After Haystack: Speech and Privacy Online

Friday, September 17, 2010


Last week on this show, Evgeny Morozov voiced his concerns about Haystack, software that purported to be a circumvention, encryption and steganography tool for Iranian activists online. The software hadn't been peer-reviewed but that didn't stop the media, including us, from giving it (and its creator) a heap of complimentary, credulous coverage. This week a team of independent security experts finally evaluated Haystack and declared it dangerously flawed, after which Haystack shut down, its chief software developer quit and its board disbanded. One of those software security experts, Jacob Appelbaum, explains what went wrong and what Haystack teaches us about speech and privacy online.

    Music Playlist
  • IDKT
    Artist: The Books

Comments [5]


Jacob Appelbaum's wish to see systemic privacy violations by government authorities and private network service providers sanctioned as barriers to international trade is laudable -- and spot-on given the direct import-suppressing/trade-distorting impact that such violations have on foreign Internet traffic exchange partners. In fact, these impacts have been explicitly if tacitly recognized by US foreign policy officials since at least 2004. Unfortunately, this wish seems unlikely to be fulfilled anytime soon, as whatever thin justification might be found for such a strategy -- e.g., in international telecommunications or trade-in-services agreements -- is completely undermined by three factors:

-- Widespread assertion (and acceptance) among sovereign authorities that any conflict between national telecom policies and international trade commitments can be justified by recourse to the telecom sector's unique national security significance.

-- The extreme plasticity of international telecom-related agreements, which generally allow signatories to take exception to (i.e., opt out of) almost any element of an agreement that they find inconvenient.

-- The sad fact that, of the national authorities that have previously demonstrated some enthusiasm for advancing or institutionalizing international change by means of international trade agreements, none has very clean hands with respect to this particular question.

Sep. 21 2010 01:38 PM
John Erickson from Norwich, VT

This follow-up was an excellent and thorough story --- in contrast to last week's that it was in response to. In computer security, "too good to be true" is nearly always the case.

The problem I have is that the guidance expressed this week by Jacob Appelbaum concerning the media coverage of crypto is NOT new; these principles --- peer review, open source, no-such-thing as "security by obscurity" --- have been exposed for well more than a decade. The core principles he expresses, often ignored, are in fact more than a century old.

A quick call by your producer to a top expert like Bruce Schneier prior to airing your FIRST story would have given you much of the same perspective (up front) that Jacob Appelbaum eventually provided (based on his hands-on analysis).

Sep. 20 2010 02:31 PM
Max from Richmond Va

Geez ... resigned and the Board disbanded?

What ... NOBODY has ever issued flawed technology?

So ... is BP disbanding?

Sep. 19 2010 04:43 PM
Ed from NYC

I thought that OTM went way too easy on itself in this piece as if saying "see, our mea culpa makes us superior to others". I find the general smug superior tone of this show distasteful.

Sep. 19 2010 06:56 AM
Peli from Washington, D.C.

Well, OTM, you took it on the chin for the "Haystack" story.

But, fear not! I trust individuals who admit their mistakes and learn from them more than most others who neither admit nor learn.

(By the way, I find Tor to be *very* slow...and I'm on a high speed network).

Sep. 18 2010 08:08 AM

Leave a Comment

Email addresses are required but never displayed.