Author Archives: Amitpal Singh

Derechos Digitales and the EFF publish report on Chilean ISP privacy policies

Cyber Stewards Network Partner Derechos Digitales has published a report in collaboration with the Electronic Frontier Foundation, titled “Who Has Your Back in Chile? First-Annual Report Seeks to Find Out Which Chilean ISPs Stand With Their Users.” The report evaluates the privacy practices of Chilean Internet service providers (ISPs) and telephone companies.

Chileans go online more than any nationality in Latin America, while their data goes through just a handful of ISPs, making defending their information largely the task of these companies. The report examines, among other indicators, things like whether the companies notify users when complying with judicial requests for access to their account data, or whether companies challenge surveillance laws or individual demands for user data. The report also incorporates questionnaires and private interviews conducted with the ISPs, along with a relative ranking for the privacy protections these companies offer.

Read the full report or a Spanish summary of the report.

In Jordan, the “Invisible Hand” Blocks Internet Archive

by Reem Al Masri

Adam Senft (Citizen Lab), Jakub Dalek (Citizen Lab) and Baraa Hassaniya (Jordan Open Source Association) contributed to the reporting. Translation was completed by James Cain.

Read the original post in Arabic.

Imagine a museum for the Internet; this is the closest description of the website “Internet Archive”. Of the tens of thousands of books available on the website free of charge, we found more than 127 thousand books in Arabic, most of which were original manuscripts. Books of Islamic jurisprudence and interpretation digitized by libraries of American and Canadian universities were also made available through Internet Archive. The website satiates a nostalgia that infects us from time to time to revisit coverage of Arabic websites of big events such as the coverage of the assassination of Rafiq Al-Harari in 2004, or to return to forums that vanished from the face of the internet such as Abu Mahjoob forum.

In October of last year, the non-profit foundation Internet Archive, along with the wider world, celebrated the 20 year anniversary of the founding of the website which aims to preserve memories of the internet and prevent digitally generated content from disappearing. 

The only ones who did not celebrate this occasion were internet users in Jordan. 

Since the beginning of the year 2016, internet browsers would simply display a message confirming the unavailability of the site, seconds after typing  its address www.archive.org , regardless of the service provider or method used. 

The website became available once again in February of the year, according to a statement received by 7iber from Chris Butler, the Office Manager of Internet Archive. In the meantime, during the four-month-long period from September 2016 to January 2017, the team at 7iber attempted to uncover the technical or legal causes which made a global website like this one unavailable to internet users in Jordan. There were two scenarios to explain the phenomenon: Firstly, there were technical issues within the website itself which impeded us, and other users across the world from accessing it. As for the second possibility, it was that the website had been blocked by the Media Commission in Jordan, as we’ve grown to expect, practicing its powers granted by the 2012 amendments to the Press and Publications Law

However, a third scenario was awaiting us. 

How can we technically  prove that the website was blocked? 

For us to begin research into the second scenario, we had to first confirm that there were indeed no technical issues within the website itself (scenario 1). We needed to find technical evidence of the block after succeeding to get on the website using Tor browser or a VPN. In collaboration with Citizen Lab and the Jordan Open Source Association, we ran a number of tests starting on November 17th 2016 on the network using the application WireShark. The application records all the traffic sent and received by a device when it connects to the internet. The results of the test revealed that devices which attempted to connect to the website Internet Archive were failing to complete the operation known as a “TCP handshake”, which is normally completed whenever a connection is created between two devices. This is something which can be taken as a clear indication that the website had been deliberately blocked. (For more technical details on this test please refer to the attached file).

The test results matched what Chris Butler, Office Manager at Internet Archive, had previously told 7iber in a statement: “reports reached us from two different users, the first of them in February 2016 and the second in March of the same year, both regarding the users’ inability to access the website from Jordan. The complainants had tried to access the website from a range of telecom company networks (Umniah, Zain, and Orange) only to find they were still unable to access the site”. Butler continues that after Internet Archive pursued the issue and were in touch with the Commission in December of last year, the website became available once again in the last days of January of this year. 

We ran a second test on the network once the website was available again, and the results now showed the successful completion of the TCP handshake, and the possibility of sending and receiving packets between the site’s server and testing device. This all confirmed that the website had been blocked before and that now the block had been lifted. 

The website was blocked centrally, but who blocked it and why? 

In November of 2016, at the time the website was still blocked, we directed a number of questions to the three entities through which a website blocking process normally has to pass: The Media Commission, which sends the decision to block the website to the Telecommunications Regulatory Commission (TRC), which in return disseminates it to telecom companies to enact it. 

Assuming that telecom companies have the most knowledge of their networks and are careful to carry out blocking decisions to avoid legal liability, we thought that they are the most capable of explaining the unavailability of the website on their networks. We got in touch with two companies (Zain and Orange) last November. The public relations employees in both companies seemed happy to cooperate with the media. After formally sending them our questions, Orange stopped replying to the numerous attempts made by 7iber to receive an explanation.  As for Zain, their response after several attempts to get an answer was that “the employee responsible for the block is on a family holiday, and there is not anybody else able to take his place and answer this question”. The public relations employee then dismissed our subsequent inquiry: “What if you were to receive an order to block a website whilst the relevant employee was on holiday?”

The reasons behind the telecom companies’ delays in replying to our questions may well have been purely bureaucratic through which inquiries from non-advertising media simply gets lost. However we were not the only ones being ignored in this way. Butler told us that Internet Archive had also repeatedly tried to contact OrangeZain, and Umniah throughout April 2016 in order to clear up the complaints which he had received,  without a single reply. The website also tried to contact the Ministry of Communications and the National Centre of Information Technology only to find the same level of disregard. 

As for the Telecommunications Regulatory Commission (TRC), despite their efficiency in communicating with 7iber, their responses to us seemed to answer another question, one we weren’t asking: “The Telecommunications Regulatory Commission is not the entity which issues the decisions but rather it is the entity which enforces the decisions the block sites as issued by the Media Commission, furthermore the Commission does not receive reasons behind the blocking of any website, and this is the same in the context of Internet Archive”.

When we tried to return to the original question: “Did the TRC carry out the dissemination of the decision to block the website Internet Archive?” the TRC responded with the same answer. We then asked the TRC whether it would be possible to supply us with all blocking decisions that they passed in year 2016, and their reply was that “the TRC is unable to disclose that given that these decisions are temporary and not fixed”.

The only place left to look for an answer was the Media Commission, the sole entity legally authorised to issue decisions to block websites as according to the amendments of the Press and Publications Law of 2012. The director of the Media Commission, Mohammad Quteishat, confirmed to us that at the end of last November, and after looking at all the blocking decisions in 2016, “there was not one which pertained to the website Internet Archive”.

Why did the website become available?

In February 2017, after the website was available, we contacted Chris Butler again. According to Butler, Internet Archive communicated with the Media Commission in January of this year to try again to inquire about the reason for the site’s blocking following all the previous failed attempts to contact telecom companies. The response from the Media Commission was that they would look into this issue, stressing that the blocking decision had not been issued by the Commission. Butler says that the commission got in touch with him at the end of January announcing that the website was “now” available in Jordan according to the following email: 

Again, we asked the director of the Media Commission, Mohammad Quteishat, about the reason for the site’s return to Jordan after being blocked for almost a year. However, Quteishat assured us that “the website was not blocked on the Commission’s network, at least as provided by the National Centre for Information Technology [gov ISP]”

And as for what the Commission wrote in its message, that the website “Is now available”, it did not insinuate for Qutaishat that “that the website was blocked,” according to what he told 7iber. As for our request for an explanation of the technical reports proving the blocking of the website, and the coincidence of the availability of the website shortly after Internet Archive contacted the Media Commision, he said: “I cannot answer. We did not have any hand in the blocking or the unblocking of the website, the website was not ever blocked according to a report from the follow-up committee.”

The third scenario: The invisible hand

The website Internet Archive was blocked quietly in Jordan, and then unblocked quietly. Despite the obscurity of the reasons behind the availability of the website, the story lay in discovering the extent of absurdity that the process of blocking websites in Jordan has reached. This absurdity is first structural. It began in the 2012 amendments of the Press and Publications Law, which the government is convinced has been effective in regulating online media. However, until now, the scope of the sites made subject to the Press and Publications Law remains controversial because it goes against the technical nature of network, that cannot define sites into “local” and “global”. The absurdity is also manifested through the administrative authority given by the law to the director of the Media Commission, allowing him to use his own discretion to identify which websites can be categorised under “electronic news website”. As for Internet Archive, it all points to the worst-case scenario: There is a parallel entity outside any radar, with influential central powers over the network, able to jump above the remit of the Media Commission and telecoms, and block or unblock websites centrally. 

“We’re appreciative that the Commission appears to have helped get us back online in Jordan,” Chris Butler told 7iber.  But despite what the Commission wrote in their email to him, that the website was “currently” available, Butler was hoping “they would reply to our follow-up questions and that we could clearly understand why the website was blocked at the level of the backbone”. 

“If the Government censored the site, they should say so,” he says. “If they claim to not have censored it, it would be helpful to have an explanation what the issue was and how it was resolved by the work that the Media Commission referred to.”

This story also reminds us of the absence of minimum transparency in the blocking process, even the legal and visible one. Telecom companies, the Telecommunications Regulatory Commission and the Media Commission keep blocking decisions locked in their drawers, without feeling obliged to make them public to citizens. 

According to Issa Mahasneh, president of the Jordan Open Source Association, the owner of a blocked website has the right to know which entity issued the decision to block that site, so that they may be able to challenge that decision. “So, for example, if a website was mistakenly blocked or blocked in a way which was illegal, then the owner would request compensation for losses from the entity which caused it this damage,” he says.

Neither we, nor Chris Butler, or the director of the Media Commision know who blocked the Internet Archive. However, what we know is that there is a parallel window for blocking websites, through which an “invisible hand” practices its authority and draws for us the Internet that it wants us to use, without any accountability. 

Attached file explaining the technical tests: 

We conducted network measurement tests on the ISP Orange, to determine if the website of Archive was blocked. In order to do this, we accessed http://www.archive.org in a web browser while collecting a packet capture using Wireshark. The page failed to load in the web browser, eventually returning a “The connection has timed out” error message.

In the packet capture, we can see in more detail why the page failed to load. The first step, the domain name resolution, completed normally. In response to our DNS query, we received the IP address 207.241.224.2, which is the correct IP address for Archive.  This is known because this IP address is in the ASN of Archive.

However, all traffic sent to this IP address did not receive a response. The testing client began the process of establishing a connection with the Archive server by initiating the 3-way TCP handshake. After sending the initial SYN packet, the testing client does not ever receive a response. The client tried sending this SYN packet repeatedly, and not receiving a response it eventually gave up.

These tests were repeated multiple times, and at no point did the testing client ever receive a response from the Archive server. This is highly suggestive of deliberate filtering.

ICT Watch project nominated for World Summit for the Information Society prize

Cyber Stewards Network Partner ICT Watch is one of 18 Indonesian organizations nominated for a World Summit for the Information Society (WSIS) prize in 2017. The WSIS prizes have been organized by the United Nations since 2012, and supports the Internet community in achieving sustainable development goals by 2030.

ICT Watch was nominated for the award for their project entitled “Internet Sehat (Internet Healthy): Towards Indonesian Information Society.” The project description is as follows:

ICT Watch is committed to the online freedom of expression and aware of the emerging challenges to it, while continuing to combat online hoax and disinformation by delivering the Indonesian literacy digital, called “Internet Sehat”, to the public. Internet Sehat provides high-quality Indonesian online content under creative-common license, including a series of social media for social movement documentary videos for public screening and discussion. Also included is an updated presentation kit and how-to modules and leaflets for public education. Internet Sehat also delivered through offline activities, such as workshops, to schools, campuses and local communities, simultaneously facilitating multistakeholder engagement and developing capacity of local actors/communities.

ICT Watch has partnered with the Indonesian Ministry of Communication and Information Technology, the Cyber Law Centre at Padjadjaran University, and other government and civil society organizations to facilitate the project.

Read information on the Internet Sehat projecta list of nominated projectsor vote for a winner for the WSIS prizes until April 30, 2017.

New Report: An Overview of Internet Infrastructure and Governance in the Phillippines

The Cyber Stewards Network is pleased to announce the release of a report titled “An Overview of Internet Infrastructure and Governance in the Philippines.” The report outlines the key actors, regulatory structures, and challenges facing the development of the information and communication technology (ICT) sector in the country, as well as privacy and security concerns.

The report begins by outlining the political context of the Philippines and then describes the regulatory landscape and mandates of various organizations responsible for decision-making, as they relate to the establishment and operations of ICTs.

Throughout the document, key issues relating to access, privacy, and human rights more broadly are flagged. In particular, the report identifies gaps in state capacity and ICT leadership as germane to policy issues in the Philippines, including a lack of coordination among state agencies and the government’s absence from multistakeholder fora like the Internet Governance Forum. Finally, the report explores issues related to communications surveillance, online piracy, and anti-obscenity initiatives.

Key Findings

  • The absence of an overall, nationwide access strategy for information and communications technology means that basic elements of this access have not been put in place.
  • Rapid advances in technology have outpaced policy and legislative arrangements on many levels, as suggested by the Supreme Court’s decision on libel provisions of the Cybercrime Prevention Act.
  • Unlike some of its Southeast Asian neighbours, the Philippines does not have a history of content controls, though recent developments suggest that content controls could be on the horizon, including anti-obscenity and anti-piracy initiatives, as well as the use communications surveillance tools by the government.

Based on these findings, the Foundation for Media Alternatives made recommendations for future improvement, which are briefly outlined below.

Recommendations

  • Support and build up champions of a progressive ICT agenda among current and future government officials.
  • Build a new ICT masterplan that incorporates a clear Internet governance framework, one that is developed in close consultation with various stakeholders, including civil society.
  • Develop the capacity of key institutions governing the ICT sector, including the Department of Information and Communications Technology and National Telecommunications Commission, by ensuring their financial viability and enabling them to respond to regulatory challenges.
  • Produce a post-2015 ASEAN ICT master plan in a consultative environment, both at the national and regional levels.

Read the full report (PDF).

This research was made possible by the generous support of Hivos Southeast Asia.

Research and writing was completed by Al Alegre, Nica Dumlao, Jamael Jacob, Jessamine Pacis, and Randy Tuano of the Foundation for Media Alternatives (FMA), and Irene Poetranto, Adam Senft, and Amitpal Singh of the Citizen Lab at the Munk School of Global Affairs, University of Toronto.

Thanks also to Masashi Crete-Nishihata, Ron Deibert, and Jacqueline Larson.

The Internet in the Trump Era: Prospects for Democratic And Labor Rights In The US and Globally

Citizen Lab Cyber Stewards Network Partner Kemly Camacho of Sulá Batsú will join a forum at Stanford University titled “The Internet in the Trump Era: Prospects for Democratic And Labor Rights In The US And Globally.” The event will be held on February 9, 2017 from 7:00pm – 9:00pm in Room 126, at the Margaret Jacks Hall at Stanford University.

Participants will discuss issues raised this past December in Guadalajara, where the annual meeting of the Internet Governance Forum (IGF) was held. The issues of Internet rights and privacy, and the effects of information technology and the internet were debated and discussed. The election of President Trump has escalated fears of attacks on democratic communication rights while the privatization of the Internet grows. The forum at Stanford, featuring attendees at the recent IGF meeting, will look at the issue of protection of communication rights and privacy. It will also assess how information technology is affecting workers, as well as private sector control of the Internet through projects, such as the Facebook led-partnership Internet.org.

Kemly Camacho will join speakers from the Electronic Frontier Foundation, LaborNet, and Stanford University.

Cyber Stewards contribute to Global Information Society Watch 2016 publication

Several Cyber Stewards Network Partners have contributed to the 2016 Global Internet Society Watch on Economic, Social, and Cultural Rights on the Internet, a publication with 46 country reports and other topics.  Launched at the 2016 Internet Governance Forum (IGF) in Mexico, the publication explores issues in information and communications technology for activists, the socioeconomic empowerment of women with the Internet, and emerging issues such as the use of the internet during natural disasters.

In particular, Sunil Abraham of the Centre for Internet and Society authored a chapter titled “The digital protection of knowledge: Questions raised by the Traditional Knowledge Digital Library in India,” while Colnodo contributed a country report for Colombia. Claudio Ruiz of Derechos Digitales co-authors a chapter entitled “The impact of free trade agreements for ESCRs on the Internet,” while Valentina Hernández, also of Derechos Digitales, contributed a country report for Chile. Finally, Kelly Camacho of Sulá Batsú authors a country report on Costa Rica.

Read more information or download a full copy of the report.

Screen Shot 2017-01-13 at 10.28.52 AM

Canada’s IDRC profiles Cyber Stewards Network

In an interview with Canada’s International Development Research Centre and Canadian Geographic, Citizen Lab Director Ron Deibert explained the work of the Cyber Stewards Network (CSN), which aims to increases cybersecurity in the global south, and conducts advocacy campaigns surrounding the protection of human rights in the digital sphere.

Asked about the formation of the CSN, Delbert said “The development of the Internet is one of the most profound changes in communications in human history. We need people around the world working locally but thinking globally about how to protect it, so in partnership with the International Development Research Centre, Citizen Lab formed the network, which combines research and advocacy. A lot of the groups in the network want to do more than just research — they want to push for change. We help them with the research and they do the advocacy.”

He went to to discuss the work the network has done in protecting vulnerable groups, such as exiled Tibetans who were the target of cyberattacks by the Chinese government. Citizen Lab partnered with the Tibet Action Institute to develop messaging understandable by and relatable to Tibetans that would encourage them to follow cybersecurity best practices. Deibert also touched on the need for civil society to protect themselves as they increasingly become the target of advanced spyware technologies, given that they frequently express political dissent. He concluded: “Governments — whether in Nigeria, Latin America or the Middle East — are putting in draconian restrictions such as mass surveillance programs and curtailing the activities of journalists, all under the rubric of cybersecurity. Securing cyberspace involves more than technical solutions because however valuable those may be, they’re not going to solve the problem in its entirety because technologies are always changing. We also need to approach the problems as an issue that arises from government and private-sector behavior, which will require wholesale legal and policy changes. Otherwise, these restriction and surveillance activities will ultimately result in a crisis of democracy.”

Read the full interview with IDRC.

Tibet Action Institute publishes report on Youku video platform censorship

Cyber Stewards Network Partner Tibet Action Institute has released a report titled “Erasing Tibet: Censorship on Chinese Video Sharing Site Youku,” which documents censorship on Youku, as well as the broader trend of China-based social media platforms being required to follow regulations on content filtering. Careful testing revealed that video content related to Tibetan culture and the Dalai Lama were blocked, including content that made use of the Tibetan language.

Lobsang Gyatso Sither, who conducted the research with the support of the Citizen Lab, explained that the report was part of an effort to give Tibetans the tools to express their opinions, despite systematic censorship efforts against the community.

Read the full report.