A couple of weeks ago, Evgeny Morozov wrote a critical post on Haystack, a circumvention tool created to help users in Iran evade Internet censorship. While repeatedly stating that he had nothing against the tool’s creator, Austin Heap, the post made several criticisms of the software’s efficacy and Heap’s method of promoting and testing it. Evgeny closes with:
Once again: I’ve got nothing against Haystack or Austin Heap per se. What irks me is the way in which the limitations of the current discourse on Internet freedom — and the bizarre, completely non-transparent policies it conceals — end up conferring unneeded legitimacy to Haystack’s flawed (for my taste, anyway) approach to fighting censorship. Some things, perhaps, are better left unfought — especially if the fight makes everyone but the fighters considerably worse off.
This post brought a lot of ire from Austin’s allies and from Austin himself, on private listservs and in public posts. Heap’s response was withering and clearly angry: it was titled “Brain Dead Journalism”. In the post, which Austin also sent to Evgeny as an email, he responds to all of Evgeny’s points, with the basic response that the bulk of Evgeny’s post was untrue and that Evgeny should have asked Austin about Haystack before writing about it. Here’s a taste:
[Evgeny’s Post] So, in essence, the outside public – including Iranians – are asked to believe that a) Haystacksoftware exists b) Haystack software works c) Haystack software rocks d) the Iraniangovernment doesn’t yet have a copy of it, nor do they know that Haystack rocks & works.
[Austin’s Response] (a) I’ll gladly meet you in person and prove it. (b) See A. (c) No one said that — can you source it? Haystack is an *alternative* to Tor, Freegate, Ultrasurf, Psiphon, etc. (d) We would never expect Haystack to *not* fall in the hands of the Iranian regime. That would be stupid.
A week after his initial post, Evgeny responded with a detailed follow-up post, backing up his initial criticisms of Haystack, with extra attention to being nice. It was good journalism: summaries of key points, multiple interviews with testers and experts, detailed analysis, input from Austin, and – in Evgeny’s own words – “few snarky remarks.” His main points were:
- Questions of Efficacy: “Nothing about what Haystack/Austin Heap has disclosed so far could convince me that Haystack is a safe product that can be used in a highly sensitive context like Iran.”
- Misrepresentation of Product Status: “The fact that Haystack is still in beta is not widely publicized and not reflected in most media reports about them. While this ambiguity probably works in their favor at this point – at least in terms of raising money and generating the public profile – the ethics of this are dubious.”
- Critique of Media Coverage of Haystack: “Is it because the journalists are so caught up in the cyber-utopian myths around Iran’s Twitter Revolution that they refuse to critically examine its proponents? Or is it because the subject matter is too complex for them to scrutinize the claims made by technologists? I don’t know. Most likely, both have played a role.”
- Ambiguity in US Government’s Technology Export Review Process: “The way the US government reviews what circumvention/encryption technologies are allowed to be exported to Iran is nontransparent and ambiguous…. The more I learn about this bureaucratic process, the more I come to realize that all that the US government really vetted in Haystack’s case was not its ability to do what it claims – i.e. circumvent censorship and do so securely – but only its potential to compromise American interests….”
- Critique of US State Department as Visible Supporter of Haystack: “Hillary Clinton did mention Haystack – if only in passing – in one of her speeches, as I already pointed out. The Newsweek piece about Haystack specifically mentioned that the State Department was also supportive of Haystack….even if the US government does love Haystack so much, why on Earth make its love so public? Won’t it put Haystack’s users at even greater risks?”
As other digital Iran-watchers chimed in, it became clear that the criticisms of Haystack are probably warranted. Jillian York of the Berkman Center wrote a detailed content analysis post on inaccurate media coverage of Haystack and in Austin’s ambiguous role in the perpetration of misconceptions about Haystack:
In a Guardian interview following the awards, in which the interviewer states that Haystack was “pretty important in opening up the Iranian Internet” in the aftermath of the 2009 elections (a statement we’ve established was patently false), Heap stated of the tool:
“It’s basically a piece of software that a user in Iran would run on their computer that does two primary things: the first thing is it encrypts all of the data, and the second thing is that it hides all of that data in what looks like normal traffic…like you’re visiting completely innocuous sites…”
Later in the interview, the interviewer says to Heap:
“What Haystack did in practice when it did find its way onto people’s computers was that it allowed them to load Twitter and Facebook and these blacklisted sites”
Heap then makes no attempt to correct the interviewer (who quite clearly stated Haystack as being used in 2009 post-elections).
There is also a prediction in Jillian’s post of forthcoming analysis of Haystack from Danny O’Brien of the Committee to Protect Journalists and Internet circumvention specialist Jacob Appelbaum, who has worked on the well-respected open source circumvention tool Tor.
Though the debate is likely not over, a certain conclusion was reached when Austin Heap decided to turn off Haystack last Friday, “until there is a solid published threat model, a solid peer reviewed design, and a real security review of the Haystack implementation.”
UPDATE #1: Danny O’Brien has written a post which includes information about pirated copies of Haystack being used in Iran and the fact that the service – and its compromised security – was still functional despite the servers being disabled. This means that, rather than being overly-hyped vaporware, Haystack was actively putting people in danger, a much more serious charge. There is a fair amount of technical jargon, as this is Danny’s area of expertise:
Last Friday, Jacob Appelbaum approached me with some preliminary concerns about the security of the Haystack system. I brokered a conversation between him, Austin Heap, Haystack developer Dan Colascione and the CEO of CRC, Babak Siavoshy. Concerned by what Jacob had deduced about the system, Austin announced that he was shutting down Haystack’s central servers, and would keep Haystack down until the problems were resolved.
Shortly after, Jacob obtained a Haystack client binary. On Sunday evening, Jacob was able to conclusively demonstrate to me that he could still use Haystack using this client via Austin’s servers.
When I confronted Austin with proof of this act, on the phone, he denied it was possible. He repeated his statement that Haystack was shut down. He also said that Jacob’s client had been “permanently disabled”. This was all said as I watched Jacob using Haystack, with his supposedly “disabled” client, using the same Haystack servers Austin claimed were no longer operational…. Rogue clients; no apparent control.
Others have critiqued the role of the media and Internet intellectuals in their lack of due diligence in uncovering the problems with Haystack. Danny calls upon his fellow technologists:
Coders and architects need to realize (as most do) that you simply can’t build a safe, secure, reliable system without consulting with other people in the field, especially when your real adversary is a powerful and resourceful state-sized actor, and this is your first major project. The Haystack designers lived in deliberate isolation from a large community that repeatedly reached out to try and help them. That too is a very bad idea.
UPDATE #2: Daniel Colascione, the technical director and main developer of Haystack resigned on September 14th and described his decision in this message on the LibTech listserv. Here is the key bit:
What I am resigning over is the inability of my organization to operate effectively, maturely, and responsibly. We have been disgraced. I am resigning over dismissing pointed criticism as nonsense. I am resigning over hype trumping security. I am resigning over being misled, and over others being misled in my name….Nobody can argue that we didn’t begin with the best of intentions. The hype and imprudence squandered that original goodwill.
Now for some meta-analysis. In the end, I would say that the good of the end user in Iran was well-served because the questionable efficacy of the tool was brought to light and appropriate action was taken: Austin shut down the tool and plans to hire professional testers. (UPDATE #3: As of September 14th, the entire Haystack project appears to be defunct.)
However, I wonder if there could have been a better way for this discourse to occur. There was a fair amount of vitriol and simple ad hominem name-calling, including “brain-dead journalist” (Austin to Evgeny), “media whore” (Jillian to Austin) and the admittedly-mild “naive” (Evgeny to Austin). One part of me is really disheartened by all this nastiness, but another part of me realizes that without Evgeny’s self-described snarkyness, the weaknesses of Haystack might not have been addressed. Jillian writes that “a number of people attempted to contact the tool’s creator, Austin Heap, to clarify some of the statements made in media reports. As far as I’m aware, until very recently, he remained mostly unresponsive to such questions.” I hope our digital activism discourse can become more civil…but there I go again, always the cockeyed optimist!
Pingback: Haystack may or may not work
Pingback: Haystack: Time to Focus on Iranian Users | meta-activism project