#IMWeekly: June 20, 2014

Hong Kong
On the eve of a referendum about voting rights this week, Hong Kong’s digital voting platform was hit by a massive DDoS attack. Today is the first of three days of voting for Hong Kong citizens, who will decide whether to offer universal suffrage, seen as a move that would weaken the influence of Beijing-sponsored candidates. Now in its fourth day, the DDoS attack is being called “one of the largest and most persistent DDoS attacks in the history of the Internet” by the company CloudFlare, which has been contracted to defend the voting platform and said that the attack reached a scale of 300Gb per second today. The attack is widely suspected to be the work of pro-Beijing groups, who oppose the referendum. The vote is unofficial, meaning that its results will have “no legal effect,” according to a statement by the Hong Kong government. More than 200,000 ballots have already been cast. For more information, see our earlier post on the attacks.

The spiraling violence as the Islamic State of Iraq and Syria (ISIS) sweeps across Iraq prompted the Maliki government to cut Internet access in the country. Last Friday, sites including Twitter, Facebook, and YouTube were blocked across the nation. Two days later, the government issued orders to ISPs to shut down all Internet access in five of the country’s 19 provinces. The Atlantic reported this week that ISIS is particularly effective at using “gaming Twitter” to push its message and recruit new followers. More information can be found in our blog post about the shutdown.

Twitter announced that it would no longer censor tweets deemed “blasphemous” by the government. In a statement, the company said that it had “re-examined the requests and, in the absence of additional clarifying information from Pakistani authorities, [had] determined that restoration of the previously withheld content is warranted.” Though hailed as a victory for freedom of expression in Pakistan, the decision drew attention to Twitter’s murky takedown policy, which it has declined to make public.

Reporters Without Borders reported that YouTube has been blocked and Google is only partly accessible in Tajikistan since June 12. Blocking has surged in the country over the last two years, usually around times of political tension like last November’s presidential election. On Monday, a Global Voices contributor and the publication’s former Central Asia Editor, Tajik-born Alex Sodiqov, was detained while conducting academic research in the eastern part of the country. The government has allegedly shown him on national television “in an apparent attempt to discredit both him and an opposition politician.” More information can be found in our earlier blog post on Sodiqov’s detainment.

United Kingdom
Revelations emerged this week that the British government has been using a legal loophole to scrutinize its citizens’ social media communications. Charles Farr, director general of the Office for Security and Counter Terrorism, revealed that posts and other communications made on platforms like Facebook and Twitter are considered “external communications” because they’re routed through foreign companies. This means that even missives traded by British nationals in the UK, who are usually afforded significant privacy protections, are fair game for government interception—without a warrant—because the data leaves British shores before reentering.

#imweekly is a weekly round-up of news about Internet content controls and activity around the world. To subscribe via RSS, click here.

#IMWeekly: December 16, 2013

North Korea
The North Korean government began an effort to remove all Internet content and references on state-run sites related to Jang Song Thaek, the former top government and party official who was recently executed. Jang, who was the uncle of supreme leader Kim Jong Un, was one of the most powerful men in the country. Since his death, the state has effectively tried to erase him from the country’s official history.

United Kingdom
Amnesty International filed a legal claim against the UK government based on concerns that “the organization’s communications have been unlawfully accessed by the UK intelligence services.” Amnesty’s concerns first arose following the release of documents by Edward Snowden in June 2013 that revealed how UK authorities had access to information obtained by the US NSA’s previously secret PRISM program—the concerns were amplified when it was revealed the UK’s GCHQ had its own program, Tempora, that may have subjected people to blanket surveillance.  Amnesty’s claim is one in a series of recent legal challenges to spying that have emerged in the UK.

United States
Documents released by Edward Snowden revealed that American and British intelligence agencies have infiltrated globally popular online games, such as World of Warcraft and Second Life, in order to conduct surveillance and gather data on game users. The documents suggest that the spy agencies were concerned that terrorists might use the online games to communicate, exchange funds, and/or plot attacks.

#imweekly is a regular round-up of news about Internet content controls and activity around the world. To subscribe via RSS, click here.

#imweekly: August 19, 2013

Earlier this year, Cuba’s government-owned telecommunications firm activated two undersea fiber optic cables and announced it would open 100 new public Internet cafés. Cuban citizens, heretofore largely cut off from the global Internet, are now beginning to go online. Access is not cheap—at $4.50 per hour, or roughly the average weekly salary for a state employee, using one of the cafés is still out of reach for many Cubans—and those who want to go online must first sign a statement swearing they will not do anything that might harm Cuba’s “economy, sovereignty or national security.”

The government of Thailand has announced its intentions to monitor conversations on the Line messaging app, claiming that surveillance is necessary to “safeguard order, security and morality of Thailand.” The national police’s Technology Crime Suppression Division has asked the Japan-based company to give access to Thai authorities.

United Kingdom
The partner of journalist Glenn Greenwald, who has been reporting on the NSA’s surveillance programs for the Guardian, was detained at Heathrow airport yesterday under schedule 7 of the Terrorism Act 2000. David Miranda had been in Berlin to meet with a filmmaker who has been working with Greenwald on the Snowden files; he was returning to his home in Rio de Janeiro when he was stopped and questioned for nine hours—the maximum allowed by the law. His laptop, phone, and other electronics were confiscated. Greenwald has publicly stated that the detention was an “abuse of the law” intended to intimidate reporters writing about the NSA; Amnesty International has spoken out against the detention.

#imweekly is a regular round-up of news about Internet content controls and activity around the world. To subscribe via RSS, click here.

Human Computing and the Gamification of Surveillance Analysis

Recently unveiled surveillance blimp; courtesy of Raytheon, via Slate

Since the US invasion of Afghanistan in 2001, the American military has worked to create a system of virtually continual real-time drone surveillance of the entire country. The system is not entirely automatic, however: in 2010, Marine Corps General James E. Cartwright noted that at least 19 analysts were needed to process video feeds from a single Predator drone. Looking through thousands of hours of collected video and audio recordings is particularly difficult. Cartwright described the work of analysis as sitting for hours watching “Death TV,” searching for single or valid targets, an activity he called “a waste of manpower [and] inefficient.”

To combat this inefficiency, researchers have experimented with building smarter cameras, capable of recognizing and reporting on suspicious activity, but the development of information gathering technology continues to far outpace the ability of computers to make sense of what has been collected. As an alternative, organizations have experimented with crowd sourcing the work of analysis to online volunteers; the US Air Force even asked ESPN for help looking through the footage. But what happens when the work becomes play, and the people involved don’t know they’re working as surveillance analysts?

courtesy of NASA

In 2000, NASA began outsourcing the tedious job of identifying craters on the moon and Mars by encouraging pubic volunteers, nicknamed “clickworkers,” to identify craters in photographs posted online. What would have taken a graduate student a year to accomplish was completed in only a week. In 2006, the state of Texas installed webcams along the Mexico border, streamed the feeds online, and encouraged the public to help monitor them for suspicious activities. One woman watching at 3:00 AM noticed someone signaling a pickup truck on the webcam and notified the police, which led to a high speed chase and the seizure of over 400 pounds of marijuana. Following the 2011 riots in London, police asked the public to look through thousands hours of CCTV footage and submit their own photos and videos to identify individuals who had participated in looting. Recently, a start-up in the UK began offering a service called “Internet Eyes,” which connects the country’s ubiquitous CCTVs to the Internet and offers the public rewards for identifying people committing crimes.

Important to note is that crowdsourced surveillance efforts don’t necessarily lead to results: following the December 2012 shootings at Sandy Hook Elementary School, police asked for assistance from online crowds and were led to the wrong person. Following the April 2013 Boston Marathon bombings, a similar call for crowd assistance interfered with investigations and led to the wrongful accusation of several innocent people.

While many of these projects use crowdsourced volunteers to handle tasks computers are not able to do, the volunteers participating are typically aware of how their work is being used. These projects attract volunteers willing to give up a little of their time to help with a project they’re interested in seeing succeed or help catch someone suspected of wrongdoing. In contrast, the next generation of surveillance analysis doesn’t require volunteers to know who they’re working for or even that they’re working.

In order to tell the difference between human users and computer programs designed to spam websites, computer scientist Luis von Ahn created CAPTCHA, which presents users with a challenge-response test, usually a simple mathematical operation or an image of obscured text not readable by a computer, which a user must answer or interpret to proceed. Researchers associated with Project Gutenburg realized that CAPTCHA “had unwittingly created a system that was frittering away, in ten-second increments, millions of hours of a most precious resource: human brain cycles.” They created a new system, reCAPTCHA, that could test for human users with images scanned from books that could not be read by a computer. Humans could decipher these scanned texts and, by entering them in as answers to the test, Project Gutenburg would be able to digitize enormous amounts of text. Since reCAPTCHA was acquired by Google in 2009, thousands of Google Books and nearly the entire archive of the New York Times have been digitized by millions of people who were not aware they were working for the project. In 2012, reCAPTCHA began using photographs of house numbers taken from Google’s Street View project. Last month, the ACLU compiled a report that found that police departments across the US were using automatic license plate scanners to track and retain the movements of millions of Americans. The “automatic” scanners are often able to read and convert the images of license plates into computer-readable text on their own, but reCAPTCHA has also been used to digitize the more difficult images.

Luis von Ahn noticed how many hours people spent playing Windows Solitaire and devised an online game called “ESP” in which two players would be randomly shown a pair of images and asked to guess the word that best described the pair. When both players made the same guess, they would win points. Playing the game also contributed to building a database of labels for graphical search engines. Without even knowing it, millions of people playing an online game were helping to build surveillance databases and were working for free helping improve the ability for computers to search images.

Big gaming companies and other groups are also taking note of the possibilities for “human computation” embedded in games. After researchers at the University of Washington led by David Baker successfully solved the puzzle of an AIDS-causing virus that had stumped scientists for 15 years in only ten days using an online game called Foldit in 2012, the gamification of tedious labor has been a popular concept. In early 2013, the Internet Response League launched a plugin that allows online gamers to help support disaster response operations. In Word of Warcraft, for example, gamers can receive disaster alerts and momentarily interrupt their play to tag images of disaster areas and rank them according to their severity. For the past four years, Ubisoft has been developing a new kind of game called Watch Dogs, set to be released in December 2013. As part of its marketing campaign for Watch Dogs, Ubisoft launched a website called WeareData that gathers and graphs real-world city data from London, Berlin, and Paris. Real-time data, including social network updates, the locations of Wi-Fi hotspots, and feeds from CCTV cameras, is streamed onto the site’s 3D city maps. The actual game will also include these streams and is built to connect with players’ Twitter, Flickr, Instagram, Facebook, and other social media accounts to provide seamless integration of these networks with game play.

Ubisoft’s marketing website and eventual game highlights our visibility online (something we’re already acutely aware of since the revelation of PRISM and other government data surveillance programs), but also suggests an alternative future of surveillance and analysis than the kind popularized by George Orwell’s invention of Big Brother. It may not be long before someone like Luis von Ahn builds systems that rely upon the unwitting assistance of crowds to analyze CCTV feeds looking for criminals or someone like David Baker makes decrypting communications and files a fun game. Future players tagging photos in connected games like Watch Dogs might be helping to identify participants in riots while also collecting data on other players. People posting comments online, taking and tagging pictures for social networks, or simply drawing unlock patterns on their smartphone screens may help sort through the glut of gathered information. The surveillance analysts of the future may not be people wearing clipped on name badges watching hours of Death TV at the Pentagon. The work of watching and reporting may be done by all of us as we go about the everyday routines of digital life or escape for a while with a fun new game.

#imweekly: July 29, 2013

United Kingdom
News reports and online discussions on freedom of expression have been dominated this week by Prime Minister David Cameron’s proposals to require ISP-level anti-pornography filters. Cameron’s motivations for the proposal have been questioned, especially after ISPs disclosed that the filter settings include blocks for many other kinds of online content such as social networking, gambling, file sharing, or sites concerned with drugs, alcohol and tobacco. The UK government’s reliance on the Chinese telecom firm Huawei to maintain the list of blocked  sites and the decision to turn the filter on by default, requiring users to opt-out of filtered access, has prompted strong responses from freedom of expression and privacy advocates. Adding to the controversy, hackers posted pornographic images on the website of Claire Perry, one of the architects of the ISP-level filters. Perry’s response generated more controversy when she accused the blogger who reported the hack as being responsible for the content; critics argue her responses demonstrate a poor understanding of digital technologies.

It’s been a controversial week for the Russian Internet. The country’s recent waves of violence against members of the LGBTQ community have been facilitated by social networks, which vigilantes use to identify and physically locate victims, and by the ability to share bullying videos online. The U.S. has also identified several young Russians behind top U.S. cyber thefts in the last seven years, leading to arrests and extraditions. Finally, the head of the Russian State Duma’s Committee for Family, Women, and Children has proposed modifications to Russia’s existing content rules to block bad language from social networks, websites, and forums. Earlier this year, Russia banned swearing from its media outlets and prohibited countries from making products featuring swear words. Also, today Ilya Segalovich, the co-founder of Russia’s largest search engine Yandex, has died.

Shortly after the UK announced it would be requiring ISPs to filter adult content, the Australian Christian Lobby announced it would be renewing its campaigns to block porn in Australia. In 2008 Australia attempted to pass similar porn-blocking legislation, but lack of popular support killed the proposed plan when the Coalition government refused to vote on the matter. At the same time, Australia’s Parliamentary Inquiry into the higher prices charged by IT companies selling hardware, software, and digital downloads in Australia recommended that the Australian government educate consumers in circumventing the geolocation tools used by IT companies to determine where buyers are located. The Inquiry also required testimony from representatives of Apple, Adobe, and Microsoft as to the reasons for the higher prices, but found these companies could not satisfactorily explain the reason for increasing product prices when sold to people in Australia.

United States
This week, an anonymous web developer claimed that the U.S. government is requiring companies to turn over encryption keys. The U.S. government has so far denied the claims and some companies, like Microsoft and Google, have declined to say whether the government has made any such requests, but indicate they will not comply if asked for server-to-server email encryption keys. Also, an Internet monitoring company released a study which found that Google is responsible for 25% of all Internet traffic in North America, which is more than Facebook, Netflix, and Instagram combined. This is up from 6% of Internet traffic in 2010. Finally, a Texas man was charged this week for creating an operating a Bitcoin Ponzi scheme worth approximately $65 million at today’s exchange rate. The scam involved using money from new investors to make “interest” payments to earlier ones and to cover withdrawals.

#imweekly is a regular round-up of news about Internet content controls and activity around the world. To subscribe via RSS, click here.