Blockchain versus pipeline: uncensorable protest against fossil fuel development

This photo is embedded in the Mazacoin blockchain at http://bitfossil.com/1d312a7f9f067f393715bccdd7f9a9413622d0017b32361f14f844d23beb71a4/927.png and it’s not going anywhere. Image Creative Commons Non-Commercial Share-Alike © Unicorn Riot.

Payu Harris is the kind of person who’s not afraid to stare down a bulldozer. For months, he’s been living in a camp blocking the planned route of the Dakota Access pipeline. Payu traces his lineage to the Northern Cheyenne tribe, and he is committed to preventing oil companies from trampling the Native American burial grounds that lie on the pipeline route. He’s a leader in the protest camp with a formal title that means “warrior” and — he loves shattering stereotypes —the founder of a blockchain-based cryptocurrency.

Payu came to DC last week to lobby against the pipeline. While he was staying at my home — the Love & Solidarity Collective — he showed me videos of police and private security forces trying to force protestors off the pipeline route.

Payu Harris (image from his Twitter)

During at least one encounter, Payu says that police selectively arrested journalists and videographers — a favorite tactic for law enforcement trying to shield themselves from accountability. Anticipating more attempts at censorship, Payu began embedding photos from the protest in the blockchain that runs his cryptocurrency. Now woven forever into the blockchain, they are publicly visible and cryptographically protected against tampering by governments, security contractors, or anyone really. (You can see more of the photos by querying for “Standing Rock” on bitfossil.com, a search engine that indexes blockchains.)

This is not the application that people first think of when they hear the word “blockchain.” But maybe it should be.


If you’re not familiar with blockchains, you can think of them as a system for making information ubiquitous and permanent by spreading it out across many, many computers that all work together to keep it safe and available. This stands in stark contrast to the current standard method for storing information on the Internet, in which privately owned servers maintain a master copy of information and send it to other computers upon request. Trying to censor a traditional server is comparatively easy because the information comes from a single point. Trying to censor a blockchain is like trying to kill a thousand (or million) headed hydra — it’s not actually impossible but it’s generally prohibitively difficult. Even if an attacker removes or compromises many of the computers that are participating in the blockchain, the rest will keep the information intact and available.

The human race is still figuring out what exactly to do with blockchains. So far, most of the hype around them has centered on financial applications (i.e. Bitcoin or private blockchains run by banks). There’s a market incentive for the financial industry to incorporate Blockchains, because it spends heaps of money trying to secure digital transactions using existing technologies that are inherently less secure. But beyond finance, political and activist uses of blockchains already exist and deserve more attention. Like cryptography in the 80s or the non-military Internet in the 90s, the blockchain is a new technology with unexplored potential to radically level inequalities in access to information and freedom of speech.

This photo is embedded in the Mazacoin blockchain at http://bitfossil.com/5f1a91e9c6b97e6c3dc64385b3c5615c74fe3f0554269a143ee262122c4e206e/CrtrnP7UMAApy5M.jpg. Image Creative Commons Non-Commercial Share-Alike © Unicorn Riot.

Payu says that this is the first time he knows of someone embedding protest photos in a blockchain. After spending some time on Google, I can’t find any others. I don’t think this will be true for long; it’s easy to see how Payu’s technique would be even more impactful in a country without checks against government censorship.

I hope that activists facing censorship-happy governments are quick to get their hands on blockchain-undergirded publishing platforms and communication apps. At this point, there isn’t a simple way for non-techies to add photos to a blockchain, though services like CryptoGraffiti that allow you to do it if you know how to buy Bitcoin. Someone has already used the Bitcoin blockchain to save leaked files exposed by WikiLeaks.

If you’re looking to add a protest photo indelibly, but don’t have the skills to embed it in a Blockchain, you can use ipfs.pics. The Interplanetary File System (IPFS) is not a blockchain, but it is similar in that it is a distributed file system that spreads data through countless computers around the world, so that it is very hard to remove.


Payu’s use of a blockchain to store protest photos is refreshing because of its novel blending of technology with radical activism. But it’s not the only project trying to use blockchains directly for social justice. Noncomprehensively, there are proposals and projects to use blockchains for: monitoring supply chains to stop labor and environmental abuses; stopping corrupt middlemen from siphoning off aid money for the poor; and creating untamperable election systems.

For his part, Payu plans to use the Mazacoin blockchain to help Native Americans build sovereignty and independence from the federal government. He hopes that having their own currency will empower the reservations to make economic decisions that work for them, and he also has other blockchain-based infrastructure planned, including an already-working ID system. It seems he’s already gotten some traction among Native Americans, but he says he has a long way to go in convincing people to use Mazacoin.
At the end of our conversation, I asked Payu how he would feel if Mazacoin was so successful among Native Americans that other people started using it and it lost its role as an indigenous-only currency. “I wouldn’t have a problem with it” he said. “It would demonstrate that it’s a serious project.”

If protecting encryption is important, then so is fighting DRM and keeping it out of Web standards

 

With law enforcement calling for a ban on strong encryption, activists are working to communicate to the public why crypto is more than just a technical issue — defending it is a matter of personal privacy and political freedom. But weakened encryption isn’t the only threat that computer users are facing from irresponsible institutions. The DRM (Digital Restrictions Management) lobby is gunning for a change to the Web’s technical standards, which would do damage to our privacy and freedom as well.

DRM is software that runs on your devices and polices your behavior. It’s what stops you from copying streaming Netflix videos and Spotify songs onto your hard drive, prevents you from using some programs without an Internet connection, and blocks you from moving books between ereaders.

Its owners claim DRM is necessary to “protect creators” by stopping unauthorized copying. While this sounds very virtuous, it’s not usually true. The precise motivations vary, but the goal of DRM is usually either removing functionality and selling it back piecemeal, or preventing competitors from making interoperable products.

DRM has a natural expansionist tendency — some users always try to escape it by moving to other platforms, and if it does not keep up by colonizing those platforms, it loses its influence. Since the dawn of DRM, a cohort of media and technology companies have mounted a relentless legal and technical campaign to expand its control by integrating it more deeply into all corners of the digital world.

Recently, Netflix, Apple, Google, and Microsoft have crafted a new universal DRM system for the Web, and are trying to get it ratified by the the World Wide Web Consortium, which sets official Web standards. For many of the same reasons that we need to protect strong encryption, we also need to stop this power grab by those that profit from Digital Restrictions Management.

 

oi000090

 

The DRM lobby is currently pushing for a major political victory to legitimize its controversial technology. Netflix, Apple, Google, and Microsoft have crafted a new universal DRM system for the Web, and are trying to get it ratified by the the World Wide Web Consortium, which sets official Web standards. The proposal is called Encrypted Media Extensions, or EME. You might be wondering — if encryption is good and DRM is bad, then why is the DRM proposal called Encrypted Media Extensions? DRM and encryption have an ironic and counterintuitive relationship: DRM systems often use their own internal encryption to harden themselves against users who try to break the digital shackles. Sometimes DRM proponents refer to it simply as encryption to give it legitimacy.

As eminent technologists and activists have noted (e.g. Joi Ito, Richard Stallman, Cory Doctorow, Bruce Schneier, and scores of other security researchers), digital restrictions in Web standards would make the DRM problem worse for the public. It would make it easier and cheaper to implement DRM on the Web and set another precedent of giving the DRM lobby free reign over our technical infrastructure. Though they are woven from some of the same digital cloth, DRM and encryption are diametrically opposed in their social impact. For at least two of the same reasons that we need to protect strong encryption, we also need to eliminate DRM:

Popular control versus centralized control

As unchecked government surveillance, politically-motivated Internet shutdowns, and Web censorship teach us, laws and infrastructure that require the public to cede control of our computers to powerful institutions can easily become risks to democracy. As such, they should bear a high burden of proof to society.

Weakened encryption weakens our control of our computers, by allowing an entry point for others to meddle with our digital lives. DRM also weakens our control, by encumbering our devices with code that treats us as adversaries. DRM is impossible to implement effectively with free software, so any system that requires it also effectively locks out users that are committed to protecting their own digital sovereignty. Perhaps worst of all, the continued legal and political acceptance of DRM legitimates the idea that media owner’s business models trump the will of the general public. DRM does not — and weakened encryption does not — have real, fairly distributed social benefits to bear that burden of proof.

Security and privacy

Encryption is an essential pillar in computer security, which is one of the reasons that such diverse groups are united against government attempts to weaken it. Like weakened encryption, DRM is bad for security.

Sometimes a DRM’s owner actually commands it spy on users or install malware on their computers. Sometimes third parties slip through the hole DRM has punched in users’ security for their own ends. The last case of either that was widely covered in the media was the 2005 Sony rootkit scandal — when users were mistreated in both aforemention ways — but computer security experts assert that DRM continues to be a real threat.

Fearful of public scrutiny, the DRM lobby has passed laws (the Digital Millenium Copyright Act in the US, followed by similar laws and treaties in many countries) to muzzle security researchers seeking to expose and fix vulnerabilities in DRM. This means that the best system we have for protecting users from insecure programs — independent expert review — is outlawed for a broad class of widely-used software.

Fight back

If you feel that strong encryption is important, I hope I’ve convinced you that resisting DRM is too. DRM-using companies are pushing to expand and elevate its role in the Web. In my role as campaigns manager at the Free Software Foundation, I’m working to put as much pressure as possible on the W3C to reject the universal DRM system for the Web. You can take action by signing our petition and adding a protest selfie (a Web-native medium of expression) to the growing gallery.

Today’s wonky technical issues are the next generation’s foundational political and security concerns. Right now, just under half the world’s population uses the Web. That number will only continue to grow, and the way we build Web infrastructure now will ripple into the political realities of the future. Each computer user stands to benefit from the power of encryption and be disempowered by DRM.

There is a blooming global consciousness of the need for secure and user-controlled technology, and DRM is not a part of that picture. Resist DRM with us, and demand a Web that puts users first.

More about the campaign against DRM in Web standards

This is a rewrite of the earlier post “If iPhones should have strong encryption, then the Web should not include DRM.”

Thoughts on GNU/kWindows — GNU programs running natively on top of the Windows kernel

Currently, it appears that Windows’ accommodation of Ubuntu binaries will be a positive development, allowing more people to use more free software more of the time. From a technical perspective, it is also testament our success building tools that even users of other operating systems find indispensable. We are still reviewing the technical details to develop a complete analysis of the situation.

Microsoft’s apparent moves to work productively with free software are not the result of magnanimity by Microsoft, but rather years of advocacy, movement-building and quality development by the free software movement. We’ve pushed Microsoft a long way from the bad old days of the early 2000s when the company used negative advertising campaigns to spread fear and doubt about GNU/Linux and free software technologies, in an effort to quash a better paradigm that they found threatening.

Free Software Alone isn’t Enough — audio interview with NetPosi

My friend Drew Wilson interviewed me about free software and why it matters politically, for his Netposi podcast about activism and technology. Check out the other interviews as well — they represent a variety of well-informed perspectives.

If you prefer reading over listening, see Drew’s transcript on Medium.

Me on TV :^)

I got to appear on Al Jazeera’s The Stream to talk about the Internet of Things, on behalf of the Free Software Foundation.

Privacy — who needs it?

This was originally posted on the blog of the Library Freedom Project.

The benefits of online privacy can seem intangible. So what if someone on the Internet knows what someone else is doing on the Internet? But for many people (potentially including you or people you know), privacy tools are a shield from very real and immediate threats. Let’s meet seven of them:

  • A teenager in an oppressive family that wants to read queer literature
  • A young woman that is secretly pregnant, looking for health information
  • A domestic violence victim searching for a hotline to get help

The threat: bigoted or abusive family members

Some privacy tools that would help: HTTPS Web encryption, strong passwords, VPN or Tor Browser.

In this case, the potential snooper is a closed-minded relative or partner using a software tool to monitor the protagonist’s Internet traffic. If you’re wondering how they might do that, you’ll be unhappy to learn that there are a variety of programs that can accomplish this from another computer in the same house, and they are available cheaply or for free.

This is probably the most common type of threat. However, people who have a visible presence on the Internet often face more technologically sophisticated snoopers. For example:

  • A journalist challenging sexism in online communities
  • Black Lives Matter activists fighting for their human rights

The threat: doxxing (publicly revealing personal stolen personal information) by political opponents

Some privacy tools that would help: HTTPS Web encryption, strong passwords, GnuPG email encryption, Tor Browser.

As people are increasingly aware, speaking about controversial subjects on the Internet can provoke some mean and violent harassment. Sometimes technologically skilled online harassers can identify their victim’s phone numbers, address or employer and share the information publicly, to provoke even worse harassment. This is called doxxing.

As if that weren’t scary enough, there are a smaller (but surprisingly large) number of people that are being spied on by large organizations with lots of technological resources:

  • An employee that has witnessed a corporate crime and wants to tell a journalist about it
  • A government employee that needs to expose illegal surveillance

The threat: communication and tech companies, potentially cooperating with government cybermilitary organizations like the NSA (USA), GCHQ (UK), Golden Shield (China)

Some privacy tools that would help: HTTPS Web encryption, strong passwords, GnuPG email encryption, Tor Browser, full-disk hard drive encryption, airgapping

Sometimes powerful institutions try to fire people, get them thrown in jail, or even kill them to prevent them from releasing embarrassing information. It’s important for these whistleblowers to be able to hide their tracks from the organizations who want to stop them, and they need powerful tools to do so because their adversaries have extremely sophisticated technological resources.

But I’m not pregnant or a whistleblower or any of these things!

There’s another thing about privacy tools: it’s good for people to use them even when they aren’t immediately facing a threat like the example people in this post. There are four benefits to using privacy tools even when you don’t believe you need them:

  • It helps you practice in case you need them later or want to teach someone.
  • It encourages other people you communicate with to learn how to use them, and it makes it more socially mainstream to use the tools. Right now, many of the people that need them most have no idea they even exist.
  • It increases the total amount of protected traffic moving through the Internet, which means that it’s harder for some kinds of surveillance techniques to find the information they want to get. Needle in a haystack.
  • It gives you a chance to find problems with the tools and report them to the developers. Most privacy tools are free/libre/open source software, which means they are developed by a community, working transparently and in the open, and they rely on your feedback to make the software as good as it can be. Go to the Web site of any FOSS privacy tool and you will find a way to report a problem or request a new feature.

We live in a time of rapid technological change and our culture and government do not always keep pace with the new threats that these technological changes bring against our freedom of information and expression. People are threatened by surveillance every day, and spreading privacy tools can help them. Let’s resist surveillance together!

So we won Net Neutrality (in the US). What’s our next challenge to defend the Internet?

The battle for strong Net Neutrality regulation this year got a lot of people involved for the first time in political action to defend the Internet, and with their help we were able to win. But net neutrality is only one of the ongoing struggles of epic proportions to keep the Internet more open, fair and free. Here’s a quick and totally non-comprehensive rundown of three of them, and some things you can do to help with each: fighting censorship, centralization versus decentralization, and net neutrality in developing countries. They’re in no order — skip to whichever interests you most.

Fighting Censorship

Sweet alternate Tor logo. The onion represents Tor’s multiple independent layers of encryption.

Because the Internet lowers the barrier to entry for people with something to say, there are a lot of people saying things or sharing things on it that the elite doesn’t like and still feels they have the right to squash.

Governments are likely to attempt to censor people for speech that agitates against them (i.e. governments threatened by the Arab spring uprisings cutting the Internet to their citizenry, the Chinese government’s much more sophisticated system of monitoring and silencing dissidents), and both corporations and government have been involved in attempts to stifle and criminalize sharing of files protected by the draconian copyright systems currently in place throughout most of the developed world. Even if you are uncomfortable with unauthorized file-sharing, censorship of it deserves your attention — it has great potential to overstep and interfere with completely legitimate forms of speech.

To fight government censorship of the traditional, politically motivated kind, the Tor anonymity network is one of the best tools we have. All the user has to do is install a modified Firefox browser that’s configured to automatically work with the Tor network. Then, when they browse the Internet, instead of going through the normal Internet pipes, it’s bounced around the world through different computers on the Tor network, being encrypted and decrypted in multiple layers along the way. The net effect is that an entity trying to hunt a person down and silence them can’t find the person the way they would if they weren’t using Tor.

But to function properly, Tor needs people to volunteer their computers to act as nodes in the network, particularly the high-risk but crucial exit nodes. This is something that takes a non-trivial level of technical sophistication and some legal research, but if you do it, you have the satisfaction of knowing that you are helping political dissidents under oppressive regimes (you might also be helping someone else buy illegal weapons — Tor doesn’t know the difference). Some Tor nodes are hosted by individuals, but many are managed by groups or institutions – the Free Software Foundation runs one, and a library in the US was recently the first institution of its kind to open an exit node.

The Electronic Frontier Foundation’s Tor Challenge website has good resources for getting started running a Tor node. But if you aren’t ready to take that step, you can still make a real difference by donating to Tor.

To fight the corporate/government censorship that is motivated by greedy corporations imposing draconian copyright, you can oppose trade deals like the TPP (countries surrounding the Pacific Ocean) or TTIP (countries surrounding the Atlantic). These deals are basically ways for corporations to create laws that benefit them in multiple countries at once, in secret. If that sounds undemocratic and horrible, it’s because it is. The Electronic Frontier Foundation has very good coverage of deals like this, with petitions to sign and phone calls to make.

Decentralization

The Web was designed to be decentralized — anybody at one node of the network (a computer with an Internet connection) can

Gavroche, the MediaGoblin mascot. It’s got a different feel from the slick corporate likes of Flicker or Youtube. This cute little guy is in the public domain.

serve content (like a Web site) that anyone else can access. This is one of the reasons that the Web lowers the barrier to entry for people who want to share their ideas online, as compared to the traditional model of publishing houses with printing presses.

But as corporations have realized the value of the Web, and governments have attempted to regulate it, it’s become much more centralized in reality, even though the decentralization-friendly infrastructure still underlies it. Instead of visiting a myriad of blogs and sites, most Internet users today spend their time on just a few sites: Facebook, Twitter, Google, etc.

The giant data caches in these sites are a flashing bullseye for prying governments and malicious hackers. Being centralized also makes them inherently easy to censor — what if Twitter decides (or the government makes Twitter decide) not to let people talk about subject X? It could make it massively harder to talk about subject X.

The exciting thing is that there is a strong counter-movement to “re-decentralize the net.” My favorite concept they’ve brought us is server federation — a system for creating an alternative to a centralized site that is actually spread across tons of different servers, all linked together but controlled by autonomous individuals rather than a single corporation. To the users, federated systems look almost the same as centralized services, but the data and interactions they enable are actually spread throughout a network that is resilient and hard to disrupt.

Good examples of federated systems are Quitter, which, as you can guess, is a Twitter alternative, and MediaGoblin, which lets you post, share and comment on media from movies to songs to 3D models, hoping to replace Flicker, Youtube etc. Quitter works great, and though MediaGoblin is still in its early stages, it works just fine. You can try it out at one of these servers.

If you’re a dedicated Twitterer or Youtuber, don’t expect these new services to completely replace the old at the moment — since they don’t have nearly as many users, you won’t get the same exposure or as much recommended content that’s highly tailored to you. You’ll also notice that neither service is as polished or pretty as Twitter or Youtube or you-name-the-giant-corporate service. This isn’t because they are federated or because they are free, rather than proprietary software. It’s because they are being mostly developed by idealistic people in their free time, rather than a big corporation.

I recommend creating accounts on the federated services and linking to them from your bio on Twitter, Youtube etc., then submitting all your posts to both the centralized and federated services, to get the best of both worlds.

Net Neutrality in Developing Countries

Many developing countries are rapidly gaining access to the Internet. Almost everyone on Earth will probably get Internet access within the next few decades, but how they get access to the Internet matters. Right now their options are:

  • A creepy corporate-controlled limited version of the Internet. An example is Facebook’s Internet.org project, which provides access only to a small group of sites, obviously including Facebook, but is free to use.
  • Access to the whole net, with the condition that they watch an ad every time they want to get online. Realistically, this may be the best we can do right now. Even Mozilla, Web pragmatic idealist-in-chief, has already tried developing this system.
  • The full access enjoyed by us, perhaps made even more welcoming by tools designed for new Internet users, like Mozilla’s sitebuilder

The corporate-controlled limited version of the Internet is a textbook example of net non-neutrality. The ad-gated version of the Internet doesn’t exactly violate net neutrality in the traditional sense, though it still makes you feel dirty.

Indian activists standing up for Net Neutrality with their own parallel to the “No fast lanes and slow lanes” messaging used in the US. Credit: AFP

What can you do about this? If you’re in a country that’s facing Internet.org or similar, you can take political action by writing about these problems, talking to your friends and petitioning your government. Some Indians recently had success with this, and got their government to start making noises about improving net neutrality in India. If you’re in the states, the best thing is probably just to look for opportunities to talk about and support work on the front lines. @neutrality_in on Twitter seems like a decent way to track what’s going on there, but I’m looking for more resources.