Thursday, 16 April 2015

Memes: The Final Frontier of Russian Censorship

The censorship spotlight turned to Russia last week with the announcement that the use of parody accounts, parody websites, and celebrity photos in memes that have “nothing to do with the celebrity’s personality” are illegal. 

Think about it: some of the greatest memes on the internet juxtapose an image of a famous person with a concept that has absolutely no connection whatsoever to that person. 

One can only wonder what caused Russia to take yet another step towards creating a truly repressive state devoid of laughter.

No new law has been passed; rather, media watchdog and censor Roskomnadzor chose to clarify existing law and extend a judge’s recent decision that an obscene meme of singer Valeri Syutkin is in violation of his rights. According to the policy, Roskomnadzor can ask a responsible party to remove a parody account, website, or meme; if the request is ignored, the case will be tried in court. Lurkmore, the Russian site that hosts the controversial Valeri Syutkin meme, currently faces the choice of blocking the meme from Russian-based internet users or having its entire website blocked in Russia.

The policy update is in keeping with the current trajectory of Roskomnadzor, whose recent acts of censorship have included requiring registration and stricter regulations for bloggers with over 3000 daily readers and banning the use of particular swear words in media, in addition to establishing an overall climate of a government willing and able to shut down websites as wanted.

It’s hard not to argue that Russia’s newfound anti-meme stance has gone a step too far. Doesn’t the average person want and deserve to live in a world with Putin on the Ritz?

A small comfort can be found in Roskomnadzor’s response to an outpouring of criticism on VKontakte, a Facebook-esque site in which the policy clarification was first announced. In a post on April 9, the media watchdog clearly stated that the policy is only intended for parodies and memes that are “insulting” and/or in a “negative context”.

Phew. Not every meme has to go. Only the mean ones.

Although the policy update is perhaps not as far reaching as many currently envision it to be, it remains a severe violation of freedom of expression. The message is clear: internet users in Russia are being patrolled and should think carefully about what they choose to post. Regardless of government follow up, the fear instilled by such an environment will cause internet users to self-censor, which is exactly what Roskomnadzor intended with such a policy. And, should the Russian government want to persecute all parody and meme-makers, it has a perfectly vague policy in place to enable it to do so.

Thursday, 9 April 2015


Exactly how does censorship work in Turkey? Like this:

March 31: 2 members of the Revolutionary People’s Liberation Party-Front (DHKP/C) hold Turkish prosecutor Mehmet Selim Kiraz hostage; they post a picture to Twitter of Kiraz at gunpoint.

April 1: The Turkish government prohibits any media organization that shared the hostage photo from covering Kiraz’s funeral.

April 2: The Turkish government launches a criminal investigation of seven Turkish newspapers, accusing the organizations of “spreading terrorist propaganda” by reprinting the hostage photo.

April 6: A Turkish court order bans 166 websites for continuing to share the hostage photo. Hours later, Twitter, Facebook, and YouTube have removed all instances of the photo and are once again fully operational within Turkey. 

April 7: Google remains accessible by responding quickly to Turkey’s request to remove all links to the hostage photo.

But here’s the catch:

In the initial 2 hours of Twitter’s ban, 3 million tweets were posted from within Turkey. 

Turkey is no stranger to government censorship of the internet; as a result, workarounds were in place long before this week’s events. The Hürriyet Daily News reminded citizens to simply use a VPN or change their computer’s domain name settings in order to access the blocked websites. And business continued as usual. 

So, who gets the W—censorship or freedom of expression?

The hostage photo is definitely in the category of Images You Have No Need To See, but its publication is far from an act of terrorism. The Daily Hürriyet defended its use of the image: “Opinions, accusations or sloppy remarks voiced in the heat of incidents become indistinct in time and are ultimately replaced by the verdict of history. When today’s history is written in the future, our current prime minister will be noted as a political personality who punished the media and banned journalists from working during funerals. We just want to do journalism.” Newspapers report the news; individuals respond to the news—for better or worse, the internet was used this past week as intended.

Chairwoman of the Turkish Press Council, Pınar Türenç, aptly responded to the incident by stating, “You cannot close the whole library, just because it includes some banned books. This would be unreasonable and irrational. So it is also meaningless to block access of the Turkish nation to social media networks, which have many benefits to the public, due to some inappropriate content.” The Turkish Constitutional Court agrees with Türenç and declared Monday’s website ban unconstitutional.

Internet giants such as Twitter and Facebook have more recently announced that they would appeal the ban, but only after acquiescing all-too-eagerly to Turkey’s demands on Monday. Maybe they knew the Turkish censorship machine couldn’t be stopped in the short term. Or perhaps they knew they had already won when #TwitterisblockedinTurkey became the tweet heard ‘round the world.

Thursday, 2 April 2015

Hotel Wi-Fi Insecurity: Yet Another Argument in Support of VPNs

Last week, cybersecurity company Cylance revealed CVE-2015-0932, a crippling vulnerability in the Wi-Fi networks of 277 hotels and conference centers worldwide. InnGate, an ANTlabs corporate guest/visitor network device, was found to allow unauthenticated users to read and rewrite system files.

In the words of Cylance Senior Security Researcher Justin W. Clarke, “This vulnerability would provide an attacker the ability to use this InnGate device for anything they want.”

Hackers could infect hotel guests’ computers with malware and read all of their plaintext communication; an industrious hacker could access encrypted communication by exploiting OpenSSL vulnerabilities. 

To exacerbate the threat, several of the compromised hotels had linked their InnGate devices with their Property Management Systems (PMS), giving hackers access to just about everything, including guest reservations, points of sale, HR and payroll, and sales and marketing. WIRED highlighted the severity of this situation by reminding readers that the 2011 assassination of a Hamas official was successful because of a reprogrammed electronic hotel room lock. 

What is most noteworthy, however, is that no one is looking to blame the hotels, ANTlabs, or even hackers for this vulnerability. The hotels—though displayed on a map and said to run the cost gamut—remain anonymous; CVE-2015-0932 itself was discovered in February, but not made public until hotels were informed and a corrective firmware update could be released. Rather than question ANTlabs' credibility, Cylance applauded the vendor's rapid response to CVE-2015-0932. The vulnerability was old news before it could even be news.

CVE-2015-0932 is already a thing of the past and, as such, lives on merely as a reminder. We expect to have access to public Wi-Fi everywhere we go; when we choose to use it carelessly, we cannot blame the hardware, the provider, or the hacker who stole our credit card information. We can only blame ourselves.

We live in a world in which neither government nor business will guarantee internet privacy. According to Business Insider, security experts like Clarke turn to VPN services when on public Wi-Fi. Take matters into your own hands and do the same.

Thursday, 26 March 2015

“C” is for Chinese Censorship

In case there was any confusion, China wants you to know that the Great Firewall of China—the censorship of internet content potentially critical of the government—is alive and well.

In January, VPN users in China suddenly found they could not access the services they relied upon to reach blocked content such as Google, Facebook, and the New York Times. (We know some of you SumRandos are experiencing this pain. We’re working on it.)

By February, real-name registration was announced, requiring social media users to register accounts with their true identities. Although users could still represent themselves online with a pseudonym, any impersonations of others was banned. Think: no pretending to be Xi Jinping.

Which brings us to March.  

Just last week, the Chinese anti-censorship organization GreatFire experienced a distributed denial of service (DDoS) attack, in which an attempt was made to shut down the website by overwhelming its servers with 2.6 billion requests per hour. According to GreatFire co-founder Charlie Smith, “This kind of attack is aggressive and is an exhibition of censorship by brute force. Attackers resort to tactics like this when they are left with no other options.” Although the source of the attack has not been identified, Smith all but named the Cyberspace Administration of China (CAC) as a prime suspect. 

In his blog post immediately prior to the DDoS attack, Smith was boastful in explaining why the Chinese government did not pose a threat to GreatFire: “We believe that the Chinese authorities would not dare block all websites and apps being served by CDNs because they understand the economic implications of this action…Recognizing that the authorities have been hesitant to crackdown on our method of circumvention, we have accelerated our expansion of the development of collateral freedom…”

“Collateral freedom” is GreatFire’s response to Chinese censorship: GreatFire creates mirrors of blocked websites, which are delivered through major content delivery networks (CDNs). The government is given a choice: shut down all websites and apps associated with CDNs that Chinese businesses have come to rely upon (such as Amazon) and watch the economy flounder, or let GreatFire be.

The approach worked well, until last week. If March 17's DDoS attack were orchestrated by the Chinese authorities, it is clear that GreatFire underestimated the government as a worthy opponent in the game of exploiting loopholes. GreatFire survived the attack, but the war is far from over.

So, what’s next for the Chinese censors?*

April 1 brings controversial new banking regulations to China: by this date banks must have an initial plan for sharing all source code with the government and ensuring all encryption complies with Chinese standards. Rather than hand over source code and see their encryption broken or be run out of China altogether, the United States, the European Union, and Japan have been pushing for further discussion for months; the Chinese government, however, has continued with its characteristic steamroll ahead.

The Chinese government has repeatedly described the new banking regulations as necessary for security. In truth, they are a method for the government to continue to monitor content while also protecting domestic business, perhaps at the expense of the economy overall. And a China that puts nationalism ahead of economic prosperity is a dangerous place for Charlie Smith’s GreatFire to be.

*This article has overlooked last week’s man-in-the-middle (MITM) attack on Google, Microsoft and Mozilla. While undoubtedly linked to the China Internet Network Information Center (CNNIC) and, in turn, the CAC, the attack, which issued unauthorized digital certificates, was ultimately in the hands of MCS Holdings, an Egyptian company. Rather than use this incident as an opportunity to point fingers directly at China, we see this as demonstrative of a need for reform of the conditional access system. And that is a topic for another day.

Thursday, 19 March 2015

Online Anonymity is Here to Stay, According to the UK's Parliamentary Office of Science and Technology

The UK Parliament's Palace of Westminster
“There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK.” 

One line says it all when it comes to the findings of a March 9 research briefing published by the UK’s Parliamentary Office of Science and Technology. “The darknet and online anonymity” closely examines the good versus evil of anonymous internet use—the last bastion of personal security or a cybercrime nexus?—and weighed unequivocally on the side of privacy. The study focused on Tor, a system trafficked by 2.5 million users daily that protects the identity of journalists, drug dealers, law enforcement, and individuals alike. 

Throughout the report, researchers’ support of online anonymity came down to practicality:

  • We have the technology needed to secure the data of whistleblowers, journalists, and those with information about the Mafia. We can read the news when our governments choose to censor it and remain unseen to our cyberstalkers. Why wouldn’t we?
  • Online anonymity cuts the middleman out of illegal activity, making us safer and criminals fewer: “It has been argued that online drug markets like Silk Road transfer parts of the drug dealing business from the streets to the internet and may shorten the supply chain from drug producers to consumers. Some say this can reduce the number of drug-related crimes like robbery and shoplifting, and thus lower the social and economic costs of drug misuse." 
  • And finally, try as David Cameron might, we simply cannot undo technological advances: “Computer experts argue that any legislative attempt to preclude THS [Tor Hidden Services, i.e. hidden websites] from being available in the UK over Tor would be technologically infeasible.”

The report concludes with a reminder and perhaps a warning: people want the user-friendly privacy that companies are increasingly striving to provide; if people feel their privacy is threatened, they will turn increasingly to methods of protecting their anonymity, such as Tor and VPNs (as we are currently witnessing in Australia).

Although “The darknet and online anonymity” is a report and not law, parliamentary research briefings such as last week’s tend to be heeded by the powers that be. Let’s hope that this one is heard.