Haystack Situation Looking Worse And Worse: Why Did The State Dept. Endorse This Mess?
from the this-isn't-looking-good dept
A couple weeks ago, we noted that there were increasingly serious questions being asked about Haystack, the high profile app that was being championed in the press for supposedly helping Iranian dissidents use the internet to communicate safely. While Haystack's founder, Austin Heap, responded to the accusations by calling it "brain dead journalism," it's increasingly looking like the real brain dead journalism was in the original stories. The deeper people looked at Haystack the worse it has looked, and various experts have ripped the program to shreds, noting massive security holes in the software which likely placed users at risk."The more I have learned about the system, the worse it has gotten," Appelbaum said. "Even if they turn Haystack off, if people try to use it, it still presents a risk.... It would be possible for an adversary to specifically pinpoint individual users of Haystack."Giving the increasing levels of criticism, Heap has announced that the program has been shut down, but others have noted that, not only is it still available, but people are using it without Heap realizing it -- which could be quite dangerous if people think it's safe. The more you read, the more this project sounds like pure hype from the beginning and a total mess in reality. Just take the following resignation letter from the program's chief developer who, according to Wired, had recently taken a "hiatus" over questions about the way the program was being developed and pushed:
I would like to stress that I am not resigning in shame over the much-maligned test program. It is as bad as Appelbaum makes it out to be. But I maintain that it was a diagnostic tool never intended for dissemination, never mind hype. I did have a solid, reasonable design, and described it in our brief overture of transparency. _That_ is what Haystack would have been. It would have worked!The whole thing is a complete mess, and it sounds like a situation where some folks were more interested in getting press attention for a very early prototype, which they then pretended was a complete and legitimate product. If you're making a random blogging tool or some web 2.0 service, that's fine. When you're trying to make something that people will rely on so that their government doesn't lock them up and throw away the key, it's not.
What I am resigning over is the inability of my organization to operate effectively, maturely, and responsibly. We have been disgraced. I am resigning over dismissing pointed criticism as nonsense. I am resigning over hype trumping security. I am resigning over being misled, and over others being misled in my name.
There is, of course, plenty of blame to go around here, for the lack of more detailed scrutiny from the press and others, but the really stunning part, of course, is that the US State Department specifically endorsed this product. As Evgeny Morozov notes in his blog post (first link above), that's the true head scratcher:
Just to make it clear: Haystack is not at fault here; the State Department -- I am not so sure. Austin Heap can make whatever statements he likes; the government, however, is supposed to treat such statements with due skepticism and think through the political implications of their endorsement of any technologies. All this fast-tracking stuff would surely reflect bad on the State Department if after an independent security review it does turn out that Haystack has severe security flaws, which its testers -- or other Iranian uses -- may not have been aware of.
And why did Clinton choose to speak about Haystack and not say Tor or any other tool? Also, not very clear. Were the diplomats charmed by all the buzz around Haystack in the media? Possibly. That said, it would be very good to know whether the State Department did ANY analysis/testing of Haystack's claimed capabilities, thought through how well it could scale in Iran, and whether they may be hurting its users in Iran -- current and future ones -- by lining up behind them. Were these questions asked and answered?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Hmm, bad intel being run with by politicians, causing the deaths of people they'll never meet. I wish i was surprised.
[ link to this | view in thread ]
Things that smell bad usually are
[ link to this | view in thread ]
True story.
Not the one I mentioned but apparently some robbers believe in invisible spells. I guess they believe Harry Porter is real.
http://www.metro.co.uk/weird/24033-non-invisible-bank-robber-caught
[ link to this | view in thread ]
The lemon juice burglar.
The article is about the Dunning–Kruger effect.
[ link to this | view in thread ]
This is good.
Appelbaum also helped set up the security for Wikileaks. Can he tell us publicly if it is 100 percent safe? Or if Wikileaks needs an independant security audit as well?
[ link to this | view in thread ]
[ link to this | view in thread ]
"the true head scratcher:"
If you don't wise up to obvious machinations, you'll scratch your head bald.
[ link to this | view in thread ]