Freedom of Expression: Interview with Ronald Dielbert, Munk Centre, Canada
Director: Namita A. Malhotra, Subasri Krishnan
Duration: 00:31:19; Aspect Ratio: 1.819:1; Hue: 75.443; Saturation: 0.076; Lightness: 0.461; Volume: 0.162; Cuts per Minute: 0.479; Words per Minute: 142.014
Summary: Ron Deibert is Director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs, University of Toronto. The Citizen Lab is an interdisciplinary research and development hothouse working at the intersection of the Internet, global security, and human rights. He is a co-founder and a principal investigator of the OpenNet Initiative and Information Warfare Monitor projects, and has also created the Psiphon project that works alongwith a browser to ensure that internet activity cannot be tracked.
In this interview, Ron Deibert speaks about censorship and governance practices in Asia specifically and across a wide range of governments and countries. He speaks specifically also about third generation internet governance strategies of the State, that involve throttling opposition web spaces, reducing internet speed and also flooding cyberspace with content that is in accordance to State agenda.
Subasri Krishnan: For the record, can you tell us who you are, your name, the organisation you come from?
RD: I am Ronald Dielbert. The Director for the Citizen Lab at the Munk Center for International Studies at the University of Toronto.
SK: Can you tell us a little about the work that you do, your center - what it does?
RD: Sure. The Citizen Lab is a interdisciplinary research and development center. Our aim is to document, monitor, analyze and ultimately impact the exercise of power in cyberspace. We participate in several collaborative projects including the Open Net Initiative, the Information Welfare Monitor; we've developed technologies that help people get around internet censorship, including Cyfon, which is recently spun out of the Citizen Lab as a private corporation.
SK: Coming to specifically you speaking about these collaborations. What's the sort of work that the Munk Center and ONI do?
RD: Well, in our research projects, our aim is to try and better understand the hidden geo-political competition that's going on within cyberspace. For most people, the internet experience begins and ends with their computer screen in front of them. But if you actually follow the information through the fibre optic lines and through the routers and internet exchange points and (?), there are many instances where authorities can either block access to information or monitor communications or destroy communications.
RD: And what we wanna do is map that and understand what exactly is going on. So we've developed several emperical based research projects that help us really understand what is happening and how (?) are exercising powers in cyberspace.
SK: My next question, actually I'm going to break this up into two. One is why is it important to map it? And what have your research findings been?
RD: The reason that its important to map the exercising powers in cyberspace is that these technologies of communication surround us. They mediate everything we do today, from the way we communicate to how we bank to how we interact with the state, with government. There is also the vector through which power is exercised today and its often done in a variety of hidden ways that are not apparent to the average person. So when they are commmunicating over their BlackBerry or their cellphone, they don't see what happens beneath the surface.
RD: So in order for us to really check and constrain the exercise of power and make sure that our rights and liberties are protected, we need to be able to probe and monitor and really lift the lid on the internet and see what's going on. It's not obviously apparent to the average user. That's a very difficult exercise.
SK: You were saying about...
RD: Why it's important, yea...The reason the research is important is that these technlogies of communication permeate everything they do, they surround us. They mediate everything we do in life and they are also the vector through which power is exercised by authorities often in very hidden ways.
RD: And so our aim in these research projects is to life the lid on the internet, show what goes on beneath the surface. And in doing so, hopefully check and constrain the arbitrary use of power and protect individuals liberties as they communicate.
SK: My next question is where are the countries that you have been conducting this research and can you tell us some of what your findings have been of this research?
RD: Well, the Open Net Initiative started by really being concentrated in a few universities in North America and England and our aim was to understand what was going on in countries where censorship was very pervasive. For us it was a choice having to do with the fact that there are obvious cases and we could interrogate them remotely because we didn't have resources in that country.
RD: So we started out in 2002 - 2003, focusing on China, Saudi Arabia, Iran and we realised though that in order to properly understand what's going on we needed to have researchers who have lived in the countries under investigation, who have understood the local context, who not only ran tasks for us but helped us interpret the results of the test and also interpret the results and put the technical findings in a broader social, economic and political context.
RD: So over the years we have been fortunate to be able to expand our research networks to just about every region in the world. Right now we are finishing up testing in 68 countries. And the results of that have just been analyzed. So we know that internet censorship is a growing problem. Out of the 68 countries that we tested we found evidence of filtering in about 35 of them and that doesn't include countries where filtering is done by private entities for reasons of access to try pornography or in business environments or in schools and libraries. It's just state mandated filtering. So that's a large increase in the number of countries that block access to information for their citizens.
SK: And are these countries generally in the eastern part of the world? Have you been conducting tests in say, North America and so what are the differences?
RD: Well, I think initially, I wouldn't say countries in the East so much as authoritarian countries were driving the agenda here - governments that were threatened by freedom of speech and access to information were attempting to erect barriers in cyberspace. But what's happening increasingly is that the normative environment for internet censorship and surveillance is really being driven by the advanced industrialized countries who, although they don't do it secretly necessarily, are now increasingly promoting the use of filtering software and censorship technologies to block access to pornography or to content that they find strategically threatening.
RD: Whether it's militant content or hate speech and in just about every European country and in North America there are either regulations to have internet censorship or technologies in place, voluntary systems of filtering going on. And this is combined with of course, very pervasive surveillance in those countries, mostly under the guise of anti-terror legislation. And so I believe that this is driving the agenda now, it's creating a normative terrain where it's legitimate now for governments to adopt internet filtering practices because it's something that's being done in the West among the industrialized countries.
SK: My next question to you is a little more detail about the technology. How do you conduct this research? What is the software that is used? How?
RD: Well, to backtrack a bit, the way I would describe is the methodology that we use in the Open Net Initiative is a combination of technical (?), field investigations and data mining and analysis and ultimately visualisation of the data. So the technical (?) is focused mostly around a suite of software tools that we have developed. At the most basic level, what they do is that they check accessiblity to categorize lists of content. And this is content that we categorize into different baskets.
RD: So what we do is, in each country we test for accessiblity to thousands of categorized websites. In each country that we run tests, we check for accessiblity to what we call global content. So this is content that we have categorized that is uniform across all the countries in which we test. And then we also test accessibilty to content that is in the local content category. And this is content that is unique to each country that has either been reported to have been filtered or suspected to be filtered. It's usually put together by researchers who live in the country and they understand the context.
RD: So these are websites of local opposition groups or human rights groups or women's rights groups. So when the software is run, what it does is it connects back to databases in Toronto and makes connections simultaneously to the content within the country and to a proxy computer based in Canada. So it simultaneously checks for accessiblity. If it can retrieve the content in Toronto, but not in (?) or Malaysia, we know that something is wrong. And it does a series of further tests that map that connection to see where the problems are occuring.
RD: Once that data is brought back to the lab, analysts then pore through it and it is quite a laborious process where they look for anomalies and try to figure out exactly why the filtering is occuring. And then of course all of that raw technical data and the results that are generated from it have to be put in to some sort of context and that's where specialists or regional researchers then try to understand why is it that, for example, in this country, they don't want their citizens to access this particular website or this particular service. And that can only be done by somebody who understands the country. So it's a fusion of field investigations, technical (?), data mining and analysis that's become quite elaborate over the years.
SK: Just briefly, what are findings in India because on face of it the government seemingly doesn't interfere. But that's not true. So what are your findings?
RD: Well, India is a very complex country because it is a very large country. There are so many internet service providers. It's very difficult to understand what's going on in that country because often regulations are passed down to internet service providers to block access to maybe an exremist site and the way in which its implemented can often be done in a very clumsy way by internet service providers or can be done differently by one internet service provider than another. My understanding, although I'm not a specialist in the country, is that there is a great concern over extremist or militant content and there have been some instances in the past of massive clatter of filtering.
RD: So in other words in aiming to control access to certain newsgroups of websites the ISPs have ended up filtering alot of content that has nothing to do with it but it shares the same domain space. It's a country that is sruggling like many countries with the balance between the right of freedom to speech that's inherent in a democracy, the right to communicate but also the problems that can emerge when information is circulated widely that's strategically threatening.
SK: Another question which is connected to what you just said previously, is how do you make sense of a country say like Malaysia or Singapore whre on paper the government promote IT and commerce and everything, you don't have censorship, you say it, we don't censor, on the one hand, but on the other you do have intimidation (?), which is like censorship of a certain kind. Or the self censorship, say in Singapore from what I could read from the report there is not much filtering that happens.
It is set in a certain socio political environment. So how does your research make sense of countries like that?
RD: Well, that's an excellent question. In fact, one of the challenges for the Open Net Initiative right now is to develop new methodologies that target and measure to some extent, forms of control that are much more subtle and fluid than simple technical filtering software tools that are easy to document, relatively speaking. We've developed and refined a methodolgy over many years that is targeted at what we might call Chinese style filtering. In other words filtering that is at key internet choke points that contains a blacklist of banned websites.
RD: We developed a metric where we compare connectivity from two locations if we can get to the content in one but not in the other we know sometihng is wrong. But that method doesn't get at the things that you're talking about which are more subtle forms of information control.
RD: So the method that the Open Net Initiative has refined over the years, doesn't capture these new forms of control, these new generations of control that we see in many parts of the world that involve more subtle, more fluid, more temporarily fixed methods that are aimed to shape access to information moreso than just simply deny it.
RD: And in fact those are the ones that are more powerful because they are more deeply embedded and pervasive in society and in many of these countries where there is no apparent internet filtering, there is still, maybe even more effective forms of subtle information control, either through a combination of the methods you talked about or targeted surveillance, selective arrests, regulations that are broad and difficult to understand, which together create a climate of self censorship.
SK: Going to the next question, can you explain to start out, the difference between Ghost Track(?) and Ghost Net(?) ?
RD: Ok. Ghost Net is the name of the network that we discovered that was an apparent cyber espionage network affecting 1295 computers in 103 locations. The reason that we called it Ghost Net, we gave it this term, we coined it ourselves is because one of the tools that was used by the attackers or attacker was a Trojan Horse called Ghost Rat(?). This tool is a tool that allows the attacker essentially complete control over the infected computer, meaning that it provides a snapshot of the entire system, indeed it provides a snapshot of the desktop, takes a snapshot every couple of seconds.
RD: You can see all the files in the system and transfer them easily over unbeknownst to the operator of that computer. You can access system files, you can insert other malicious forms of software. You can turn on the audio capture device, you can record from any video system that's on if it's connected to the internet. So it's a very powerful, simple-to-use tool and it was one of the ones that was at the heart of the Ghost Net cyber espionage system.
SK: Going into a bit of detail, can you tell us the whole Ghost Net thing in China? How did you know this was happening and how did you figure out?
RD: Well, the first thing I would say is that unlike what has often been reported, we didn't stumble upon this case. It wasn't a "sting". It is a product of a very deliberate 10 month investigation and we started out by choosing very carefully this case. The investigation began among Tibetan communities, the Tibetan government in exile, the private office of HIs Holiness the Dalai Lama. We selected that case deliberately for a number of reasons. We wanted to explore cyber espionage, which is very difficult to map and monitor surveillance, unlike censorship, often doesn't leave a fingerprint.
RD: So you very much need the co-operation of affected parties. In this case, we had a group that was likely to be targeted for surveillance because of their political activities and the fact that they are very controversial. It's also a group that had reported to have been affected by surveillance and targeted censorship and so on for many years but there is no documentation of this. And lastly, one of a our researchers, Greg Waldon (?) had a long standing connection to the Tibetan communities, going back many years.
RD: And so he was able, through those relationships of trust, explain to them, the aims of our research which suited their needs as well because they were of course very concerned about computer security. And so we began our investigations by doing field research in Dharamshala in India and later in offices in London, Brussels, New York and elsewhere. And what we did in those field investigations was interview people, find out where sensitive information would likely be stored on which computers, get a sense of basic computer security practices among these oraganisations.
RD: And the purpose of that was to narrow it down to selected computers that would be likely targeted for attack. We then setup network monitoring software to maunder the traffic on those computers. We essentially wiretapped them. We used a tool called WireShark(?) which allowed us to see the data that was passing from those computers through the internet beneath the surface, so to speak. We recorded that data and analyzed it and realised that indeed these computers were thoroughly compromised, there were massive security holes.
RD: We then took the data back to Toronto and we began a process of systematic analysis and investigation. One of the lead researchers, NW (?), on a hunch, noticed that there was a string of characters that repeated in the WireShark data. And so he took that string of characters and simply entered it in to Google and did a search and came across one of the control servers that was used in this network.
RD: When we looked at the interface for the control server, we realised that not only were the Tibetan organisations affected but there were a wide range of other computers in very sensitive locations that were also affected. And so we began to analyse that and of course came up with what we came up with, which was quite an extensive network of infected computers worldwide.
SK: Who is responsible for this? It could be the Chinese government but who do you think?
RD: Well, that's a very good question. We were very careful in the report to list several alternative explanations. Of course, the circumstantial evidence points very heavily towards China. The range of infected targets, for example, seem to fall almost like a radar sweeping across the southern border of China. High value economic and political targets, the Indian embassy and DC for example, Tibetan communities, other organisations that would be of strategic interest to China. The attacker connected to computers that we setup as a honeypark computer from IP addresses that were based in Hainan Island, which is the home of the people's liberation army in particular, their main signals intelligence facility.
RD: Much of the control interface was in Chinese. So, all of that together seems to point towards China being the main operator of Ghost Net. But there are other alternative explanations, I think it's very important to spell these out. For example, it's not inconcievable that these targets could be infected co-incidentally because they share many of the same communication vectors. They all, for example, participate in (?) and could have shared e-mail traffic and word documents and ended up being infected in ways like a virus operating in cyberspace.
RD: It could have been operated not by the Chinese government per se but by a criminal organisation that was targeting these organisations in order to sell the data that was derived from it to the highest bidder. That's something that we have seen in other parts of the world. For example, in the former Soviet Union it's not uncommon to hear about governments contracting out attacks of this sort to private acts or criminal organisations. Lastly it could be another government altogether disguising the network to appear as if its coming from China.
RD: It's one of the characterisitcs of the internet and attacks of this sort, that they can be staged from other parts of the internet and your identity disguised in various ways, although in this case that's pretty unlikely, given a variety of contingent factors that would have to be added up for the system to work. So all of this to say that when you're examining these types of incidences, it's very important that researchers take the time to really lay out all of the different explanations for something like this. And that's something that we try to do very carefully.
SK: Could also be a hacker?
RD: Could be just an individual.
SK: So, my question then to you is just that is there an ideological position you have that it could just be a hacker or it could be a state, is there an ideological position you have vis-a-vis the individual versus a state kind of censorship and surveillance monitoring or you see it all as the same kind of thing?
RD: Well, my starting point for all of this research is, I take a very broad historical perspective. I am not a computer scientist or an engineer. Technically I'm a political scientist but I was trained more as a historian really and a political theorist. And my starting point for all of the research I do is that we live in an increasingly finite political space. It may seem like a big planet but in fact it's very small and we have many shared political problems. And seems to me, basic starting point and an assumption that if we 're ever going to solve these shared problems we need a medium of communication through which citizens around the world can exchange ideas and share information.
RD: And for better or for worse, the internet is that medium right now. But it's been carved up, colonized and militarized. And that is coming from states, it's coming from corporations, it's coming from indivduals in some cases. So, the research that I'm involved in has as its aim to first understand the dynamics of this competition, to find out what's going on. But then find ways to protect and preserve cyberspace as a medium of free expression and access to information. As a form that doesn't threaten peoples' privacy but protects and preserves it. And that to me is the challenge of the 21st century in fact, and that's why I'm doing the research that I do.
SK: Just a few more questions, you said that it wasn't that you stumbled upon it. You are already setting up base for the research. Are you allowed to divulge if there are other countries that you're looking at?
RD: Yes, in fact we are monitoring your communications 'cause we suspect that you're maybe threatening individuals around ..no it's a joke!! You didn't even laugh!
SK: I thought you were talking about India!
RD: You were nodding. You were just...no surprise! Which makes me worry!
SK: No! It's well possible it's India so I...(laughing)
RD: Well, yes in fact the Ghost Net investigation was one of a series of investigations that we have active cases. We are interested in understanding the broad geo politics of cyberspace, including internet censorship, surveillance, information warfare, denial of service attacks in the context of traditional kinetic conflicts. So we have cases that we are investigating in just about every region of the world right now. Some at different stages of development. Some that begin with the technical interrogations first followed by field investigations.
RD: Of course I can't talk much about them while they are in progress because that would jeopardise the research itself. But we do have many active cases and yes, this was one of several that we have on going.
SK: Just another question - how do you see forums like IGF, contributing to a shared understanding of some of the issues we have been talking about? Does it make a difference?
RD: Well, generally speaking the question of internet governance and cyberspace governance is extraordinarily important. To deal with the questions that I'm concerned about we have to grapple with that issue. The Internet Governance Forum, I think, has been criticized by a number of people for being ineffective. It's set up in such a way that it really lacks any authority. It can't enforce any standards or mechanisms and of course there's a great deal of debate within the IGF, there's no uniformity of opinion and now I hear that people are even talking about abolishing the IGF.
RD: That China's recommending, for example, that its term not be extended. However, I think it has served an important purpose. Maybe an unintended one, I think it has been a very valuable place where civil society actors in particular, non state stakeholders to use the language of the IGf, have beenable to get together and share infomation and network and develop relationships and strategies and share tools and so on. Whether that was the intended consequence I'm not sure, but it has certainly been a very important by product.
RD: I think there'll always have to be a forum like that. And at the same time though I think we need to think about what will be meaningful structures of legitimate cyberspace governance moving forward, and that includes dealing with issues around ICAM for example, IGF as well, the ITU and of course, national policies and local policies. So cyberspace governance is something that runs from the global all the way down to the local level.
SK: Just a very quick question - it's often said in the UNI report that the internet wasn't meant to be secure in the first place. And it's just a bunch of random thoughts I'm throwing out so you can respond to it. About saying that and also about how users themselves are putting up a hell of a lot of private information online these days and what is this contemporary moment in which there are these various things that people putting up anything and everything about themselves. At the same time it's really not a very secure system and no one seems to be really mature enough, especially in Asia, no one has that majority or security online.
RD: Yea. Well it's true that the internet was not designed with security in mind originally. It was a medium that was designed to facilitate communications in a novel distributed manner and one of the unintended consequences of that has been insecurity at its core. And so the idea of how you fix those problems without creating entirely new network of communications or altering the internets' fundamental characteristics themselves, I think is a very challenging question. I'm not sure what the answer is.
RD: I hope that these security problems can be resolved without changing the character of the internet, particularly its distributed quality and the fact that most of the innovation for the internet comes from end users, from end points of the location . If we lose that, then we lose this novel democratization of communications that's been so wonderful over the last ten years or so. Now one of the curious elements of that is that people seem overly willing to disclose so much personal information about themselves.
RD: We often talk about intellgence and law enforcement nefariously trying to get at peoples personal information through data mining and so forth and although that's occuring, in fact most of the surveillance is actually user generated because people through social networking platforms and other tools dcoument their lives in extraordinary detail. I'm not sure why that occurs. My feeling is that it has something to do with the idea of...