flux DNS” to give the Turkish government more IP addresses to block. They could maintain a mailing list to alert users to unblocked IP addresses where they could access YouTube, or create a custom application which disseminates unblocked IPs to YouTube users who download the ap. These are all techniques employed by content sites that are frequently blocked in closed societies.

YouTube doesn’t take these anti-blocking measures for at least two reasons. One, they’ve generally preferred to negotiate with nations who filter the internet to try to make their sites reachable again than to work against them by fighting filtering. (This attitude may be changing now that Google has announced their intention not to cooperate with Chinese censorship.) Second, YouTube doesn’t really have an economic incentive to be unblocked in Turkey. If anything, being blocked in Turkey (and perhaps even in China) may be to their economic advantage.

Sites that enable user-created content are supported by advertising traffic. Advertisers are generally more excited about reaching users in the US (who’ve got credit cards, more disposable income and are inclined to buy online) than users in China or Turkey. Some suspect that the introduction of “lite” versions of services like Facebook are designed to serve users in the developing world at lower cost, since those users rarely create income. In economic terms, it may be hard to convince Facebook, YouTube and others to continue providing services to closed societies, where they have a tough time selling ads. And we may need to ask more of them – to take steps to ensure that they remain accessible and useful in censorious countries.

In short:
- Internet circumvention is hard. It’s expensive. It can make it easier for people to send spam and steal identities.
- Circumventing censorship through proxies just gives people access to international content – it doesn’t address domestic censorship, which likely affects the majority of people’s internet behavior.
- Circumventing censorship doesn’t offer a defense against DDoS or other attacks that target a publisher.

To figure out how to promote internet freedom, I believe we need to start addressing the question: “How do we think the Internet changes closed societies?” In other words, do we have a “theory of change” behind our desire to ensure people in Iran, Burma, China, etc. can access the internet? Why do we believe this is a priority for the State Department or for public diplomacy as a whole?

I think much work on internet censorship isn’t motivated by a theory of change – it’s motivated by a deeply-held conviction (one I share) that the ability to share information is a basic human right. Article 19 of the Universal Declaration of Human Rights states that “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.” The internet is the most efficient system we’ve ever built to allow people to seek, receive and impart information and ideas, and therefore we need to ensure everyone has unfettered internet access. The problem with the Article 19 approach to censorship circumvention is that it doesn’t help us prioritize. It simply makes it imperative that we solve what may be an unsolvable problem.

If we believe that access to the internet will change closed societies in a particular way, we can prioritize access to those aspects of the internet. Our theory of change helps us figure out what we must provide access to. The four theories I list below are rarely explicitly stated, but I believe they underly much of the work behind censorship circumvention.

The suppressed information theory: if we can provide certain suppressed information to people in closed societies, they’ll rise up and challenge their leaders and usher in a different government. We might choose to call this the “Hungary ‘56 theory” – reports of struggles against communist governments around the world, reported into Hungary via Radio Free Europe, encouraged Hungarians to rebel against their leaders. (Unfortunately, the US didn’t support the revolutionaries militarily – as many in Hungary had expected – and the revolution was brutally quashed by a Soviet invasion.)

I generally term this the “North Korea theory”, because I think a state as closed as North Korea might be a place where un-suppressed information – about the fiscal success of South Korea, for instance – could provoke revolution. (Barbara Demick’s beautiful piece in the New Yorker, “The Good Cook“, gives a sense for how little information most North Koreans have about the outside world and how different the world looks from Seoul.) But even North Korea is less informationally isolated than we think – Dong-A Ilbo reports an “information belt” along the North Korea/China border where calls on smuggled mobile phones are possible from North to South Korea. Other nations are far more open – my friends in China tend to be extremely well informed about both domestic and international politics, both through using circumvention tools and because Chinese media reports a great deal of domestic and international news.

It’s possible that access to information is a necessary, though not sufficient, condition for political revolution. It’s also possible that we overestimate the power and potency of suppressed information, especially as information is so difficult to suppress in a connected age.

The Twitter revolution theory: if citizens in closed societies can use the powerful communications tools made possible by the Internet, they can unite and overthrow their oppressors. This is the theory that led the State Department to urge Twitter to put off a period of scheduled downtime during the Iran elections protests. While it’s hard to make the case that technologies of connection are going to bring down the Iranian government (see Cameron Abadi’s piece in FP on the limitations of using Facebook to organize in Iran), good counterexamples exist, like the role of the mobile phone in helping to topple President Estrada in the Philippines.

There’s been a great deal of enthusiasm in the popular press for the Twitter revolution theory, but careful analysis reveals some limitations. The communications channels opened online tend to be compromised quickly, used for disinformation and for monitoring activists. And when protests get out of hand, governments of closed societies don’t hesitate to pull the plug on networks – China has blocked internet access in Xinjiang for months, and Ethiopia turned off SMS on mobile phone networks for years after they were used to organize street protests.

The public sphere theory: Communication tools may not lead to revolution immediately, but they provide a new rhetorical space where a new generation of leaders can think and speak freely. In the long run, this ability to create a new public sphere, parallel to the one controlled by the state, will empower a new generation of social actors, though perhaps not for many years.

Marc Lynch made a pretty persuasive case for this theory in a talk last year about online activism in the Middle East. It’s possible to make this case by looking at samizdat (self-published, clandestine media) in the former Soviet Union, which was probably more important as a space for free expression than it was as a channel for disseminating suppressed information. The emergence of leader like Vaclav Havel, whose authority was rooted in cultural expression as well as political power, makes the case that simply speaking out is powerful. But the long timescale of this theory makes it hard to test.

The theory we accept shapes our policy decisions. If we believe that disseminating suppressed information is critical – either to the public at large or to a small group of influencers – we might focus our efforts on spreading content from Voice of America or Radio Free Europe. Indeed, this is how many government forays into censorship circumvention began – national news services began supporting circumvention tools so their content (painstakingly created in languages like Burmese or Farsi) would be accessible in closed societies. This is a very efficient approach to anticensorship – we can ignore many of the problems associated with abusing proxies and focus on prioritizing news over other high-bandwidth uses, like the video of the cat flushing the toilet. Unfortunately, we’ve got a long track record that shows that this form of anticensorship doesn’t magically open closed regimes, which suggests that increasing our bet on this strategy might be a poor idea.

If we adopt the Twitter Revolution theory, we should focus on systems that allow for rapid communication within trusted networks. This might mean tools like Twitter or Facebook, but probably means tools like LiveJournal and Yahoo! Groups which gain their utility through exclusivity, allowing small groups to organize outside the gaze of the authorities. If we adopt the public sphere approach, we want to open any technologies that allow public communication and debate – blogs, Twitter, YouTube, and virtually anything else that fits under the banner of Web 2.0.

What does all this mean in terms of how the State Department should allocate their money to promote Internet Freedom? My goal was primarily to outline the questions they should be considering, rather than offering specific prescriptions. But here are some possible implications of these questions:

- We need to continue supporting circumvention efforts, at least in the short term. But we need to disabuse ourselves of the idea that we can “solve” censorship through circumvention. We should support circumvention until we find better technical and policy solutions to censorship, not because we can tear down the Great Firewall by spending more.

- If we want more people using circumvention tools, we need to find ways to make them fiscally sustainable. Sustainable circumvention is becoming an attractive business for some companies – it needs to be part of a comprehensive internet freedom strategy, and we need to develop strategies that are sustainable and provide low/zero cost access to users in closed societies.

- As we continue to fund circumvention, we need to address usage of these tools to send spam, commit fraud and steal personal data. We might do this by relying less on IP addresses as an extensive, fundamental means of regulating bad behavior… but we’ve got to find a solution that protects networks against abuse while maintaining the possibility of anonymity, a difficult balancing act.

- We need to shift our thinking from helping users in closed societies access blocked content to helping publishers reach all audiences. In doing so, we may gain those publishers as a valuable new set of allies as well as opening a new class of technical solutions.

- If our goal is to allow people in closed societies to access an online public sphere, or to use online tools to organize protests, we need to bring the administrators of these tools into the dialog. Secretary Clinton suggests that we make free speech part of the American brand identity – let’s find ways to challenge companies to build blocking resistance into their platforms and to consider internet freedom to be a central part of their business mission. We need to address the fact that making their platforms unblockable has a cost for content hosts and that their business models currently don’t reward them for providing service to these users.

- The US government should treat internet filtering – and more aggressive hacking and DDoS attacks – as a barrier to trade. The US should strongly pressure governments in open societies like Australia and France to resist the temptation to restrict internet access, as their behavior helps China and Iran make the case that their censorship is in line with international norms. And we need to fix US treasury regulations make it difficult and legally ambiguous for companies like Microsoft and projects like SourceForge to operate in closed societies. If we believe in Internet Freedom, a first step needs to be rethinking these policies so they don’t hurt ordinary internet users.

The danger in heeding Secretary Clinton’s call is that we increase our speed, marching in the wrong direction. As we embrace the goal of Internet Freedom, now is the time to ask what we’re hoping to accomplish and to shape our strategy accordingly.

Thanks to Hal Roberts, Janet Haven and Rebecca MacKinnon for help editing and improving this post. They’re responsible for the good parts – you can blame the rest on me.

A very recent assessment by a highly reputed London-based think-tank that cyber warfare between nations is a reality and cannot be brushed aside as fanciful should make us sit up and take notice. The warning is contained in an annual report, The Military Balance, issued by the International Institute for Strategic Studies (IISS). This in-depth document analyses each year the competitive arms race that goes on between major nations and predicts its possible fall-out from the point of view of military capabilities and defence economics.

The latest analysis, apart from citing threats in cyberspace, refers to dangers arising from the conflict in Afghanistan, the determined Chinese exercise to diversify its military prowess and the nuclear ambitions of Iran. As a Western analysis, it naturally devotes considerable attention to what is happening in China and North Korea, especially on the cyber front. Releasing the report, the IISS said: “Despite evidence of cyber attacks in recent political conflicts, there is little appreciation internationally of how to assess cyber-conflict. We are now, in relation to the problem of cyber-warfare, at the same stage of intellectual development as we were in the 1950s in relation to possible nuclear war.” This may appear to be a strong statement, but it is obviously intended to shake policy makers out of their ignorance and complacence.

It is relevant to recall here events of the past few years in which some small and hapless nations were subjected to a major cyber offensive from their adversaries. First was the attack in 2007 on Estonia, whose economic life was paralysed by Denial of Service (DoS) attacks unleashed from about a million computers, many of which were traced to Russia. It is an open secret that relations between the two nations have been frosty for quite some time. Estonia was under Soviet occupation from 1944 and obtained its freedom only in 1991.

Next was the Russian offensive against Georgia in 2008 as part of a dispute over South Ossetia. Apart from military exchanges, the occasion saw the hijacking of Georgian computers through cyber attacks originating from Russia. Even the Georgian President’s official computers were not spared. In July 2009, German espionage agents complained of Internet spying operations by Russia and China with the objective of stealing vital information on critical infrastructure and defence plans. In December, Seoul reported attempts by North Korean computers to hack into the former’s databases relating to US-South Korean defence strategies in the event of a war in the Korean peninsula.

Also, Google recently launched an investigation into attacks on Internet accounts of human rights activists in China. This has actually ballooned into a major controversy, as a result of which Google has decided not to submit itself to censorship imposed by the Chinese authorities and also revealed the possibility of it pulling out of China altogether.

All this is evidence enough to substantiate the growing feeling that the wars of the future will be fought in cyberspace rather than on traditional battle fields. It is this assessment that has persuaded the Pentagon to prepare itself for a war in cyberspace on par with land, sea and aerial combat. According to one report, it will deploy a large number of cyber experts to look after its 15,000 computer networks spread over 4,000 installations. I presume our South Block has a similar core of trained cyber security team. Or else, in these troubled times, with several hostile neighbours around us, we could be in trouble.

All reports suggest that the al Qaeda is still very active. Its principal foes are the US and the UK. India comes a close third. It is the expert estimate that the al Qaeda may not any longer aim at our defence establishments. It is likely rather to concentrate on our weakest spot, namely, the financial sector. The latter may be strong in terms of business acumen. But what it is generally lax about is in respect of protection of its valuable information networks. The stock market is especially vulnerable. Any interference with its online traffic relating to financial transactions, through tactics such as DoS attacks, could be disastrous. Any deliberate corruption of data relating to deals carried out by large-scale credit agencies will be equally ruinous. These are not imaginary but real threats of which financial managers in government and the private sector need to be aware. Any large-scale disruption of the financial market, especially at a time like the present, when economies are passing through a lean phase, could greatly affect political stability. Expert apprehensions of a terrorist use of weak information networks run by financial institutions cannot therefore be ignored.

I would like to draw reader attention to an interesting piece, Cyber Warriors by James Fallows in the latest issue of Atlantic, in which he has a lot to say about threats emanating from the Chinese mainland. Its huge population and high computer literacy (with hundreds of millions of Internet users) give an advantage that is difficult to surpass. In crude terms, China could raise a formidable team of young hackers who could cause havoc to other nations with whom China does not enjoy good relations. This is an army that has the might to bring about a total breakdown of the commercial life of any nation of any size. This is an interesting analysis worth pondering over.

James Fallows refers to a forthcoming novel Directive 51 by John Barnes, which depicts a situation where there is such a breakdown. I am sure it is worth waiting for. We can possibly also draw from it some lessons on how to look after our networks!

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

Have a look at these two stories, both from the same news website, about the same country, on the same day. The first looks at the much-discussed “Twitter Revolution” in Iran, and discusses how demonstrators were able to use technology – SMS, blogs, Youtube, Twitter – to mobilise demonstrators and expose human rights abuses by the authorities.

The second article looks at the flipside – MEPs issuing a stinging attack on Nokia-Siemens Networks who, they said, supplied technology hardware to the Iranian authorities that was used in the “persecution and arrests of Iranian dissidents”.

Technology, particularly Internet and telecommunications technology, provides ‘the good guys’ with new tools to help them do their job: documenting human rights abuses, telling as many people as possible about it, mobilising people to try to stop them. But it also provides ‘the bad guys’ with new tools to do their job too – bugging people’s conversations, snooping on their emails, tracking their location.

Some commentators also question how effective online activism can be. If we’re outraged about a story we read on a blog, how many of us now retweet the story, join a Facebook group and then sit back and congratulate ourselves for doing something about it? I can say from experience that social networks have proved really helpful in mobilising people who care about an issue – but doesn’t someone then have to translate that community of concern into action in the real world?

It’s these issues that we’ll be debating at an Amnesty event on Monday 22 February, entitled Is technology really good for human rights? We’ve assembled a great panel: Susan Pointer, Google’s Director of Public Policy & Government Relations; Andrew Keen (via video), author of Cult of the Amateur: How the Internet is killing our culture; Kevin Anderson, blogs editor of the Guardian; and Annabelle Sreberny, Professor at the School of Oriental and African Studies with a special interest in Iran, bloggers & social media (see her article here, for example). Rory Cellan-Jones, Technology Correspondent for the BBC, will chair the event.

The audience – it’s invitation only I’m afraid, we’re short of space – will be largely made up of bloggers and keen social media users, and we’ll have interaction from outside the auditorium via Twitter, using the #aitech hashtag. I’m anticipating some lively discussion of Google’s role in China, the use of Twitter and other social media in Iran’s ‘Green Movement’, the role that the Internet and social media will play in the forthcoming UK general election, issues around ‘citizen journalism’, plus a host of other topics. We’ll be live tweeting from the event at @newsfromamnesty.

We’re very keen to have a debate that reaches way outside the auditorium, so if you have a question or a comment, please leave it on this blog or tweet it using #aitech. We’ll put as many of them to the panel as we can. No promises to shut down the Amnesty website if the “No’s” win the evening, though…