Q&A: Worldwide surveillance and filtering

[Eugen Leitl]

http://www.net-security.org/article.php?id=1314

Q&A: Worldwide surveillance and filtering

by Mirko Zorz - Tuesday, 6 October 2009.

The aim of the OpenNet Initiative is to investigate, expose and analyze
Internet filtering and surveillance practices in a credible and non-partisan
fashion.

Rafal Rohozinski is a founder and principal investigator of the Information
Warfare Monitor and the OpenNet Initiative, where he directs a network of
field-based staff in Asia, the CIS and Middle East. Rafal has 18 years of
field-based experience working in an operational and advisory capacity in 37
countries. In 2005-2006, Rafal served as an embedded Chief Technical Advisor
to the Palestinian Authority.

In this interview, Rafal discusses international surveillance and filtering
issues.

Based on what criteria does the OpenNet Initiative select a country to
analyze? What does the process look like?

We were among the first to document the emergence of censorship patterns.
This began with a series of experiments carried out in 2002 at The Citizen
Lab (University of Toronto) and Harvard which probed the Chinese and Saudi
Arabia firewall systems. That work evolved into the OpenNet initiative.

Over the years we've developed a sophisticated and robust testing protocol
that fuses data that we generate through technical testing and information we
gather from our partners around the world. We currently have a networks of
partners in over 95 countries. Basically, the process of determining where to
test is quite simple and straightforward. We learn about Internet censorship
either by monitoring official government declarations (that they intend to
censor), such as in Saudi Arabia, China, Burma and elsewhere.

Alternatively, we pick up reports from our network of partners and or others,
including human rights groups, reporters sometimes even ordinary citizens who
complain that certain content or services are no longer available. We have
developed a number of deployable software tools which allow us to verify
whether or not censorship is taking place. These tools are quite accurate,
and often will tell us not just if blocking this occurred, but how it is
occurring and at what segment of the Internet.

We generally test across several ISPs in one country, which then allows us to
determine whether there is a consistency in censorship behavior, and whether
the process is centralized, or decentralize to each individual ISP. In some
countries, we've now found that governments prefer to use offensive means to
silence websites rather than resorting to filtering. But this we mean denial
of service attacks, the use of $.50 brigades to overwhelm websites with
comments and messages, are sometimes just simply disconnecting the resource
by tampering with the DNS or physically pulling its connection (if it happens
to be located within the state's jurisdiction). In these cases, we generally
engage in more in-depth investigations to understand exactly how these
activities are sanctioned, and who carries them out. In some cases this
involves sending researchers to work in these countries for an extended
period of time.

How can you be certain that the information you're using as the basis for
your research is indeed correct and complete? From what kind of sources do
you obtain the information?

We use two separate lists of URLs and Internet resources in our testing
process: The global list which is run in all countries in which we test i
used as a means of determining whether blocking takes place, and what
categories of content are included. It is also highly useful as a way of
determining whether a country is using a commercial censorship product, as
these usually employ standardized lists were certain URLs will always be
blocked. In some cases, the global list has allowed us to fingerprint the
exact product being used.


The second list we use is called a local list and it contains URLs of sites
and Internet resources that allegedly are blocked in the country. We
supplement this list with other URLs which we obtain from other sources,
sometimes people within the governments who are involved in censorship
itself. We also do a lot of research to identify sites that could potentially
be blocked, and may not be available within the country and therefore not
noticed by our in-country partners. In general, we strive to be as
comprehensive as possible but of course we can't say that we catch 100% of
all blocked content. Rather I'd characterize our tests as being highly
representative of the kind of content that is being blocked.

What are the countries with the most Internet censorship and which ones leave
their communication channels open?

There is no black and white characterization anymore. In fact, in recent
years we have seen a move towards Internet regulation in just about every
country under observation. The difference between censorship and regulation
is a narrow one, and usually defined by the degree to which the activity is
regulated by law, and the recourse that citizens have in being able to
challenge content which is subject to censorship.

In countries like China, Vietnam, and Burma, there is very little recourse
for citizens to appeal content which is being deemed unacceptable. In
Uzbekistan the actual censor lists are considered secret and the practice of
censorship is denied by the government (even though content is censored quite
heavily). North America and Europe are still very much open, however, even
their we've seen the rise of content controls, and more seem ready to be put
in place in the coming years. Banning some content, such as child pornography
is of course legitimate. Other types of content, such as "terrorist content",
is problematic as there is no proper legal definition and the term is open to
broad interpretation. The trouble with content control is that once you start
regulating you set a precedent that is difficult to stop.

One of the more interesting things we've observed in recent years has been
the emergence of "third-generation controls". This form of content control
stops short of censorship, but rather sees the state (and pro-state groups)
engage in active information warfare against their opponents. They use denial
of service attacks, and other techniques in order to silence opposition. This
approach is interesting, as it allows the state to claim that it is not
censoring groups, but the effect is the same. Of course, there is no legal
recourse to challenge these practices.


How do the United States compare to Europe in regards to surveillance and
filtering?

Certainly there seems to be more momentum these days towards regulation in
Europe. This is prompted by concerns over child welfare and exploitation, and
also the perceived danger from radical militant groups. Europe also tends to
be more of a surveillance society, particularly the UK. In the US, censorship
is more difficult to implement if for no other reason than the court systems
offer greater protections for freedom of speech. However, in both places
surveillance is on the rise particularly as law-enforcement agencies become
more adept to working in the cyber domain. There is also a lot of public
pressure to enact laws and measures that will help you deal with what is seen
as a rising tide of cybercrime. The cyber security agenda may lead to a new
tighter content controls, and greater surveillance all around.

We've actually taken steps to engage in the cyber security agenda by creating
a company that will provide tools and the device to this community (initially
in Canada, as that is where the Citizen Lab and SecDev are currently
domiciled). We realize that we can't simply be bystanders to this process. If
we believe that openness really is a better path, then we have to make sure
that we address the legitimate concerns of policy makers and law enforcement
agencies by providing them with tools that are relevant to policing in the
cyber domain without necessarily resorting to tactics that potentially lead
to abuse - first and foremost censorship and unnecessary surveillance.

What advice would you give to Internet users that live in a country that
employs strong filtering?

If it is a democratic country where there is still recourse for citizens to
challenge public policy, then I would urge them to organize with others to
demand transparency over the process by which content is deemed unacceptable,
and ensure that it remains open and publicly accountable. For those living in
authoritarian country where these possibilities do not exist, the calculus
becomes more difficult, and really one of individual choice. While it is easy
for me to preach the virtues of an open Internet from Canada, it's another
thing to live in a country where the activity itself may lead to dire
consequences, including jail or worse. For most people, that risk may be
unacceptable. However, for those for whom the principle of freedom of
information is something they are willing to take risks for, there are plenty
of good solutions such as Psiphon that will give them access to the Internet
while minimizing the risk.