Livebloggers: Sasha, Nathan, Erhardt
Today, we’re joined by Stephan “tomate” Urbach from the activist group & think tank Telecomix, which works to circumvent surveillance, and to promote internet freedom and human rights. During the 2011 uprisings in North Africa, Telecomix activists helped to bypass technologies of censorship and communication-interruption. They currently work to shuttle videos and other information safely out of Syria. Urbach is a Telecomix member, and has acted as their de facto spokesperson. He was a member of the Pirate Party in Germany, and worked for the Berlin Pirate Parliamentary group from 2011 until February 2014.
Vizthink by Willow Brugh
Tomate joined telecomix in 2010, during the uprisings in Egypt and Syria. He worked in parliament for 2 years. He begins with an overview of Telecomix:
Telecomix (read about them here) isn’t a formal organization, it’s a network of activists who convene and disperse as needed. They’ve done this several times over the last few years. In 2006 in Sweden, there was a telecommunications bill, people gathered and formed Telecomix. After the telecom package was stopped in Sweden, they fought the data retention directive across the EU. At this stage, many people joined to do research and activism work. When the Egyptian uprising kicked off, Telecomix was galvanized into action: specifically, when Mubarak shut off the internet. They decided to figure out how to get access to folks in Egypt even in that context. They set up phone lines that people could use for dial up access. They set up around 300 lines for people to connect to the Internet. Weeks after the net went back up, tomate got an email from a young man in Egypt thanking them for providing access to be able to share their thoughts. This is the kind of thing Telecomix loves.
They see censorship, and internet blocking, as a crime.
Some people have asked them whether the regime might have used their lines. That’s possible, but they don’t know that. Back at the time, Telecomix talked about technology as neutral, although today tomate doesn’t believe that anymore. Then Syria happened. They found that internet surveillance in Syria was planned since 1999. They also found that Blue Coat, Siemens, and other companies were involved in providing surveillance technology. When they released this information, Western countries were publicly enraged. Telecomix suggested export controls, but no one was willing to go that far. The US department of commerce did investigate Blue Coat and their affiliates for selling to Syria after the trade embargo. ComputerLink a middleman company was fined $2.8 million by the department of commerce.
Telecomix found that every message, on every network, was monitored, and every phone call was recorded, both mobile and land line. They also found that people went missing after writing posts on SNS. Telecomix was in touch with Syrian activists on the ground. At the time, they felt clear about who was ‘good’ and ‘bad,’ now it is much less clear. They provided secure networks, software, and servers for activists on the ground. They made comms “as secure as possible,” but never promised 100% security: “whoever says this is a jerk,” tomate tells us. Some Anonymous people apparently promised full security, and local activists believed them. That’s a problem. Phone lines were then blocked in Syria. Calls to tomate’s personal number were blocked (listed online), calls to other Telecomix numbers were also blocked. When Telecomix released the Blue Coat files, revealing how it worked, the blockade system became better: Iranian telcos joined the Syrian telcos.
Around this time, Tomate received a call from German intelligence warning him to watch out for Syrian activities in Berlin. They found that the surveillance toolbox was installed in Syria, Egypt, Beirut, and Kazakhstan. But it was not always correctly configured. Telecomix has evidence, although not enough to publish, that Western companies are selling to dictatorships. They think that’s wrong, and want to generate a public outcry.
Throughout this process, Telecomix has learned a lot. Access blocking, traffic monitoring, deep packet inspection, laws that forbid certain kinds of speech on the internet. These are things that dictatorships are known for doing, not “free” countries. They also learned that hacking the backbone in Syria was great and everyone loved it. But if someone from Africa hacks the EU backbone they’re a ‘terrorist.’ So it depends on your point of view.
Telecomix also learned that the surveillance methods used in the West are the same tools dictators use. Everything from everyone is monitored. In Germany, they started to scan mail at the post office: front and back side. Started to scan postcards, and not sure what they’re doing with the scans. In EU, there’s a fight against data retention, and we won, since a court said data retention can’t be performed like that. It’s not a full victory: the court said data retention is OK, just has to be bounded in certain ways. In Europe, public is not ‘public.’ For example, Tomate thinks if he posts on his FB wall, it’s public. But many think that publicity is platform bounded.
Germany has one of the hardest privacy and data laws, the EU is potentially adopting this. It may be good for users, but not so much for companies providing services. For example, when Google did Street View, many houses are blurred based on people saying ‘not mmy house!’ But the same houses are available on Bing, and on other services. So Google now isn’t updating street view Germany, and the images are several years old. So Europeans think about data as ‘mine,’ even when it’s been posted publicly. We have a database of people’s personal information including salary, and we deleted it because of privacy concerns.
Snowden documents revealed that the ‘conspiracy’ of surveillance was actually true. For example, in 1998 we knew that the Echelon program might exist. Hackers knew it existed, but were called conspiracy theorists. Now there’s a public outcry for EU action against the NSA. tomate doesn’t think it makes sense: what should we do? Embargo trade with the USA? There’s an initiative to ban intelligence services from. In Germany this was specificaly because of an national intelligence failure to capture (neo)Nazis.
German intelligence, The exterior intelligence, supports the NSA, then gets internal surveillance on Germany, which they are not allowed to collect domestically. These exchange programs exist all over the world in contravenience with privacy laws. The only proposal they can think of against surveillance is to make it more expensive. The more encryption people use, the more expensive it will be, for example. One idea is to create as much spoof data as possible, such that intelligence agencies will spend all their time processing the spoofs. Another idea is to rebuild networks with new hardware and new protocols that will be less amenable to surveillance.
But as in all places, no one wants to pay for something. If you get paid as an activist, no one will consider you a proper activist, which means that activists have to work for free. If you look at what the NSA, Brits, French, Germans, and everyone else are doing, it’s the same as what the dictatorships are doing. What makes a democracy? People can say they don’t want this surveillance, but the government does not listen. Tomate is focused on the European debate about surveillance, not so much the NSA debates in the US. But he hopes that some day we can ban intelligence surveillance in democracies.
Slides: http://files.herrurbach.de/doc/framing.pdf
Q&A
Ethan: Tell us about how Telecomix thinks of itself differently than other organizations in the space. During the blackout in Tahrir Square, lots of organizations got involved like Tactical Tech, also based in Berlin. Telecomix has always had a certain amount of secrecy around it. How did this come about and how does Telecomix see itself fitting amongst other organizations in the space?
tomate: Telecomix does not see itself fitting into anything. This is important. It is a space for exploring things. At the point, people can join Telecomix. The aura of secrecy is wrong; it’s one of the most open/transparent groups I’ve worked with. The problem is that many journalists struggle to understand Telecomix—they group us in with Anonymous, which is wrong. They builders and rebuilders, rather than attackers—they don’t take sites down using DDOS. One characterizing is the Yin to Anonymous’ Yang. We also do a lot of theoretical work in the space, differing us from other activist organizations. We are also not people that work in public wearing masks. We do try to secure our members who are not in a position to go into the public because of the work they do, and others take the role of the public face of the organization.
Sasha: How do you make decisions as an organization? Like who represents the organization to the public?
Tomate: We do not use formal consensus-building processes because they don’t work. We run an IRC do-ocracy. Admins do have too much power.
Willow: Can you tell us about Cameron?
Tomate: We have a bot named Cameron. We can ask her questions and get responses. We sometimes make her the public face for interviews, including a few that were published in Swedish newspapers. They asked for a photo and we sent a picture of the old mac that she was running on. She is crypto-sleep because we forgot the password to the harddisk. But now we have no one to ask what we should do. She was a symbol for us for a long time.
Cameron Kerry :http://en.m.wikipedia.org/wiki/Cameron_Kerry (former General Counsel, US Dept f Commerce) I was encouraged by the data of a “Data Schengen” but over a month ago, the EU parliament voted that the European Commission should come up with a protocol for keeping EU data within national borders? How do you change that strong sentiment?
Tomate: Currently, Deutsche Telecom markets itself as keeping your data in Germany, which is false, it doesn’t. The idea of keeping the data national is nice, but it doesn’t solve the problem anyway. The privacy activists in Germany and Europe believe that if a law says something like this then it works, but that’s not right. They always ask the state to handle it, but they can’t. We are working on new protocols and projects ourselves to handle privacy. We rely on infrastructure form the 70s and we can’t rely on it much longer. We hear in Europe that the US created the internet and they can control it.
Ethan: In response to surveillance people are looking for many paths. But HTTPS (Heartbleed) was broken for years, and it was open source code. Tell me why you are optimistic that we are going to solve this problem with better network design.
Tomate: People in Germany are being paid to do open source code audits. They are funded through donations right now to work on this issue. We need to do more audits and pay people to do them, multiple audits for software are needed.
Sasha:
Tomate: We need export controls on technology that can be used as a weapon. We also need to rebuild our networks with the state. But these are two different things, building the network and sending out products to dangerous people.
Ethan: Who would you want to enforce those export controls? I think the export sanctions push is a really messy one. We’ve seen a lot of cases for export controls are taking really useful tools out of people’s hands.
Tomate: I don’t have solution for that question. For instance, my country is selling tanks to dictators. So I wouldn’t trust them to sell any hardware to countries.
Eleanor: The only reason we have strong crypto is because we regulate code as speech and thus it can’t be sanctioned under export controls. The only way we got PGP out there was a loophole in ITAR rules using a free speech definition. I would rather use a limited liability laws rather than export controls.
Sands: Is there a lot of discussion at Telecomix about mesh networks for activists?
Tomate: As I said, Telecomix is not really active right now. I live in Berlin, which is the main city for mesh networks. There are discussions for how to activate local networks and then bring them online later.
Dalia: I think the public is missing in this discussion. What I’m not hearing is how we can have people change things. I’m hearing that it’s happening in IRC channels. But many people aren’t adopting the necessary technology or talking about it.
Tomate: In Europe, we have many crypto parties currently. It’s amazing how many people are coming. People get the tool as well as the explanation for why we need to do this right now. We show them how they affected by the surveillance. It helps that we now have the evidence of this, so people are listening.
Yu: After hearing about the decision-making process, how do you manage your brand?
Tomate: Don’t break anything. If you break down communications it is not a Telecomix thing. We don’t try to manage it, but we explain what we do to new people in the IRC channel, explain it is we try to do, the same we respond to the media. Anyone can use the logo, and people do, but it hasn’t failed yet.