The Guardian Project: Building Mobile Security for a Dangerous World
BY Nancy Scola | Thursday, March 31 2011
Ethan Zuckerman points out the ironic difficulty of the situation. "Mobiles are both utterly essential devices for activists," explains the senior researcher at Harvard's Berkman Center for Internet and Society, "and ones that are profoundly unsafe for activists to use." Unsafe how? Cell phones and other mobile devices are trackable, monitorable, and in some countries, often tied to the real-life identities of their users.
Into that space steps the Guardian Project, an open-source team led by Brooklyn-based technologist and activist Nathan Freitas that is working to battle-protect Google's open-source Android mobile operating system. The big idea is to equip activists, journalists, and any of the rest of us with something to be afraid of with the cell phones, tablets, and other luggable devices up to the complexities of the modern information space. Fascinating in its own right, the Guardian Project merits attention for capturing some of the more powerful trends at work in the world at the moment. Generations of people the world over are growing up with a native comfort with mobile computers, devices that are often relatively cheap. Open source software is on the rise. Early adopters of personal computing are, arguably, exhibiting what looks to be an increasing political awareness. There's revolution in the air, and add to that the fact that there are companies and governments (not least among them, the U.S., and in particular the U.S. State Department) that are ready to spend millions on the idea of ensuring "Internet freedom" in the places where it's most threatened.
Though it's just one project, and one in its early stages, the Guardian Project is hard at work on the questions that may well be critical in the next street uprising or underground rebellion, whether that comes next month or next year. "People are putting more and more data on their mobile phones," says Noel Hidalgo, a well-known open-source developer and advocate who's known in those circles as "noneck," and serves as the project's community liaison. "But they don't really know what's happening behind the code base."
And so, the Guardian Project is working on tools to make those devices more secure. Their flagship product is Orbot, an implementation of Tor, a network of servers that routes users in ways that obscure where they're coming from and where they're going. Freitas built Orbot with computer security expert Jacob Applebaum. And then there's Gibber, an encrypted, firewall-evading chat application. The Secure Smart Camera App is an innovation in the works with Witness.org, the group that sprang up after the Rodney King beating in Los Angeles that works to document situations where human rights are at risk. The camera app aims to use automatic facial recognition software to obscure identifies on video taken from mobile phones. It uploads the documentary footage extra-slowly. That's useful not only in low-bandwidth spots on the globe, but for shielding the video from network censors by making it look like any other type of Internet traffic. There are plans in the works for a "poison pill" program that would allow you or an ally to wipe your phone clean in a dangerous situation. (All Guardians apps in progress are listed on their website.)
"As far as I'm able to tell," judges Zuckerman, who co-founded Global Voices, an international network of bloggers, activists, and writers, "Guardian Project is one of the smartest approaches to mobile security I've seen thus far. It doesn't go far enough, but it's an ambitious and excellent first step."
Mobile Activism's Growing-Up Stage
Nathan Freitas is the Guardian Project's founder and leader of its loosely-knit team of Hidalgo and six others. We meet in a Brooklyn cafe. Growing up in Sacramento in the '70s and '80s, he loved computers, but one type in particular especially appealed to him. "There was just something about mobile," he says. In 1982, at the age of 7, he was on a local community access television show telling of a future when smart computers would be embedded in cars. Later, "when everyone else was buying computers, I was selling all of mine and buy an Apple Newton," the company's pen-based portable '90s wonder. Add a modem, and "it was everything wanted." He went on, he says, to study computer science and music at the University of California at Santa Barbara's College of Creative Studies.
Freitas traces the genesis of the Guardian Project to two experiences. One came in 2001. He had co-founded ThinAirApps, a company that, in addition to other work, built mobile security products on platforms like Palm, Windows Mobile, and BlackBerry, and that year it was sold to Palm, Inc. for $19 million in company stock. Much of the advanced security software that his company had spend years building was mothballed by Palm, who now held the rights to it. "I learned a lesson about proprietary software," he says.
The other came in the summer of 2008. Freitas, a long-time Tibet activist, had worked to send a team of people to Beijing to cover the Olympics there. (Freitas says that he tried to get to China himself, but was twice denied a visa and told by Chinese authorities not to try again.) Six of that team ended up in custody. The whereabouts of one, Brian Conley, known in the tech activism world as the man behind Alive in Baghdad and related projects, weren't known for four days. "It was the worst day of my life," Freitas says of the time of the arrests. "I'd given them the technology. I'd given them the incriminating evidence in the form of Twitter messages left on their phones." As Conley was missing, Freitas says he was frustrated by the fact that while the Conley was carrying a mobile phone, all Freitas could do was call it, "and all that would do would be to let them know that he had a phone on him." He got to thinking that it would be technologically possible to simply ping Conley's phone and get returned back his coordinates -- authorized location tracking, Freitas calls it. "But I didn't have the software."
The motivation for the Guardian Project was there, and a shift in the tech world provided the tools. Freitas grew up at the same time as the open-source movement did. Making code freely available for anyone to tinker with made it possible for individuals and small teams to make significant contributions simply by adding a rock to the mountain of work that had been done by others. And it's work that couldn't be wasted. "I can do what I did before," says Freitas, "but without having it evaporate in some warehouse of intellectual property." Android was created in 2003 by a handful of developers whose company was bought by Google in 2005. Because it was based on Linux, the paranoid technologist's favorite operating system, it made it possible for a little bit of effort to produce major effect. "All this geek security had already been built on Linux," says Freitas. Pair those security adaptations with some of the function-specific open protocols floating around and, say, Gibber is easily midwived.
"We didn't have to build a chat app," explains Freitas. "We just had to harden it."
Moving Beyond the Circle of Security-Obsessed Geeks
Six months after it was made available in the Android Market, Orbot has been downloaded 38,000 times, says Freitas. More downloads came directly through the Tor project. Freitas points to three software-enhanced phones were rolled out to in Benghazi, Libya and another fifteen provided to citizen-journalists in Afghanistan. Early interest, says Freitas, has been concentrated in some of your more advanced Arab countries and in western Europe, what with its heightened sensitivity to personal privacy issues. But far more work needs to be done to improve the tools, spread their adoption, and make them more user friendly.
(The software behind Guardian's apps is posted on the code-sharing site GitHub, and the group is interested in hearing from others who want to work with them, or otherwise be a part of what they're up to. The team can be contacted through the Guardian website, their discussion list, an IRC channel, and Twitter.)
It's probably fair to say that sustained worries about the security of our mobile phones are still limited to a certain minority of people. Part of that might be derived from the fact that, in many cases, cell phones aren't built to be tinkered with. "Because these devices tend to locked down and product driven," says Hidalgo, "it's very hard for us, from activists to consumers, to understand the security concerns." He sees a need to place code and tools in their bigger, more human context. "The Guardian Project is about continuing a conversation about what rights we give out over us. This is about a suite of tools, and some of them are technological, some of them are cultural, and some of them are social. But they're all about giving you the ability to express your rights to the authorities, whether those authorities are corporate or government."
Says Freitas, "I struggle over what has more impact" -- focusing on building specialized apps and trying to push them out to a wider audience or, say, going to work at Twitter and figuring out how to make that already widely-used tool more secure.
Another way to address the issue is to lower the barrier of entry to the security-focused tools so that they become part of the core digital experience of the masses, or at least a significant slice of the masses. Over coffee, Freitas pulls out his Android-based phone to demo how Orbot has been designed to be approachable. Freitas opens the app and then punches a giant on-screen button atop which is perched an especially adorable hybrid of Android's humanoid robot mascot and Tor's online logo. Once the phone connects to Tor's secure network of servers, the tiny onion-headed robot raises his arms, as if in triumph.
"People like that," says Freitas.
And he's fine with the fact that the entry drug for Orbot might not be political dissidence but, say, the desire to access music you're not supposed to be able to listen to. He points to a recent blog post online that was written in Arabic and talked about using Tor to connect to Pandora, the online music service that is meant to be available only to people in the United States. (Tor can be used to make it look like you're connecting to the Internet from somewhere other than your own country.) "That's awesome," says Freitas, "because next they can use it to get the news or to upload video."
But both keeping Orbot concentrated amongst geeks and spreading its adoption far and wide carry their own risks. On the former, simply having the Orbot logo on your phone's home screen can signal that you're trying to evade detection. Forget network monitors; "the biggest concern is hiding it when the local thug takes your phone," says Freitas On latter, there's a chance that less sophisticated users might be lulled into a false sense of absolute security just because they mashed one button. Tor's system of "virtual tunnels" offers increased security, but it's not a be all and end all; for one thing, it's not the truly anonymous way of moving around online that many might think it is. Using the mobile environment securely is serious business, and, says Freitas, "if you go into outer space, you've got to know what you're doing."
In the interest of upping the general population's educational level on matters of security, Freitas spends time working on what he calls 'improving intuition' work, such as training people to check their phones for that little lock signalling an Internet connection made through the secure HTTPS protocol or remembering to pull out your cell phone battery if you're heading to an especially sensitive location. For his part, Hidalgo sees the promise of a ripple effect. "There need to be people who are educated about these things, and you have to start somewhere," he says. "Our collective rights that ended up becoming the Magna Carta had to start somewhere, and then the Constitution had to start somewhere. We have to have the battles, and we have to have people who are passionate about these ideas who can internalize them, and then spread them."
Running into the Limits of What Modern Mobile Looks Like
Zuckerman praises what Guardian is up to, but makes the case that getting the full benefits of their work requires having a high-end unlocked Android phone that you're willing and able to load with specialized software. Few people in the world are ready to do that. Freitas doesn't disagree that a top-to-bottom customized device would be the ultimate in security, but argues that, for now at least, they're focused on simple end-user apps that be be "run on a $100 phone bought off the street in Shenzhen."
The very nature of how mobile works is problematic. "In many countries," Zuckerman writes in an email, "you're going to have to find a way to acquire a SIM card, as many countries require a national ID before purchasing a SIM." Freitas agrees that being forced to register your phone's components under your real name is a real problem. He points to projects like Osmocom, an open-source project that aims to offer an alternative to the proprietary GSM software, Global System for Mobile Communications standard, used by the majority of the world's phones and which centers on the use of a SIM card.
One workaround, says Freitas, is to yank out your SIM completely, disable your phone's calling features, and do all of your calling, chatting, and web browsing through an encrypted wifi connection. "That is what we recommend in the most severe cases of mobile operator surveillance," writes Freitas. That option, though, is fairly hobbling -- turning what should be a wide-roaming communications device into a wireless Internet-dependent tiny computer.
Building Out the Future of a Freely Connected World
The Guardian Project is funded through grants and project contracts generally in the ten and twenty thousand dollar range. "We survive through the graces of others," says Freitas. Google has chipped in some money, he says, as has the California-based Internews organization and Tibetan independence advocates. In 2009, the Guardian Project won a $15,000 grant at the University of California at Berkeley's The Soul of the New Machine Conference. Guardian hasn't taken any direct funding from the U.S. State Department, one of the more controversial funders in the so-called "Internet freedom" space, but not because of any moral objections. They're a small, open-source organization, says Freitas, and applying for and complying with a federal grant is simply too burdensome a process for a group like them.
One of the hot topics of conversation in the digital activism field is just how open funders like the State Department and implementers like the Guardian Project should be about the work they're doing. Freitas says he admires the Tor Project's approach of being as open as possible whenever possible. That said, "we're trying to find the balance between our natural tendency towards openness and the fact that these are real projects with real people's lives at stake." What no one wants is another Haystack. Born of the 2009 post-election protests in Iran, that circumvention software was highlighted by Secretary of State Hillary Clinton as a promising tool before collapsing under criticisms that the untested tool might put Iranians at more risk than they were before. Referring in particular to the State Department's work, Freitas says that "Haystack came at the right time for everyone to say, 'okay, we need to start taking a closer look at this stuff."
Learning how to thinking about digital tools for security and activism is a skill being developed at the same time as the tools themselves. The field, like the Guardian Project, is a work in progress. But as for the technology that would have allowed Freitas to track down Conley in that Beijing jail?
It exists now, it's called DroidTracker, and the Guardian Project is working on how to make it better.