Jump to content
Sign in to follow this  
Goddess Relief Office

Net Effect: One week inside the Haystack

Recommended Posts

Lastweek I blogged about Haystack. That post, followed byreply from Austin Heap, Haystack's founder, triggered aninteresting and at times heated discussion on mailinglists, blogs, and Twitter.


Some of that discussion was more heat than light, and I am sorry if my original post contributed to that. These issues are of huge importance. And in the interest of focusing on what really matters—the promise of systems like Haystack in protecting dissidents—I would like now to express my understanding of Haystack both more cogently and in greater depth. To be clear: I am not asecurity specialist. But since my blog post went up I've had many conversations with security/cryptology experts as well as with Austin Heap. I am very grateful for the conversations. My conclusions about Haystack remain very skeptical, and I will explain the sources of that skepticism here as well as reflect on what the Haystack situation reveals about the state of play in the "Internet & democracy" space. Let me emphasize once again that this post is notmeant as an attack on Haystack or Austin Heap. 

Sincethis will be a very long post, I'll break the rules andstart with some conclusions. You may then want to read or skip someof the technical details before heading straight to the last sectionthat contains some unanswered questions/even broader reflections.


I. Haystack-related:Nothing about what Haystack/Austin Heap has disclosed so far couldconvince me that Haystack is a safe product that can be used in ahighly sensitive context like Iran. (Austin Heap did make someimportant promises about the future.)


II. Haystack-related:Haystack has so far failed to publish a coherent narrative abouttheir operation, how it came into being, and how extensive it reallyis. Paradoxically, such ambiguity may have helped to generate thebuzz in the media, as reporters were free imagine anything theywanted to about Haystack and how it worked. Furthermore, some of the claims that havebeen made by Austin Heap earlier this year are misleading and endedup presenting Haystack in a far more impressive light than theevidence merits. The fact that Haystack is still in beta is notwidely publicized and not reflected in most media reports aboutthem. While this ambiguity probably works in their favor at thispoint – at least in terms of raising money and generating thepublic profile – the ethics of this are dubious.


III. USgovernment-related: the murkiness surrounding the reviewprocess of allowing technologies like Haystack to be exported toIran is extremely nontransparent and ambiguous. While the USTreasury and Commerce Departments almost certainly did not opine onthe security of Haystack's architecture in the context of Iran, thefact that they granted them the license/waiver can still beconstrued as such by the general public. That the US StateDepartment chose to reveal its endorsement of Haystack isunfortunate and would most likely hurt both parties.


Ifyou want some geeky technological details, see below. Otherwise, skipstraight to the end of the post.


Now,after I perused virtually everything ever published about Haystack on theWeb and exchanged numerous emails with Austin Heap, it appears thatHaystack claims to do three things:


1) Itencrypts all data that is being exchanged between Haystack'susers and Heap's servers. For the uninitiated: if the encryption isdone properly, even if someone intercepts the data that is beingexchanged, they would have a very hard time determining what it is.


2) Itthen relieson some form of steganographyto mask this data to look as if it were something else. Thissupposedly makesit more difficult for theIranian police – or anyone else who might be looking – toautomatically identify that some improper sites are being visited.


Howdoes it work? Well, it appears that Haystack presents some of itsuser traffic as traffic that looks innocuous; i.e. the police may beled to believe that the users are visiting sites like weather.comwhile they might be browsing sites that are banned in Iran or maysimply raise suspicion (e.g. Twitter or Facebook).


Asper my most recent correspondence with Daniel Colascione, Haystack'slead developer, “ the traffic [is made...] to look legitimateenough to a machine that it can’t confidently and automaticallytell the difference between it and regular traffic...We neverclaimed that a *human being* sitting down with traces couldn’tfigure out *something* was going on --- though thanks to ourencryption, that human being still couldn’t figure out who theuser was actually talking to.”

Thisis all that Haystack has disclosed about their steganogaphy so far.Note that if their encryption IS NOT as strong as they claim and ifTHERE IS a human being assigned to the task of hunting fordissidents and performing in-depth analysis, they've got a problem.

3) Relyingon Functions 1 and 2, Haystack then helps to circumventcensorship,i.e. it allows those who use it in Iran to access web-sites thathave been blocked by the government. Myunderstanding also is that after the data has left Iran, it is sentto Austin's central system that can monitor everything – they knowwhat was sent, where it was sent from, where its going on the net,and of course possibly also the content of the requests themselves.While this is standard practice with many similar tools, there areall sorts of things than can go wrong here. All depends on theimplementation.

Oneneeds to remember that even if Haystack did not exist, some of suchfunctionality is already available in other tools. Functions 1 and2, for example, are already provided by a number of commercialoff-the-shelf tools. (However, not all of them are easily accessiblefrom Iran, as the government quickly blocks access to them as well.) Function 3 is interesting; I don't know of many (any?)mass-market tools that could perform that function in the context ofIran.


    Essentially, if Haystack works as advertised and has no security flaws that might compromise its users' security, it's, indeed, something of a conceptual breakthrough. I'll be the first one to acknowledge this.

Whatkind of evidence do we have so far to assert that it does, indeed,work as advertised? Let's deal with each of its three functionsseparately.


Onthe circumventionfront: according to my correspondence with Austin Heap, they havetested their software inside Iran. They have had some problems, mostof which – according to Heap – they have managed to resolve. Myanonymous source inside Iran who has had first-hand experience withtesting Haystack has painted a somewhat less rosy picture; Haystack'srate of circumventing censorship was not particularly impressive. AnIranian source very close to Haystack also wrote to me that “somepreliminary tests on the software in Iran have been less thansatisfactory.“ Also, Austin claims it has been tested and works insome other Middle Eastern countries; he produced some evidence tothat effect.

Thisseems like good news. But I don't really know what it tells us aboutHaystack's future potential. For once, Haystack is only used by alimited number of people who are test-driving it in Iran. At thispoint, there is no reason why any government – including Iran's –would start searching for ways to block software that is not widelyused by their population and presents no threat.

Themoment Haystack goes into mass-market distribution – and this,according to Heap, is their stated goal – this would no longer bethe case; the Iranian government would immediately get veryinterested. Given the resources they have at their disposal, it'squite likely they'll find a way to block Haystack pretty quickly.

Ofcourse, maybe Haystack will raise enough resources to outsmart thecensors, at least in the short-term (this is the famous“cat-and-mouse” game that Patrick Meier alluded to in theNewsweekpiece and that Austin Heap often alludes to in interviews aswell). Such an approach seems to be working in the case of the FalunGong-affiliated GlobalInternet Freedom Consortium who have been designing tools similarto Haystack to distribute in China.

Inreality, though, the approach is most probably not working: if itwas, GIFCwould not be asking for so much money from the US government allthe time. What they seem to be doing is rotating IP addresses andbuying a lot of bandwidth – a blunt strategy but it seems to workas long as someone wants to keep pouring money into their ventures.

Thatsaid, I'd be wary to draw parallels between CensorshipResearch Center – which, according to my conversation withAustin – has less than $3k left in their bank account while theirhosting costs are $1k per month – and the Falun Gong crowd. Thelatter are way more resourceful, have a religion to back them up aswell as a bunch of extremely powerful Washington insiders likeMichaelHorowitz and to advocate on their behalf.

Somy verdict on point #1: While I'm willing to acknowledge thepossibility that Haystack mightbeworking in Iran during its testing phase, I don't think this meansmuch in the long-term. It's no worse or better than any otherprototype that has not yet been flagged by the Iranian government.And it's very hard to expect that the Iranian government wouldn't bewatching Haystack with their utmost attention given how much buzzHaystack has generated in the media...

Unfortunately,I still don't know what goals – other than fund-raising anddevelopment – such proactive media exposure has advanced. One ofthe few snarky remarks I'll allow in this post is that it's verytempting to believe that Haystack's approach seems to be “marketfirst; test second”. It is an approach that works well in the BayArea; I am not sure it would work equally well in Iran.


Now,onto point #2: encryption.It's not the case that a censorship-circumvention tool absolutelyneedsstrong encryption to do what it is supposed to do: i.e. provideaccess to sites that are banned. I can think of many cases whereencryption does not need to be very strong – e.g. I use the tool toaccess the banned Gmail and use it in https (i.e. secure) mode. Somekind of basic encryption may be good enough to let me bypassgovernment's filters but it surely won't protect my privacy; thatsaid, knowing that Gmail provides encryption of its own, I may not beparticularly worried. The most important thing here is to make surethat the risks I am taking are made visible. E.g. if I know that thesoftware I am using does not claim to be secure, I'll alter mybehavior accordingly and be more cautious. If the software DOES claimto be secure, I may not be motivated to do so.

Thetools offered by the Global Internet Freedom Consortium – Freegate,Ultrasurf, and others – which Austin Heap likes to tout as hismodel – claim to be “secure” but it's such a broad definitionof security that no one really knows what it means; uses wouldprobably be wise to disregard such claims outright. In other words,while they do make some claims about encryption, they do not backthem up; their primary focus is on circumventing censorship. Is it aproblem with GIFC's tools? I bet it is.

Now,given that Haystack is a censorship-circumvention tool and the veryact of circumventing censorship in Iran is illegal and can put usersin danger, one probably wants to hide as much data about users aspossible. So “security” - however vaguely we define is – issomething that one does want to see in Haystack. This is preciselywhat Austin Heap and Haystack claim to provide on theirsite's FAQ. Furthermore, they claim to provide some effectivesteganography, which is seen as a very difficult challenge by thosein the privacy/security community:


Is Haystack secure?

Yes.We go to great lengths to ensure that any traffic between our serversand our users looks like perfectly normal, innocuous, and unencryptedweb traffic. It would be exceptionally difficult to detect and blockautomatically.

However, even if our methods were compromised,our users' communications would be secure. We use state-of-the-artelliptic curve cryptography to ensure that these communicationscannot be read. This cryptography is strong enough that the NSAtrusts it to secure top-secret data, and we consider our users'privacy to be just as important. Cryptographers refer to thisproperty as perfectforward secrecy.

Iam not a cryptographer and I've learned more about encryption thisweek than in the rest of my life. That said, based on the numerousconversations/email exchanges I've had with people who work on theseissues, my understanding is that Haystack has so far failed toproduce much evidence that their encryption works as advertised. Thefact that they have implemented a particular open-sourcecryptographic routine is not a guarantee that they have implementedit properly. That it's state-of-the-art does not mean much; SpaceShuttle Columbia also had a lot of state-of-the-art technology in it.

Ananalogy might help here. Suppose you and I start with the sameperfectly safe parts of the automobile engine. Is it possible that weassemble those parts in two different ways, of which one would beless secure than the other? Sure, it is possible. So far Haystack hasdisclosed that they use one safe part in their engine – withouttelling us anything about how the engine actually works and how thatparticular part fits into it. This is not a car that I would like tobe driving, even if NSA owns a car fleet with cars that have the sameparts in their engines.

Dothe Haystack folks need to publicly reveal everything about theirengine and make it into an open-source kind of car to assuagesecurity concerns? No, this is not required (even though I've heardmany strong arguments that it would help: the Iranian governmentwould probably be able to decompile their software anyway whilemaking it open-source at this point would help them tap into thecommunity of well-meaning outside techies who can help).

Ifthey are short on funds, it's possible to ask someone with anindependent third-party with the right credentials in the computersecurity/cryptology field to take a thorough look at their code,test-drive the software and write a report that can be shared withthe rest of the community that would assuage at least SOME fearswithout disclosing any proprietary information.

AustinHeap wrote to inform me that they are planning to hire a professionaltesting firm to do just that once they finish tweaking their code. Ithink this is a good idea – provided they have the money. But it'simportant to keep in mind that until that happens, there are fewreasons to treat Haystack as a secure or reasonable technology, notlease because its overall design has not been independently vetted orpeer-reviewed. In our correspondence, Heap did point me to a fewpeople that they have shown Haystack to. I interviewed a few of them.

Myimpression is that they did not really get a chance to look inside it– nor could I definitely say that what they looked is what Haystacklooked like 10 days ago or 20 days ago. (One knowledgeable person whospent some time looking at Haystack's demo said that it was “software definitely in beta stage, with a lot of room forimprovement”.) For all we know, at this point, Haystack may well asbe like theShip of Theseus in Greek mythology: it's changing so much and sofar, that no one is sure if any of the original wood is still there.


Now,function #3: steganography.I'llsave you the Wikipedia visit: “Steganographyis the art and science of writing hidden messages in such a way thatno one, apart from the sender and intended recipient, suspects theexistence of the message, a form of securitythrough obscurity. “.

InHaystack's context, it translates into the ability to mask whatsites/content you are actually visiting/downloading, presenting it assomething innocuously-looking instead and potentially confusing theIranian censors. Maybe Haystack does a good job at it; maybe, itdoesn't. No information has been released to prove it either way.While they have disclosed at least some information about theirencryption methodology, very little has been disclosed about thesteganography.

Bothof the anonymous experts who had a chance to see Haystack's demo thatI spoke to implied that Haystack's steganography didn't seem to beflawless and would benefit from an independent review. As such,unless it's vetted properly – by a third-party firm or by someoneelse – I think it's safe to assume that it is not safe.

Myown limited understanding of this issue based on conversations withexperts is that while Haystack's particular approach may be workingat the moment, it's most likely due to specific bugs in Iran'sfirewall. Obviously, once Haystack goes into mass-market circulation,it's not clear that those bugs will remain. (The Newsweekpiece does contain a very important detail: Austin Heap didmanage to get hold of a 96-page document about how Iran's censorshipsystem works that was leaked to him supposedly by someone in thegovernment; this may explain how they pulled off the particularsteganographic solution.)



So,to sum up the three points, we are dealing with a program that


a)has only been used by a VERY limited number of people inside in Iran(I hear that less than 100 copies have been distributed afterHaystack got the US government's greenlight for export sometimebetween mid-March and mid-April) while its future as a mass-marketproduct depends on how much money/resources they can raise.

b)may not offer the kind of encryption/security that its founder claimsit does; Haystack has not provided any significant evidence toconvince me of their security, only promises that they WILL addressit, including by disclosing parts of their encryption architecture(note: by “evidence” I mean tests results by independent securityexperts – which Haystack does expect to obtain in the FUTURE). Thisis a great and important commitment – but for now, we don't knowmuch about Haystack's security. I am not sure I can trust their FAQalone.

    c) may be hiding sensitive user traffic and mixing it with some innocuously looking traffic – but we don't know how secure such “hiding” methods really are, because they have not been independently tested. (Once again, this is something that Haystack seems eager to have tested at some point IN THE FUTURE.)

Doesit mean that Haystack will never be secure? No, it doesn't. As far asI'm concerned, they may one day become the most secure piece ofsoftware in history. It's just that at this point we have very littleevidence to imply anything of the kind. They may have a fineprototype – but it's just that, a prototype.

Givenwhat I've heard from Austin Heap so far – including their plans tomake Haystack available on the iPad – I have some questions abouttheir priorities. (Who needs Haystack on the iPad when one cannoteven legally purchase iPads in Iran?) Moreover, Austin Heap wrote tome that they are planning to launch in four more countries, which maystretch their ability to make their software secure even further.

    In short, Haystack may have a very glorious future. Its past, however, is far less glorious.


Itmay be too much to demand of my readers but dowatch this 20-min video interview with Austin Heap. Or watch atleast the first 8-10 minutes of that interview, which Austin Heapgave to Alex Krotoski of the Guardian (the interview was shot fortheVirtual Revolution documentary; some transcribed parts of thatinterview alsoappeared on The Guardian's web-site). The interview waspublished on March 21, 2010.


Hereare three excerpts from that interview, which I think are importantto consider when thinking through Haystack's history.


Interviewer:Austin Heap, youdeveloped an application called Haystack, which was pretty importantin opening up the Iranian Internet which had been shut down in theimmediate aftermath of the Iranian elections last year. Can youexplain what Haystack is? How does it work? And how you decided todevelop it?


AustinHeap:Sure. Haystack, it's basically a piece of software that a user inIran would run on their computer and it does two primary things: itencrypts all of the data and it hides all of the data inside whatlooks like normal traffic, so it looks like you are visitingweather.com or completely innocuous sites...[interview continues...]


Interviewer:...And Haystack actedat what point in this process [of circumventing censorship?]


AustinHeap:What Haystack does it starts at the very beginning. The primaryconcern is protecting the user. That's why step 1 is encryption. Step2 is getting around actual censorship. You can use a proxy to getaround the censorship but it's fairly easy to monitor that traffic;you can eavesdrop, imagine what you can do if you can watch someone'sinternet connection: you can watch them log in into GMail, you canwatch them log into Facebook, you can see who they are talking to,you can intercept their messages. And so the encryption was reallyreally important for us: now, it has to start on the user side - likeon their computer. So Haystack sits there. First, it encrypts, thenit makes its way through the government filters.


Interviewer:And what Haystackdid in practice when it did find its way onto people's computers? Wasthat it allowed them to load things like Twitter and Facebook and theblacklisted sites?

AustinHeap:Right. And I mean it's not just Web traffic. All of a sudden, itallowed people to make Skype calls back to their families securely,it allowed people to do basic things like send Gmail without worryingthat someone is doing like man-in-the-middle attack and trying tosteal their passwords or monitor their email. It gave them a layer ofprotection that allowed a random person to be a citizen journalistwithout the risk of persecution, jail, torture, you know, whateverhappens next.

Perhaps,it's just me, but on reading these three questions and answers, I amled to believe the following: Haystack is not a prototype but a realpiece of well-functioning software that made it to the computers ofrandom Iranians; it aims to deliver SECURITY [“our primaryconcern”...] to those who use it while also providing ACCESS tobanned sites; it is actually actively used by “people in Iran”who rely on it for all sorts of things that they could not do before– Skype, Gmail, etc – AND it allows them to do so more securelythan they would have been able to otherwise.

Nowherein the interview does Heap mention that the software is in thebeta-testing stage or that its use has been limited to only a fewdozen – or even fewer – testers. (It may be toodifficult/challenging of a point to make, but it would also be niceto have him point out that since Haystack is hosted n the US, theAmerican government can now potentially monitor all of the trafficthat is used by people plotting a revolution in Iran.)

Now,after I exchanged a dozen emails with Heap, the picture that emergesis very different from the one painted in the Guardianinterview. Haystack has not been widely distributed in Iran; its usehas been limited to a few dozen people, all of whom were specificallyrecruited to test whether it circumvents censorship. In fact, Austinwrote to me that “our initial test group prior to halting exportswas much smaller (a handful of people)” (Austin resumed exportingHaystack to Iran – I assume for testing purposes – after gettingthe license from the US government; this also means that they mayhave been doing some of those exports illegally).

AmI wrong to assume that the “people” Austin mentions in theinterview – those accessing Skype and Gmail – were just a“handful” of specifically-recruited testers of the software? Thatthere was no network of Iranians using Haystack? That there are lessthan a hundred now – but there were just a “handful” whenAustin gave the interview?... I think it's not an unreasonableassumption.

Inother words, the grounds for claiming that Haystack allowed “arandom person” to become “a citizen journalist” seem rathershaky; according to Austin's own version of events, no random peopleever saw this software. And if some random people did use it, it wasa major oversight on Austin's part, because, as himself acknowledgesnow, the software needs a security review. The only reasonableconclusion that I can draw from this is that either Austin greatlyoverstated the actual use level of Haystack in Iran OR that somenaive Iranians were put under unnecessary risks. For Iranians' sake,I'd really like to believe it's the former.

Furthermore,the interview makes it clear that Heap does believe that “security”and “encryption” are so important to Haystack that he places themeven above “circumvention”. This is fine and laudable – but wehave not seen much evidence that it does deliver security to itsusers as flawlessly as Austin Heap claims. (Once again, I believethis is something that he is coming to recognize – hence hiswillingness to show software to some experts and run a third-partytest on it). As such, his analogies to tools like Freegate don'tstand up to close scrutiny; Freegate surely does not place “security”first – a fact that the GFIC folks do not hide. Theirs is primary acircumvention tool that provides just enough security to breakthrough the firewall.

Veryfew of the other interviews/public statements from Austin Heap that Ihave read in the last week (and believe me, there are very fewstatements I did not go through) have been forthcoming on either a)the fact that Haystack is still a prototype – or a beta if you willb) the fact that its use was limited to testers only.

Theimpression that one would get on reading most of those pieces is thata) Haystack is distributed to Iran – not widely, but distributednevertheless – with the objective of being used beyond testing b)its level of encryption/security fully satisfies the Haystack team(see the FAQ above). If anything, Haystack may have overstated theircapabilities/use level to the media.


SomeConclusions and Unanswered Questions


Now,what have I learned form all this?

a)The Media Failed toProduce Serious and Critical Reporting on Haystack:The mainstream media who have covered Haystack so far have almostcompletely failed to ask the tough questions they should have beenasking: about the number of Haystack's existing users; about how itsfounders are planning to scale their userbase; how such scaling mayaffect their ability to provide effective circumvention AND security;how extra publicity they get in the media may hurt their objectives;which independent party can vouch for the security of theirsoftware... This list can go on.

Thebottom line is that such questions were not asked. Is it because thejournalists are so caught up in the cyber-utopian myths around Iran'sTwitter Revolution that they refuse to critically examine itsproponents? Or is it because the subject matter is too complex forthem to scrutinize the claims made by technologists? I don't know.Most likely, both have played a role.

Ifthe journalists were covering Haystack as a prototype – atechnology that mightbe ofuse in Iran at some later point in the future – they definitelyfailed to investigate the kind of conditions that its successfuldeployment as a full-blown project would require. If they werewriting about Haystack as an actually existing technology, theirfailure to pose questions about its security is even more glaring.Either way, there is no escaping the fact that media failed.

Inmy research, I inadvertently uncovered some other ugly stuff, which Ifeel I have an obligation to disclose. It was probably not a verygood idea for the journalist cousin of Haystack's managing directorto pen articles/do radio pieces about Haystack without disclosing theconnection. To his credit, Cyrus Farivar promptly disclosedthat connection after I asked him about it.

Cyrusalso posted some interesting reflections on how hard it is for atechnology journalist to actually investigate the kind of claims madeby Haystack – this would require background reading in cryptology,sanctions, etc. True – but covering the modern-day financialindustry with derivatives and other complex financial industrieswould require as much knowledge. I don't think that ignorance is agood excuse here.

Ifthe US government is serious about all this “21stcentury statecraft” business, they should start fundingconferences/trainings/events aimed at educating the journalists abouthow to write about such stuff. (I've long been making an argumentthat the only way to go beyond the simplistic discussions ofcyberwarfare in the media is to educate the journalists – somethingthat I'm glad the NATO center in Tallinn is keen on doing.)

II.Much AmbiguityIs Created by the Technology Export Review Process:The way the US government reviews what circumvention/encryptiontechnologies are allowed to be exported to Iran is nontransparent andambiguous. The fact of obtaining a license can be easilymisunderstood as meaning something that it is not intended to mean.The more I learn about this bureaucratic process, the more I come torealize that all that the US government really vetted in Haystack'scase was not its ability to do what it claims – i.e. circumventcensorship and do so securely – but only its potential tocompromise American interests – including those of the nationalsecurity variety – if it were to be allowed to be exported there.

Inother words, the US government would have alerted Heap if Haystackwere too good to be true – but it would not have alerted him ifHaystack had some major security flaws. I've got evidence (which ishighly sensitive but can probably be revealed on demand) that atleast on one occasion Austin Heap used the fact that Haystack hadbeen granted a waiver by the US government and that no othercompanies had been granted a similar waiver as an argument tobuttress his claims about Haystack's superb technological potential.I don't know whether this happened because he misunderstood themeaning of the waiver or whether because he deliberatelymisrepresented the facts.

Didgetting the waiver require Haystack to submit tons of documentation?I am sure it did; Heap confirmed this in his emails to me. Was apositive decision to allow such exports somehow reflective ofHaystack's ability to do what it claims to do? I doubt it... I'm nota legal expert on trade law but so far this is the only explanationthat makes sense; we can't really expect the US government to vouchfor Haystack's security architecture – and I am sure this is not arole they see themselves playing either (e.g. they don't opine on thesecurity of tools exported to China or Saudi Arabia). That said, I'mnot certain that this is how the media interpreted the fact that apositive decision had been taken. Too much ambiguity here creates animpression that a more thorough vetting may have taken place.


III. Haystack's Endorsement by the US State Department Was Not a Good Idea. Warning, my favorite subject ahead! Parts of the the US State Department do not seem to be aware of the highly political nature of their activities. Hillary Clinton did mention Haystack – if only in passing – in one of her speeches, as I already pointed out. The Newsweek piece about Haystack specifically mentioned that the State Department was also supportive of Haystack. Here is the direct quote from that piece: “[Heap's] innovation caught the attention of the State Department, and it was fast-tracked for speedy approval”. If this is not an direct endorsement of Haystack by the US government, I don't know what is. 


Iam not pointing any fingers here (joking, of course!), but AustinHeap was also invited to appear at the London summit of theAlliance of Youth Movements,an organization that was launched with the backing of the USState Department and was spearheaded by this blog's ultimate heroJared Cohen. Jared also chaireda panel that featured Austin at the AYM's London summit andaccompanied Heap to the reception held at the residence of the USAmbassador in London (this is a greatphoto of Heap and Cohen together – also have a screenshot).Heap told me that he believes Cohen had nothing to do with theirlicenses/waivers – something I very much like to believe butfind it very hard to, given Cohen's own history of interventionsin Iran-related technology matters. Regardless of Cohen'sinvolvement, even if the US government does love Haystack somuch, why on Earth make its love so public? Won't it putHaystack's users at even greater risks?


Supposethat Haystack was not as judicious as they have been so far indistributing their software and, with the government waiver in theirhands, would simply put their software for download by anyone inIran. This could easily have led to disastrous consequences...


    Just to make it clear: Haystack is not at fault here; the State Department – I am not so sure. Austin Heap can make whatever statements he likes; the government, however, is supposed to treat such statements with due skepticism and think through the political implications of their endorsement of any technologies. All this fast-tracking stuff would surely reflect bad on the State Department if after an independent security review it does turn out that Haystack has severe security flaws, which its testers – or other Iranian uses – may not have been aware of.

    And why did Clinton choose to speak about Haystack and not say Tor or any other tool? Also, not very clear. Were the diplomats charmed by all the buzz around Haystack in the media? Possibly. That said, it would be very good to know whether the State Department did ANY analysis/testing of Haystack's claimed capabilities, thought through how well it could scale in Iran, and whether they may be hurting its users in Iran – current and future ones – by lining up behind them. Were these questions asked and answered?

FinalNote: Based on my conversations with Austin Heap, I understand thatthey are eager to show Haystack to more experts and have anindependent security review. All of this is great. The past, however,is the past – and I think there are certain things there thatHaystack needs to explain/live up to. On the one hand, I am glad todiscover that the number of people using Haystack in Iran is so smalland that they may have all volunteered to do it as testers. On theother hand, the way in which Haystack has been presented to thepublic over the last 12 months has been misleading.

View the full article

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this