A computer programmer takes on the despots of the world


For Austin Heap, June 14, 2009 was nothing particularly remarkable. The 25-year-old computer programmer was at home in his San Francisco apartment, spending his evening the way he spent much of his free time: playing video games. “I was sitting in front of my computer, like I usually do, playing Warcraft,” Heap recalled. “My boyfriend asked me if I was following what was happening in Iran, and I said no. I was busy killing dragons.”

Later that night, Heap logged into his Twitter account. He read about the growing number of Iranians claiming their votes were stolen in the presidential election, and he saw people complaining that the government was censoring their cries of fraud and election rigging. For Heap – who says, “I’m for human rights, the internet and checking from there” – something clicked. At that point, he decided to get involved in a battle over 7,000 miles away in a country he admits he knows nothing about. “I remember literally saying, ‘OK, play. “”

Since the advent of the internet, there has been no shortage of breathless expectations of what technology would do for the least free places in the world. Simply put, the democratization of technologies was supposed to lead to democracy. They did not do it. Only later did people realize that technology was just a tool; what mattered was how it was used. And authoritarian regimes initially proved to be more sophisticated than their adversaries in handling these new weapons.

See a list of the world’s biggest cyberattacks.
Lefteris Pitarakis / AP

Today, a new generation of hacktivists like Heap are fighting back. They are not looking for silver bullets, but for scalable technologies that will unlock the one advantage people have always had: the power of their numbers. “The technology variable doesn’t matter the most,” says Patrick Meier, director of crisis mapping for Ushahidi, a group of digital activists doing cutting-edge work in open-source interactive mapping. “It’s the organizational structure that will matter most. Rigid structures are unable to adapt as quickly to a rapidly changing environment as a decentralized system. Ultimately, it’s a battle of organizational theory.”

This is one of the first lessons Heap learned when he faced the Iranians. In many authoritarian countries with a tightly policed ​​internet, citizens evade the state by using proxy servers that mask their identities while surfing the web. So, at first, Heap thought it would be useful to create safe proxies that Iranians could use. He posted tips on his blog on how people could execute powers of attorney from home. He soon had nearly 10,000 people following his instructions. But his efforts were almost useless; Heap was facing the Islamic Republic in a one-on-one match, and he was no match for it. Regime censors apparently read his blog too, and simply trailed behind him, closing proxies as he declared them ready for use. “We could watch Iran react,” Heap said. “We would do something, and they would block it.”

But then he had a stroke of luck. Someone with the online handle Quotemstr asked Heap to join a specific chat room. Quotemstr wasn’t interested in making unnecessary conversation. He was a disgruntled Iranian official who had information to share. He provided Heap with a copy of the Iranian filtering software‘s internal operating procedures. The 96-page document was in Farsi, but the diagrams told Heap what he needed to know. (A computer scientist, Heap learned his first programming language in fourth grade; he was programming in 18 languages ​​by his senior year of high school.) “Four days ago, I was slaying dragons with my firepower,” he recalls, “and now I was getting leaks from inside the Iranian government.”

Less than a month and many sleepless nights later, Heap and a friend had created Haystack. The anti-censorship software is built on a sophisticated mathematical formula that conceals someone’s true online destinations in a stream of harmless traffic. You may be browsing an opposition website, but censors will think you are visiting, say, weather.com. Heap tends to conceal users in content popular in Tehran, sometimes the regime’s government spokespersons. Haystack is a step forward for activists working in repressive environments. Other anti-censorship programs, such as Tor, Psiphon, or Freegate, can successfully mask someone’s identity, but censors are able to detect that these programs are running and then work to disable Communication. With Haystack, censors don’t even know the software is being used. “Haystack captures all outgoing connections, encrypts them, and then disguises the data as something else,” Heap explains. “If you want to block Haystack, you will block.”

The biggest hurdle Heap had to overcome was, surprisingly, his own government. Due to strict United States sanctions laws prohibiting trade with Iran, it was actually illegal for Heap to distribute software in Iran, even if it was intended to promote freedom. But his innovation caught the attention of the State Department, and it was fast-tracked for quick approval. In the past year, he also co-founded the Censorship Research Center, a nonprofit organization dedicated to fighting censorship everywhere. When I first met Heap in January, he was regularly commuting to Washington, DC, for meetings at the State and Treasury and with high-level lawmakers. “Tomorrow I meet [Sens. John] McCain, [Bob] Casey, maybe [Carl] Levin, but I don’t know if I’ll have enough time,” he told me, dressed in jeans and a well-worn T-shirt that said SUPER CHEVROLET SERVICE.

With its US government waivers in hand, Heap is now rolling out Haystack to Iran. His one-word mantra is “scalable.” Heap intends to gradually develop Haystack’s presence in the country. He started sharing it with select activists and trusted people by invitation only. They will then be invited to share it with their friends. This is the same model that was initially followed by Google’s Gmail. The targeted approach is smarter from a security perspective. Plus, he doesn’t want the software to collapse because of low value demand. “It’s better to focus on active people than on people who pirate music,” says Heap. “Growing organically will be much more effective than trying to cover the country.”

Of course, Iran will use any method, sophisticated or not, to counter such efforts. The Iranian regime has long made its presence felt online, blocking sites or redirecting traffic to government-run websites. Tehran frequently limits the country’s bandwidth, especially when protests are planned, to make downloading videos or images painfully slow or impossible. And, just as the Revolutionary Guards have taken on a greater role in most areas of the country’s political, social and economic life, they have also become the dominant force controlling the virtual world of Iran. In May, a senior Revolutionary Guard official boasted that the regime had built the world’s second-largest cyber army, after China’s. Created last year and known as Cyber ​​Defense Command, this unit is believed to be behind most hacks and infiltrations of opposition websites and email accounts. Heap says it would be naive to think the regime won’t target Haystack, and he claims to have thought through not only countermeasures “one, two and three…but also four, five and six”.

The only way to stay ahead in this cyberwar, however, is to play offense, not defense. “If it’s a cat-and-mouse game,” Ushahidi’s Meier says, “by definition, the cat will adopt the mouse technology, and vice versa.” Activists will need to get better at adopting some of the same tactics used by states, he said. Just as authoritarian governments attempt to block Voice of America broadcasts, protest movements could use newer technologies to jam state propaganda on radio or television. In Iran, activists are experimenting with ways to use new technological tools to cripple government surveillance cameras, blinding its eyes to the sky. Hacktivists will also need to constantly re-evaluate their technology, to see how it could be used differently. Meier’s own organization began as a web-based platform to map the violence that erupted in Kenya after that country’s 2007 elections. near real world to create crisis maps by integrating reports from people in the field via email, SMS or the web. The technology has proven critical in shaping the response to the earthquake disasters in Haiti and Chile and is credited with saving hundreds of lives. Although Ushahidi is best known today for helping with humanitarian missions, opposition groups are now using this evolving open-source technology to expose election tampering or voter intimidation in places like Burma and Sudan. . It was also uploaded in Iran.

The gradual and slow approach of Heap and others should not mask their ambition. After such an amazing year, I asked him where he hoped his organization would be in a year. “I hope we are ready to face the next country,” he replied. “We are going to systematically go after every repressive country that censors its people. We have a list. Don’t fuck with the hackers who will get away with you. A mischievous kid will show you how the internet works.” The dictators of the world should consider themselves savvy.

Dobson is writing a book on challenges to democracy, to be published by Doubleday.


Comments are closed.