Technology fetishes and imaginary revolutions — Haystack and the hype

Just over a year ago, as Iranians took to the streets to protest the disputed presidential election, Andrew Sullivan declared: “The Revolution Will Be Twittered.”

Marveling at the ability of Twitter to empower the people, Sullivan wrote:

That a new information technology could be improvised for this purpose so swiftly is a sign of the times. It reveals in Iran what the Obama campaign revealed in the United States. You cannot stop people any longer. You cannot control them any longer. They can bypass your established media; they can broadcast to one another; they can organize as never before.

One young man, Austin Heap, inspired by the revolutionary potential of new technologies saw at that moment an opportunity to further empower the Green Movement by creating a tool to protect Iranian dissidents for whom internet anonymity had become a life or death imperative.

Thus was born the idea of Haystack.

This is how its creators described their revolutionary tool:

Haystack is a computer program that allows full, uncensored access to the internet even in areas with heavy internet filtering such as Iran. We use a novel approach to obfuscating traffic that is exceptionally difficult to detect, much less block, but which at the same time allows users to security [sic] use normal web browsers and network applications.

To securely use? Perhaps the copy editing on Haystack’s FAQ provided a clue about how carefully they would go about writing computer code.

After wowing the media — and the Obama administration, which provided a rarely granted special license to distribute the software in Iran — it turns out that Haystack has not only failed to live up to expectations, but it may have also placed thousands of Iranian dissidents at risk.

Evgeny Morozov, who blogs at Foreign Policy, was one of the few skeptics.

It all sounded great in theory, until security professionals began asking Austin Heap for a copy of Haystack’s code. (The program was never made available for download.) Every time someone would ask for a copy of Haystack, Heap would demur, explaining that releasing a copy of the program would imperil the project’s security. As the code stayed under wraps, the admiring reviews of Haystack — a program that no one in the media had ever seen — continued to pour in, and the project continued to raise money. While the funding details remain murky, Haystack did get at least one sizable grant — $50,000 from the global advocacy group Avaaz.org.

Heap’s ambitious plans for Haystack went far beyond Iran. In May, he told NPR that he was already working on exporting the program to at least two other countries. As Heap explained to Newsweek in August, “We will systematically take on each repressive country that censors its people. We have a list. Don’t piss off hackers who will have their way with you. A mischievous kid will show you how the Internet works.”

As Heap promised to tear down censorship worldwide, a group of Iranians began to test Haystack inside the country. It didn’t work. On top of the fact that it couldn’t pierce the Iranian firewall, Haystack was extremely insecure. The program’s security holes are so severe, in fact, that describing them here could help the Iranian government retroactively hunt down anyone who ever tested Haystack in Iran. In essence, Heap’s haystack was very, very small and the needle buried within carried GPS coordinates.

In a report for The Register, Dan Goodin wrote:

Members of the Censorship Research Center [the non-profit backing Haystack] said they were withdrawing the Haystack tool and asked that all remaining copies be destroyed. The move came after hacker Jacob Appelbaum called Haystack “the worst piece of software I have ever had the displeasure of ripping apart” and warned it could jeopardize the lives of Iranians who used it.

The project’s lead developer said here he was resigning. Those remaining vowed to have the program reviewed by outside auditors and then released as an open-source package.

It remains unclear how many people ever used Haystack and whether anyone actually depended on it to cloak their online activities from the prying eyes of Iran’s government. What is free from any doubt is the tremendous amount of uninformed adulation the program creators received from mostly mainstream news outlets.

Beyond the overblown expectations about technologically-enabled revolution, the Haystack story also points to the consequences of an inexorable historical trend.

As technological expertise has become progressively more specialized, the gap between user knowledge and producer knowledge becomes increasingly wider — to a point where for the vast majority of people, every piece of technology upon which we depend operates in ways utterly beyond our understanding.

Whereas the ability to understand how things work once formed many strands of common knowledge, we now share common ignorance. We pursue knowledge down much narrower tracks and on this basis repeatedly make naive assumptions about expertise whose quality we are unqualified to assess.

Why did so many journalists believe that Haystack could do what Austin Heap claimed it could? For a good number his credibility was probably based on little more than the fact that he was a geek from Silicon Valley.

As for the immediate impact of Haystack’s failure, the means through which Heap planned to expand its use — by initially sharing it with selected activists and trusted individuals on an invitation-only basis — could have made the software function like a Trojan Horse serving the Iranian regime.

Perhaps the most damning assessment of Haystack comes from the software’s lead developer, Daniel Colascione, who wrote in a letter or resignation:

I regret that we exposed anyone to undue risk, and that we deprived citizens of the effective anti-censorship tool that might have been. I regret standing silently while I listened to empty promises — and I especially regret that this whole ordeal has scarred the anti-censorship landscape so badly that it may be years before anything grows there again.

Print Friendly, PDF & Email
Facebooktwittermail

Comments

  1. I would add that in addition to the aura of Silicon Valley “geek” credentials that Heap possessed, it was the target – the evil Iranian regime- that fueled the willingness to believe. This is a very tired dynamic that rules the media when it comes to identifying and getting all huffy about the latest official enemy.

    Contrast the media’s passionate support for Heap’s work against the Iranian regime vs. their outrage and disgust at Bradley Manning and Julian Assange, two men documenting massive and on going war crimes, murder, torture and the like (carried out by the good and noble USA) that make the Iranian regime’s crimes look like misdemeanors.

  2. Most Iranians don’t know about Twitter. That’s why the “revolution” failed.

  3. Colm O' Toole says

    The field of cyber warfare by revolutionaries against nation-states is still massively unbalanced (and getting worse by the day). While a revolution might have a few tech-savy members and a few common computer hacking programs, a nation state like Iran or the US has an army of computer experts, almost infinite computer resources, and all the experience needed to counter most threats.

    As the failed Iran uprising showed using technology to organise revolution is still a while off. The main benefit the Iranians got was increased ability for the media outside the country to learn about the situation inside Iran.

    While that ability to get your message out to the Worldwide Media was helpful the technology had little practical help for the people on the ground.

    Also as Alexno said “most Iranians don’t know about Twitter”. Exactly right, the revolution was essentially the wealthy students living in Tehran and a few of the other cosmopolitan cities. In the rural areas of Iran there was no revolution. Since Iran is 75% rural obviously the chances of success were limited to begin with.

  4. I am squarely in support of your assessment, Paul.
    “As technological expertise has become progressively more specialized, the gap between user knowledge and producer knowledge becomes increasingly wider — to a point where for the vast majority of people, every piece of technology upon which we depend operates in ways utterly beyond our understanding.”

    When I studied engineering in the 50s, the emphasis was always on our understanding the theory and the technology we used from the ground up. That has all faded into a ‘Scotch mist’ of computer nerd bullshit since the 90s. Ignorant little twits now define the way everyone’s technology will work. The surveyors were, to my experience, the last group to hold fast and verify everything themselves — but that faded away when the GPS processing software utilized the speed of computers to perform calculations (iterations of guesswork, actually) faster than any huge groups of human minds.

    What lies ahead? As more and more human students study human derived ‘knowledge’ instead of the real world of life, physics, philosophy, economics, and plain old horse sense (with a tip of the hat to Einstein) they are increasingly in danger of spinning around in circles and vanishing up their own asses. A graduate could emerge knowing everything there is to know about computer processing or graphics software and nothing about the real world. Are we supposed to be confident about trusting such judgement?