The following are community updates from the weekly Glitter Meetup. If you need to connect to anyone mentioned below, please reach out. We do practice "consensual introductions," meaning we have to check with the person before doing so. No names are associated with the summary notes. Please contact us if you have any questions related to these notes. email@example.com
- If you've ever applied (or thought about applying) for OTF Funding? If you want to help improve the OTF funding process, read on! They are trying to improve the process: https://tools.simplysecure.org/survey/index.php?r=survey/index&sid=386482&lang=en
- The government (UK) and the US are cooking up the next crypto wars, lots of chat about banning end to end encryption. The debate seems to be a lot more sophisticated this time, and bipartisan, so may actually happen.
- ACSVAW urges the Special Rapporteur on Violence Against Women to visit Hong Kong to examine the seriousness of gender-based violence committed by the HKPF against the protesters; and recommend the Hong Kong Government to establish an Independent Commission of Inquiry to conduct impartial investigations: https://rainlily.org.hk/glosign
- Digital Grassroots published their year book and there are several pics from their amazing experience at the IFF. You can read it here : https://drive.google.com/file/d/1NssHtr7jhrHVqDQ1RItZvmRV2s39fJgm/view
- The big election is coming on Jan. 11 in Taiwan. Many people see this is a war between China and democracy world. At this point, how to help Hong Kong protester create a big fight and argument in Taiwan because some legislators want to pass "Act on Refugee " to help Hong Kong activists.
- In an entirely unrelated hearing about a finance bill, the court noted that their ruling last year (on Aadhaar) may have incorrectly accepted it as a money bill (which allows budgetary spending only) as the program didn't seem to meet the constraints for a money bill (well, duh!). The review petition got admitted after being on hold for a full year.
- New report on Trans Murders for Oct 2018 to Sept 2019
- A whole group of SEAsia organizations and individuals came together to release a statement of regional solidarity regarding all the attacks on bloggers, HRDs, journalists within the region: https://www.apc.org/en/pubs/statement-regional-solidarity-against-attacks-digital-rights-activists-southeast-asia
- CUHK turns into battleground between protesters and police as clashes rage on across Hong Kong universities ://www.hongkongfp.com/2019/11/12/cuhk-turns-battleground-protesters-police-clashes-rage-across-hong-kong-universities/
- Hong Kong protester shot by police with live round in critical condition: https://www.hongkongfp.com/2019/11/11/breaking-hong-kong-police-shoot-protester-live-round-sai-wan-ho/
Hong Kong Updates
- The activist also the co-founder of Civil Human Rights Front, was "attacked with hammers" on his head - https://www.bbc.com/news/world-asia-china-50073583
- Apple banned HKmap.live app from Apple Store (which the protesters widely use to track the location of the police during rallies - https://www.bbc.com/news/technology-50009971
- US lawmakers pass Human Rights and Democracy Act to protect HK: https://www.bbc.com/news/world-us-canada-50064803
How much does China influence your country or business in your country?
- China's Huawei says open to 'no backdoor' agreement with India: https://www.reuters.com/article/us-huawei-india/chinas-huawei-says-open-to-no-backdoor-agreement-with-india-idUSKBN1WT25H
- The Zimbabwean government has been over the past 10 years making serious connections and deals with the Chinese government. Zimbabwe has a whole military college that was built by the Chinese for the Zimbabwe Defense Forces, they recently received biometric equipment from China too for facial recognisition though they haven't started to use it. Most mines now are run by the Chinese.
- Tunisia has good diplomatic relationships with China. Chinese is one of the optional languages one can learn in high school. China sends regular donations/help to Tunisia. Because of the economic crisis, the Tunisian market relies on Chinese products especially the tech as I guess in many other countries.
- Direct link to the CCCamp2019 presentation by PI: https://media.privacyinternational.org/videos/watch/9c364e23-df63-40c7-8690-e4f3c3921ba9
- In Argentina Smaldone (the hacker who reported errors in the Smartmatic system, electronic voting system company) was arrested due sharing information on "GorraLeaks" (leaks on the Federal Police). This is also related to the upcoming elections late this month and the alledgly fraud on the primary elections. https://www.tiempoar.com.ar/nota/la-policia-detuvo-a-javier-smaldone-informatico-que-denuncio-a-smartmatic
The biometrics system in India and what its used for:
- India has patchy registrations of births, so there's a very large percentage of the population that doesn't even know their birth date.
- Since birth certificates are not a reliable foundational id, most of us have 10th grade school certificates as id proof instead, but these again are only available to those who went to school. Again excludes a large number.
- There are other id systems that are issued merely on the basis of someone vouching for you -- and this is very popular in India.
- In such a patchwork system, how do you do state-sponsored welfare while ensuring that welfare isn't misdirected to someone who pretends to be two individuals using two identifiers? Enter biometrics!
- Biometrics have been the holy grail for bureaucrats too lazy to use the more foolproof method: door-to-door verification. There have been attempts to find a way to make it work from the early 2000s.
- India is a federal union, similar to the United States. That means states have primary jurisdiction over individuals and the central government mostly regulates national issues. There are (or were) only three national id databases in India: for income tax, elections and passports.
- So there was no scope for a national id since primary id is issued by a state, similar to the DMV in the US. But a separate idea was born in the aftermath of the Kargil war with Pakistan in the 1990s. A national database of citizens so that infiltrators/terrorists/anti-nationals could be identified.
- This surveillance database project got repackaged as a targeted welfare distribution project over the period of a decade, so that by 2009 Aadhaar was conceived as a welfare project. But the surveillance origins never went away.
- If you are critical of the government and you are poor, it could be a way for them to deny you access to social services
What is the desired outcome of the activists fighting against its wide use?
- The petitions in the Supreme Court pleaded for the project to be shut down and all data deleted. The court upheld the project in 2018.
- Many activists realise that Aadhaar is the first nationally valid identity document issued to the vast majority of Indians and this is important. Therefore, it should not be shut down, but it should instead be made to work like an actual identity document. However this is going to require considerable work as the design is entirely premised on its origins as a surveillance project.
Any facts or things we should know
- The amount of fake news and propaganda coming from official sources is mind boggling. If you hear something positive about Aadhaar, there may be a kernel of truth in it somewhere, but everything around it is likely propaganda.
- Highschool student was shot with live, today the HK gov announce face mask ban -- https://www.bbc.com/news/world-asia-china-49918889
- In Peru, the Congress was suspended and there were some resignations from high office politicians. https://www.nytimes.com/2019/09/30/world/americas/peru-vizcarra-congress.html
- Indonesia protests: https://www.aljazeera.com/news/2019/09/driving-latest-protests-indonesia-190926090413270.html
- Indonesian journalist in HK, shot on her eye by rubber bullet: https://www.bbc.com/news/world-asia-china-49910636
- Kenya is currently having a court trial for Huduma Namba, their biometric id scheme: https://www.livelaw.in/interviews/kenyan-court-niims-huduma-namba-scs-aadhaar-challenge-v-anand-148657
- The Supreme Court of Jamaica shut down their biometric identity program, citing the dissenting judgement from Justice Chandrachud in India.
- From Russia, the New Emperor's DPI is getting some live traffic in test deployments, some people try to observe/research some of its features regarding banning Telegram, Tor and ordinary websites.
- Twitter recently released a 1.6 GB archive of tweets that it determined had been spread by the government of the People’s Republic of China (PRC) as part of an information operations (IO) campaign to attack and discredit ongoing protests in Hong Kong. IFTF’s Digital Intelligence Lab analyzed the data to examine key influencers, common messaging themes, strategies, and oddities in the data.
- TvT (Trans respect versus Transphobia worldwide of Transgender Europe) research project that do 2 pieces of research (1) Transgender Murder Monitoring, and (2) Legal and Social Mapping of country situations for Transgender and Gender Diverse communities. transrespect.org/en/ | https://tgeu.org/
- This is digital safety guide for Indian activists. https://github.com/kaarana/digital-safety
- Rutatrans is a project that is mapping along with some NGO and activists safe places for trans people in latinamerica. The project is an app, you can find more info about it here http://rutatrans.org/
- Dmitry Bogatov (Tor relay operator who was detained for a ~year in Russia) is finally in US, seeking for asylum & he already got job permit.
- Access Now and Keep It On coalition sent an open letter to HK administration on selective Internet shutdowns and state sponsor DDoS attacks on major forum and news portals: https://www.accessnow.org/internet-shutdowns-will-harm-hong-kong/
- Check out the Hong Kong protests timeline and police brutality incidents: https://hkrev.info/
- HKISPA strongly oppose selective blocking /censorship in Hong Kong: https://www.hkispa.org.hk/139-urgent-statement-of-hkispa-on-selective-blocking-of-internet-services.html
- Suspicious sniffers Programmer discovers thousands of phone numbers, addresses, and geolocations apparently leaked by Russia’s ‘SORM’ surveillance tech https://meduza.io/en/feature/2019/08/27/suspicious-sniffers
- This was shared during Chaos Constructions festival at St.Petersburg, Russia last weekend
That was a story of, likely, "Lawful interception" devices (something like PRISM project that Snowden have described) in Russia leaking actually intercepted traffic. One of key differences of Lawful Interception in Russia (also known as SORM) is that it intercepts everything and sorts out what is relevant and what is not on its own. As far as I know, it's done a bit differently in EU. So those devices were leaking actual user traffic to everyone interested, including webpages visited, email addresses and, sometimes, geo-coordinates. And the cherry on the top of the story was that one of the "leaky" devices was in Sarov, nuclear research center of Russia. I worked with the journalist to make that article suitable for the general audience and, I hope, we've succeeded
- The economic situation is Zimbabwe is now at another level, demonstrators were beaten up last week, there are now serious level of digital & physical surveillance, cases of abductions are on an increase too. So most hrds are now living on the edge & on the run.
- Vietnamese authorities are ramping up the pressure on Facebook, trying to add some verification steps so they can better monitor FB accounts.
- Internet shutdown and gov deployed more than 1,000 troops to West Papua as protests continue to rage over the arrests of Papuan students.
We discussed some aspects about Southeast Asia:
So what countries do we think are the worst in surveillance and censorship in southeast Asia, besides China?
According to the past OONI tests, it's Indonesia. Should put more eyes in Vietnam and Cambodia, because we don't have many digital rights activists around those.
Are there any surveillance and censorship trends you are witnessing in the area?
cyber/ICT law. It's actually a chain effects in SE Asia. One of the country started to amend ICT law, the rest will trying to pick up. First Malaysia, then Cambodian gov trying to amend their cyber law and put something in, then SG now has this falsehood information law, then Vietnam has new cybersecurity law.
The Asian community has a lot to teach us just because they have been dealing with this stuff so much more longer and intensely because of China.
What countries do we think are the strongest in terms of digital rights.
Myanmar is good! Digital Rights organizations are growing. Indonesia as well actually, Philippines too, but Philippines too huge, they still need a lot more works.
- In Moscow, 77 people asked for medical help last Saturday, over 1,300 people detained, protest leaders arrested for up to 30 days and computers and other digital media grabbed during night searches.
- Notes about the protests in Russia: https://ifex.org/location/russia/
Resources for being safe during protests:
- Digital Security Tips for Protesters: https://www.eff.org/deeplinks/2016/11/digital-security-tips-for-protesters
- CyberSecurity during protests: https://theintercept.com/2017/04/21/cybersecurity-for-the-people-how-to-protect-your-privacy-at-a-protest/
- How to Protest Without Sacrificing Your Digital Privacy
- Umbrella's Protest section:
Eva Galperin is the featured guest of this Glitter Meetup. She leads the conversations on Stalkware. Seh has convinced three companies to detect and report stalkerware and spouseware: Kaspersky, LookOut, and Malwarebytes.
|Eva Galperin work:
What is Stalkerware and what is the state of the current industry?
Stalkerware is commercial software that is advertised to people who wish to covertly spy on other people's devices. Often these people are involved in abusive relationships with their targets. Sometimes they live together or used to live together. So stalkerware is sometimes predicated on physical access to the devices, having the username and password for the device, or being able to coverly jailbreak it.
Currently there are several companies that make this kind of software, especially for mobile devices. It runs on both iOS and Android. And there are dozens of resellers. Some of these companies are based in the US, but others are based in India and the Netherlands.
For using Stalkerware tech on iOS, should the phone be jailbroken as a rule?
A lot of the iOS stalkerware requires a jailbroken device, or it simply requires the AppleID and password and then scrapes iCloud backups.
And Android devices are already fine with sideloading.
Is there ever a valid use case? Since the software can be marketed as a security tool that allows you to monitor for possible un-approved access of your own phone, how can we go after the people/companies writing these software?
Tracking other devices has a use case. Tracking them in a way that is designed to fool the user into thinking that nothing is going on does not.
The key to dealing with duel use stuff is to make sure that the software has a single place where you can go to see who has access to your device and what devices have been using that access.
Where should we focus our efforts on fighting Stalkerware tech?
Covert spying. There are a lot of laws that these companies, their resellers, and their buyers are breaking.
The big problem with covert spying is also that it is especially terrifying to the victim, because they don't understand the limits of their abuser's power.
Most staklerware, once it's installed, can see all of the messages in all of your apps.
How is the future of Stalkware companies and laws?
Hopefully, this year companies will detect and report starkerware and spouseware. Then it will not matter which AV you install. It will tell you if you have spouseware or stalkerware on your device.
In the US, wiretapping is a pretty big deal, and even children have some degree of privacy rights, even from their parents.
In the meantime, the biggest problem is just finding people who can work with individuals and groups on the ground. Eva is trying to work at the policy level to make it harder for this kind of abusive behavior to take place, but individuals being targeted have a very hard time telling the difference between device compromise, account compromise, and information leaks. To them is all "my phone is hacked."
If you're suspecting your partner of using stalkerware, how does one even begin to mitigate this? what are the signs to look out for on the phone?
Usually, if you're concerned about malicious software on your device (unless you're worried about a state actor), you install anti-virus software and run it. This is not perfect, but it will detect a lot of crimeware.
Do you think this work could lead sometime to advance in finding indicators of compromise in other kind of spyware? I.E the same thing but sponsored by govs?
Yes. See LookOut's StealthMango report. Today's stalkerware is tomorrow's nation-state tooling.
Is there a reliable tool / guide to detect stalkerware in the wild? Does Google Play Protect detect them too?
Right now, I'd just recommend downloading AV from one of the three companies that has come on board. It's not foolproof, but it catches a lot of it.
Google can't even keep the products out of their own Play Store reliably.
What can the IF community do on this front? is it more advocacy? more awareness/education? It feels like the technical fight is always a cat and mouse game.
The technical fight is exhausting and annoying, but there is still a lot that can be done to increase the difficulty and cost of this kind of spying. We haven't even started the cat and mouse game yet.
There is a lot of advocacy work that can be done in getting software developers and makers of wearables and IoT devices to start thinking about domestic abuse as part of their threat model.
It's such a multi-pronged fight, that there is plenty for everyone to do.
|Resources on Stalkerwares:
| Updates & Projects:
Carlos Rey-Moreno, and currently I'm coordintating the work that APC does around policy and regulation to enable community networks and small operators within the current LocNet project: https://www.apc.org/en/project/connecting-unconnected-supporting-community-networks-and-other-community-based-connectivity. I'm also one of the co-founders and director of Zenzeleni Networks (https://www.youtube.com/watch?v=R9u-hfxAeBo) a CN in rural South Africa, and have been working and researching on the topic for more than ten years, specially in Africa.
Cynthia el khoury, currently working with Carlos on APC's connecting the unconnected project as gender and women's engagement coordinator. Also a trauma resolution practitioner and healing justice activist. Has an extensive background in community health.
What is a community network?
A 'community network is telecommunication infrastructure deployed, maintained and operated by people who use that infrastructure to meet (some of) their communication needs. Having said that, community networks vary enormously among them in their scale, the technologies they use, the services they provide, their governance structure, and also the motivation behind starting one.
The reasons why they are used also vary, they go from providing services in places where there is none (or gets disrupted often, i.e. via internet shutdowns); to provide affordable services in places where people can't pay existing ones; to motivations related to technological autonomy and sovereignty. All in all, they are a people's alternative to mainstream approaches of control and decision making of the telecommunications infrastructure and the information that flows through it.
Community networks are also alternatives that grant communities agency. They enable various forms of connections and community exchanges. In some parts of the world, CNs are being utilized to conserve heritage, explore taboo dialogues and consolidate relationships. They are also revealing themselves as entry points to sensitive conversations around consent, sexualities and bodily rights. There is this misconception that community networks exist only in the "global south" while they are also in the UK and Spain.
| Training Opportunities:
- There are resources, more than one may think, sometimes embedded in calls for proposals from different donors. APC tries to crowdsource them all and include them in its monthly newsletter: https://www.apc.org/en/community-networks-and-local-access-monthly-newsletter
- in different countries there are different frequencies that can be used for wireless communications, but not all of them are "free" to use... either the government or the military control them, or they have sold them to companies for big money.
"We will determine the technical, legal, economic and social viability of a self-sustainable model for rural social community networks, empowering communities actively through organizational and learning processes in which they can participate in its design, implementation, and operation. and appropriation of the model, "said ICT Minister Sylvia Constain."
What are the first steps for folks that want to create their own Community Network?
In general you need some capital for the equipment, relaible electricity, and, most importantly, an inclusive and participatory plan for people to join your efforts. Then if you want to provide internet services, you would need an internet connection to share. The more remote you are, the more difficult, and expensive, it is to get reliable electricity and internet.
The first skill is that It is also as important for a community to keep in mind that relationships and community values are the most valuable bit of a community network. When a community wants to start a community network, there needs to be clear and transparent communications of roles and an understand of how and why the network is being build.
Community networks can pose a great way for so many different forms of freedoms that a community can access. like setting your own internet principles, not sharing data with third parties, preventing online violence and other areas that are now so much harder to engage in on other networks.
As one community networks member from Detroit beautifully put it at IFF "you can teach community technology, but you can't a techie community" and that is one of the most important skill to have and harvest.
Technologies have evolved a lot to become almost plug and play, so you can learn slowly. There are many people around who would be super happy to support you with issues that come your way.
In terms of obstacle, beside the technical part, sometime its also administrative issue from the local authority.
Good examples of where community networks have been successful
Colnodo is a great example. Colnodo is a project of three pilots, all of them in rural areas. The challenges there have been more politician than technical because there are no regulation for that. In all the cases, they help the communities to build their own infrastructure. This year, after many months of advocacy, they made an agreement with the ICT Ministry of Colombia with the purpose of determine the variables to be taken into account for the definition of a community model of sustainable rural telecommunications in remote and uncovered areas of the country.
Mesh networks are only one way of creating community networks, and that although during a big part of their recent history, most community networks were built as wireless mesh networks, now it's not the case any more. Now there are CNs deploying fiber, there are CNs deploying GSM and LTE networks, even community networks using WiFi use complementary topologies to mesh.
At the end of the day, mesh is just a way of the WiFi routers interconnecting (meshing) with each other. This is different to the traditional way WiFi operates where, for two devices to communicate with each other, they need to go through a router, same goes for routeres communicating with each other. There is some sort of hierarchy to it in the traditional way WiFi operates that was eliminated when WiFi mesh routers started to be avaible. It is much easier to extend the infrastructure with mesh routers, although it comes with other limitations.
Some communities deploy various kinds/types of networks depending on the geography of the space. It is also good to always keep in mind the sustainability of the network before deciding on the kind.
Community Networks may seem hard to maintain and develop in a long term vision. How can we keep Community Networks evolving?
There are many people out there, like us, willing to help. So it is also important to understand from interested folks what is actually putting them off so we can try to make it easier for those who want to start a Community Network. We all need to come together and share experiences, fears, doubts etc.
Often times, community networks might seem intimidating for folks who especially do not have a "technical" "education". so that might lead some of us to go into a procrastination mode.
What helps is to get ourselves into a mindset of "i want to start a Community Network" and then find the ways to start!
Sometimes from the inside it is difficult to understand what is missing. So we need your help to understand what would help initiate a person, a group or a community into community networks.
In most countries deploying telecommunications infrastructure and providing electronic services requires licenses, or at the least telling the telecoms regulator that you are doing so.
It is easier and cheaper to build wireless networks. For this most CNs use WiFi because it can be used for free. In some countries other sepctrum, like the one for GSM or LTE networks, can be used as well, but it is not the norm (although we are fighting for this :-D).
There are some examples of CNs building fibre networks, primarily in Europe (https://b4rn.org.uk/, http://guifi.net/), but this requires a level of investment and cooperation that is out of the scope of many rural communities in the Global South.
It is also as important for a community to keep in my that relationships and community values are the most valuable bit of a community network. When a community wants to start a community network, there needs to be clear and transparent communications of roles and an understand of how and why the network is being build. Community networks can pose a great way for so many different forms of freedoms that a community can access. Like setting your own internet principles, not sharing data with third parties, preventing online violence and other areas that are now so much harder to engage in on other networks.
As one community networks member from Detroit beautifully put it at IFF "you can teach community technology, but you can't a techie community" and that is a crucial advantage that we have over regular market providers.
Let's talk about Regulation and Policies inside Community Networks and technology.
It might be daunting for people the idea of providing themselves with their own telecommunications infrastructure. Big operators have made a great job on seeding the idea of how difficult it is to do so, but actually it is not that difficult. And the only way you realize this is by actually getting your hands dirty. Starting small, familiarizing yourself with it, and build complexity as you go. There are software and hardware that allows you to "mesh" in a pretty plug-and-play way, some of them even developed by the Community Network community, like the Librerouter and Libremesh.
How is Briar or Relaynet different than a Community Network?
if it's infrastructure that you or your group have full control then it could be consider a Community Network.
The importance of the participation of civil society in the spectrum management discussions and and how can be used for non profit initiatives
Sometimes part of that spectrum is not totally assigned, sometimes that spectrum is assigned but not used in certain areas, because there's no commercial interest for it. That leaves most of the Community Networks end up using WiFi, which is not bad, as it has allowed most of the development of the CN movement, but no the most efficient way.
So, convincing governments for social used of social use of those frequencies is critical... Rhizomatica managed to get some in Mexico, and now Colnodo is in the same path in Colombia, but is not the norm.
What trends do you see in coming years regarding CNs?
There is an increasing interest on community networks from many groups (this chat is just a proof of it) as, a) it is becoming obvious that the mainstream connectivity models won't reach everyone affordably, and b) there is an increasing concern over the lack of autonomy and sovereignty we have over our own communications (and the underlying telecommunications infrsatructure). Although for many years this wasn't very fancy, many digital rights advocates are understanding its importance and wanting to know more, and in this sense community networks do bring an alternative in both cases. I hope that that growing interest translates into more community-owned infrastructure on the ground.
There is also a growing sense of movement around it, with different people contributing to solve the different challenges that CN face: making technology easier to deploy maintain and operate, creating apps and tools relevant for the communities themselves, removing policy and regulatory barriers for their deployment, creating processes and mechanisms to address inequalities and exclusion within the movement and within the CNs themselves.
We also feel that there might be cross exchanges with other movements like land rights, environmental justice, bodily and healing justice and other human rights defenders.
Community Updates 2019 Part 1
You will find here all the ideas, discussions and topics that the community created from January to June of 2019 on our weekly Glitter Meetups:
Community Updates 2018
You will find here all the ideas, discussions and topics that the community created during the 2018 on our weekly Glitter Meetups: