Toward Automated Worldwide Monitoring of Network-Level Censorship

Weinberg, Zachary

25 January 2019

<p> Although Internet censorship is a well-studied topic, to date most published studies have focused on a single aspect of the phenomenon, using methods and sources specific to each researcher. Results are difficult to compare, and global, historical perspectives are rare. Because each group maintains their own software, erroneous methods may continue to be used long after the error has been discovered. Because censors continually update their equipment and blacklists, it may be impossible to reproduce historical results even with the same vantage points and testing software. Because &ldquo;probe lists&rdquo; of potentially censored material are labor-intensive to compile, requiring an understanding of the politics and culture of each country studied, researchers discover only the most obvious and long-lasting cases of censorship. </p><p> In this dissertation I will show that it is possible to make progress toward addressing all of these problems at once. I will present a proof-of concept monitoring system designed to operate continuously, in as many different countries as possible, using the best known techniques for detection and analysis. I will also demonstrate improved techniques for verifying the geographic location of a monitoring vantage point; for distinguishing innocuous network problems from censorship and other malicious network interference; and for discovering new web pages that are closely related to known-censored pages. These techniques improve the accuracy of a continuous monitoring system and reduce the manual labor required to operate it. </p><p> This research has, in addition, already led to new discoveries. For example, I have confirmed reports that a commonly-used heuristic is too sensitive and will mischaracterize a wide variety of unrelated problems as censorship. I have been able to identify a few cases of political censorship within a much longer list of cases of moralizing censorship. I have expanded small seed groups of politically sensitive documents into larger groups of documents to test for censorship. Finally, I can also detect other forms of network interference with a totalitarian motive, such as injection of surveillance scripts. </p><p> In summary, this work demonstrates that mostly-automated measurements of Internet censorship on a worldwide scale are feasible, and that the elusive global and historical perspective is within reach.</p><p>

Public policy|Computer science

Design and Implementation of Privacy-Preserving Surveillance

Segal, Aaron

27 July 2017

<p> The modern internet and phone networks offer very little security, privacy, or accountability to their users. As people conduct their business and social lives online and over the phone, they naturally generate private or sensitive data about themselves. But any number of parties can and do track this data. Not only the services people interact with everyday, but third-party services for ad tracking, malicious hackers, government agencies operating with nebulous legal authority, and service providers themselves can and do observe and track users. They can then use the sensitive data in a variety of objectionable ways.</p><p> Changing this state of affairs without an earth-shattering technological breakthrough may appear to be a hopeless situation. But, in this dissertation, we demonstrate how existing technology can, if deployed and used properly, markedly improve privacy for users and accountability for those collecting data. We discuss two techniques for achieving these improvements: privacy-preserving surveillance and anonymous communication. For each technique, we present example protocols for which we have implemented fast prototypes running on commercial hardware.</p><p> First, we define the notion of privacy-preserving surveillance. Currently, a government agency can collect and examine bulk user data while making no distinction between the legitimate target of investigation and the average person, and with little or no oversight from other agencies. Privacy-preserving surveillance is an alternative legal regime in which searches of sensitive user data could only take place with the active collaboration of multiple government agencies. Trust is distributed amongst these agencies, assuring that no single authority can unilaterally view sensitive user data (or metadata). We then show how two types of bulk surveillance, currently in use by the authorities, could be made privacy-preserving by the adoption of modern cryptographic protocols to secure data.</p><p> We also discuss protocols for anonymous communication. We take two approaches to anonymity. First, we present an improvement to the Tor network, an anonymity substrate based on onion routing that is already deployed in the wild. Second, we present a complete specification of the dining-cryptographers-based Verdict protocol arid formally prove its anonymity, security, and accountability properties. </p>

Public policy|Computer science

Securing Secrets and Managing Trust in Modern Computing Applications

Sayler, Andy

03 June 2016

<p> The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control access to these secrets is a significant challenge: such secrets must be stored in a manner that protects them from a variety of potentially malicious actors while still enabling the kinds of functionality users expect. </p><p> This dissertation discusses a system for isolating secrets from the applications that rely on them and storing these secrets via a standardized, service-oriented secret storage system. This &ldquo;Secret Storage as a Service&rdquo; (SSaaS) model allows users to reduce the trust they must place in any single actor while still providing mechanisms to support a range of cloud-based, multi-user, and multi-device use cases. </p><p> This dissertation contains the following contributions: an overview of the secret-storage problem and how it relates to the security and privacy of modern computing systems and users, a framework for evaluating the degree by which one must trust various actors across a range of popular use cases and the mechanisms by which this trust can be violated, a description of the SSaaS model and how it helps avoid such trust and security failures, a discussion of how the SSaaS approach can integrate with and improve the security of a range of applications, an overview of Custos &ndash; a first-generation SSaaS prototype, an overview of Tutamen &ndash; a next-generation SSaaS prototypes, and an exploration of the legal and policy implications of the SSaaS ecosystem. </p>