Jam Echelon Day, Redux

(Or, how to remind anyone snooping your email of your fourth amendment rights)

So clearly we have a situation here where we failed to learn from the past. Fourteen years ago (Exactly in a few days - Oct 21!), we were protesting ECHELON, which was (is) a "worldwide computer spy network [that] reportedly scans all email, packet traffic, telephone conversations, and more in an effort to ferret out potential terrorist or enemy communications. Once a communication is plucked from the electronic cloud, certain keywords allegedly trigger a recording of the conversation or email in question."

In response (along with a short burst in activity around people trying to figure out how to use PGP), hackers added amusing bonus keywords in the parts of emails that humans rarely see (where junk like the path the email took, listserv details, and so on goes) - many, including myself, added the 4th Amendment to the US Constitution, as well as participating in "Jam Echelon day," when everyone added what we presumed at the time were these mythical "trigger words:"


As an aside: maannnnnn, do you remember the 90s? Was that an unpleasant walk down memory lane or what?

Anyhow, this amusing idea that this would work for more than a few minutes just doesn't seem to die, and someone's trying it with a new "security" tool called ScareMail that "takes keywords from an extensive US Department of Homeland Security list used to troll social media websites and utilizes them “to disrupt the NSA’s surveillance efforts by making NSA search results useless.” "

While that's ... well, whatever. It's a nice thought, right? Probably not very useful overall. Anyhow, it gives me a small boost of civic pride to tweak my email settings and put the fourth amendment text back in to almost every email I send out. This requires an actual email client (Thunderbird works nicely), and some configuration hacking:

  • Go to Edit → Preferences → Advanced → General → Config editor
  • Right click, new, "string"
  • For 'Enter the preference name' use "mail.identity.id1.header.header1"
  • For the string, add "X-Fourth-Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
  • If you have multiple mail accounts, you'll have to do this for each one, using id2, id3, etc. and header2, header3, etc.
  • Restart thunderbird, make sure you didn't break anything. For more details, peek at http://kb.mozillazine.org/Custom_headers

Commercial OLPC Sales‽ Five years late, but great!

I'm glad that OLPC has finally released what was originally put out as the vapourware-ish XO-3 concept three and a half years back. At the end of the day, though, that's "just" a change in technology (though a huge shift in hardware and underlying software!).

What I'm actually very excited about is commercial sales. This is something I've been arguing in favor of for only around five years or so:

The bottom-of-they-pyramid microfinance approach doesn't even have to drop the education focus. While the returns on education are much to slow to repay loans effectively in most cases, grant programs or other implementations could focus on child usage. For example; the XO could be on sale for anyone; but only young entrepreneurs could qualify for the micro-loans, and they'd have to provide some explanation of how this would fit into their learning. Schools or education-oriented civil groups could to buy on credit in bulk, provided they could support both an educational aspect and a profit-making aspect. Grants could be available to even younger children participating in educational programs, skimming profits off of the loan system and successful entrepreneurs in a new G1G1 style program.

Stop doing Technology for Good So Badly.

I've been reflecting on some of the challenges I've faced across multiple organizations trying to leverage the power of technology to create positive social change. This reaches way back to my work as a Peace Corps volunteer, up through grad school, my time as a contributing editor at OLPCNews, and through multiple NGOs balancing tech, impact, and budgets.

Obviously, there's no definite one-size-fits all approach to implementing technology in any sector, much less the world of the international NGO that stretches from hip online platforms to how to best use dusty Nokia feature-phones.

Here are the principles I've come up with to date. I took these to Twitter in a lively discussion, and want to expound upon them a bit more:

  1. Build for sustainability. Minimize what you have to build yourself, and leverage existing platforms

    This means giving strong preferences to open source platforms or at least existing services that meet a set of criteria (their service meets your needs, you own your data, shared values, track record...) For any service, someone, somewhere has already built a powerful framework that will be constantly updated and improved, and bakes in thousands of features (security, translation, powerful content management, mobile interfaces, etc.) which will be effortless to turn on when you discover you need them. Focus your precious software development budget on the much smaller number of things that are custom to your work and don't exist. This greatly reduces the initial dev costs as well as ongoing maintenance costs.

  2. Seriously, don't build it yourself.

Cyber-Security and ICT4D: Notes from the Info Security Tech Salon

Cross-posted at the Tech Salon site: http://technologysalon.org/2013/04/why-information-security-matters.html

First off, please thank the Internets for creating this site, which can serve as a guide on when you should use the prexif cyber: http://willusingtheprefixcybermakemelooklikeanidiot.com

The tech salon on security and privacy was a predictably raucous debate on finding a sane balance between using 30-character passwords with symbols, numbers, and mixed-case letters that must be changed every month for your timesheet systems ... and taking basic security measures to protect super-private data. How and where do we build in information security in ICT4D? When is it unwarranted, and when is it irresponsible to not address it?

There are the obvious cases, ones with a clear adversary -- be it a repressive government or a group working aggressively against your goals. When you have this clarity, there is an awareness of the need for information and communication security, and

The problem is when there is no clear adversary - when no one actively hates your work. In ICT4D, we normally see this as a good thing, but it means that building in security becomes one more extra, annoying and costly piece of your overhead costs, defending against an unspecified threat - and it often gets dropped.

On Pragmatism and the OLPC

has a hands-on photoshoot with the revolutionary XO-4 convertible tablet/laptop.  It has an infrared touchscreen, has refocused its interface to run on top of a standard Linux distribution instead of a customized and tweaked version, and... um... it looks rather familiar. I mean to say, it's almost indistinguishable from the XO-1.  

And that's a very good thing.  What has happened to the OLPC program is, in many ways, what I'd hoped they'd intentionally choose as a path forward-  thoughtful and efficient development focused on impact over glitz, using existing projects and tools where available, and not re-inventing things that weren't broken, but using incremental improvements.  Of course, that approach doesn't catch headlines as well, but it does work.


The Anti-Halo Effect


Create pro-consumer mobile technology and open up a new market of multi-platform and platform-agnostic users who want the best devices.

The Washington Post ran a great article on the increasing problems of vendor lock-in with tablets and mobile devices. In simple language it boils down the problem around why buying an app for one device doesn't give you access to that app anywhere else; if you switch from an iPhone to an Android phone, you'll have to re-buy your apps, and your iTunes content. This partially is lock-in, but there's also a halo-effect - you can transfer an app from on iPhone to a new iPhone, or content from your desktop iTunes to your iWhatever - and the more devices from the same vendor, the better the system works.

But this is a horrible direction to take, and why I rarely buy apps or content from locked-down stores like iTunes. My desktop computer runs Ubuntu Linux, my tablet Android, and my phone is an iPhone. The media server for our house is a Mac Mini, and I finally retired my hold-out Windows computer last year. I refuse to buy music that I can only listen to on one of those myriad devices any more than I'd buy a CD that only plays in my car, but not in my home, or food that I could eat in the kitchen, but not in the dining room or on a picnic.

By and large, I'm a good target demographic - some discretionary income, a gadget afficionado, and generally plugged in to fun new technologies, but my market is rarely well served.


Scaling Social Entrepreneurship, New Economics, and more!

Here are the video links for my presentations from Campus Party Europe:

GeekEconomy with Don Tapscott (Author, Speaker and Advisor on Media, Technology and Innovation) and Simon Hampton (Director Public Policy EU, Google)


Scaling Social Innovations

My slides and notes here: joncamfield.com/blog/2012/08/scaling_social_innovation


Choice is the Challenge - Mobiles for Data

Read my write-up from the Mobiles for Data Collection Technology Salon:

You might think that the topic of collecting data via mobile devices would be a rather dry discussion of data management and statistical methodology. You would be very, very wrong. The Technology Salon all but came to blows as we wrestled with privacy issues, total costs of ownership, and other elephants in the room.

When you combine some of the brightest mobile-for-development minds from projects stretching from agriculture to health to democracy, all of whom are facing increasingly common problems, perhaps that's to be expected. Stories were shared around the basic challenges of data collection, picking the system to use, and the complications of different sectors.

Read more:  Mobiles for Data Collection Technology Salon


Of Code, Free Speech, and Weapons

Quick quiz.  Which of these should not be protected as free speech?

[ ] A gun (you know, the kind you can hold and shoot)

[ ] Plans for a nuclear weapon

[ ] Political statements (lots and lots of them)

[ ] Detailed instructions on how to communicate privately

[ ] Detailed instructions on how to make an archival, digital copy of a DVD

The answer is either none or all of the above - we are in a world where free speech (in the form of computer code) can create real world objects and actions that are themselves regulated or outright illegal.  But if the action is illegal, is the code that causes it also illegal?  If so, the line gets very blurry very quickly.  If not, we still have some fascinating problems to deal with, like printable guns.  Regardless, we need to educate policy makers to understand this digital frontier and be prepared to defend free speech when this gets unpleasant.  Spoiler: It's already unpleasant.  Our world is defined by code, where programmed actions have very real, tangible effects.

Code of Protest

Civil disobedience can take some weird forms. While today masked digital vigilantes of Anonymous act as a curious type of Internet immune system; reacting against gross infringements of cyber liberty, their methods are not as new as you might think.  In the late 90s, the Electronic Disturbance Theater (http://en.wikipedia.org/wiki/Electronic_Disturbance_Theater) was supporting the Zapatistas by flooding Mexican government sites with a rudimentary DDoS (Distributed Denial of Service) attack, which brings a webserver down by overloading it.  This concept is at the heart of LOIC, Anonymous's "Low Orbit Ion Cannon" (http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon).  EDT's version, "Floodnet," had the nice touch of requesting webpages with names like "human rights" from the government sites, resulting in errors clogging up the server reading something like "404 - human rights not found."  Asking for a webpage is pretty clearly something akin to shouting at a rally, or a "cyber sit-in" (http://angelingo.usc.edu/index.php/politics/cyber-sit-ins-grassroots-to-gigabytes/) - get enough people to do it, and it causes some level of annoyance - but it's still an act of speech.

Free speech and a dead-end for copy controls

More compelling is the story of decss. CSS, an acronym now known as a web design tool, also means Content Scramble System, and is how DVD content is locked down. Only authorized hardware and software can decrypt a DVD and play it. This theoretically prevents wanton piracy, but it also prevents you from exercising your rights of fair use, backing up, or watching on a device of your choosing.

Fortunately, CSS was not particularly well crafted, and was quickly and thoroughly broken with a chunk of code nicknamed decss by a Norwegian teenager nicknamed "DVD Jon".  This caused a slight bit of controversy.  DVD Jon was accused of theft in Norway, and users in the States were threatened with fines and jailtime for re-distributing it under the DMCA law.

In a predictable story arc, the next chapter of this story is of course the Internet digerati of the day getting royally teed off and causing a ruckus. The  source code of decss was immediately turned into graphic art, secretly embedded in photos, turned into poems, and even a song (http://www.youtube.com/watch?v=GekuuNqAiQg) - a gallery of creative works using or containing the decss code remains online: http://www.cs.cmu.edu/~dst/DeCSS/Gallery/ .  DVD Jon won his case (http://news.bbc.co.uk/2/hi/technology/3341211.stm) and we all celebrated the somewhat obvious win for free speech and consumer power.

Private speech and munitions export controls

We can rewind even further back to the early 90s, when Phillip Zimmerman published the entire source code of his powerful encryption tool, PGP, in a book (of the paper, box-shaped physical object type).  Now, encryption this powerful was classified (until 1996) as a "munition" and subject to export controls with the types of penalties you might expect for selling military equipment on the black market.  Had PGP been released as a program, it would obviously fall into this categorization.  As text in a book, however, it appeared to be protected as free speech.  The stupidity of the distinction of course also spurred many to make t-shirts and code snippets of this "illegal" code.  Eventually, a series of court cases (Bernstein v. United States, Junger v. Daley) establishing that source code, indeed, counts as free speech.

Free speech and real munitions

Fast forward back to today, and the distinction between code and munitions is again somewhat unclear - with 3D printers, you can even begin building core pieces or real munitions - like, well, guns (http://www.wired.com/dangerroom/2012/08/3d-weapons/), based on digital blueprints and DIY-enthusiast at-home 3D printing kits.  For anyone who doubts that print-at-home guns couldn't possibly be thought of as pure expressions of free speech, covered by copyright laws and software licensing more than gun laws, I recommend browsing through this video and transcript; (http://hardware.slashdot.org/story/12/09/04/1837209/should-we-print-guns-cody-r-wilson-says-yes-video#media)with the clear excitement around innovation and failure-as-a-feature in the gun printing market by Cody Wilson of Defense Distributed.

Code is speech, code is reality.

The kicker here remains that code - that mysterious language that creates everything from Skype (now illegal to use in Ethiopia, with up to 15 years of jailtime) to your bank's software to this webpage - is also, at its core, just ideas and language.  Now, disruptive ideas have always been a bit dangerous, and we have a long, if rarely permanently successful history of ways to limit, erase and squelch them.  But ideas that themselves are actions are another thing altogether.

In linguistics, you have the concept of "Illocutionary Acts" - acts which are embodied in language.  There aren't many - no matter how I say that I'm going to go for an after-work run, the act of running can only be done by my whole body.  Oaths are the best example of these acts - speaking the oath is making the oath, and that combination of idea and action is a powerful sentiment.

And every line of code can be just as powerful.