SMS Privacy Tips for Election Monitoring And More

I was recently asked to contribute my thoughts on how election monitors using simple mobile phones could improve their safety and security when working in hostile environments. More specifically, the goal was to find techniques by which their use of SMS messaging to report back to a centralized service or team could be done in a more secure, private manner, that would make it more difficult for an adversary working against them to stop, block or track. All of this must be done without software or special hardware, instead just relying on easily teachable techniques.

Here’s the collection of tips and ideas I came up with on short notice. It is by no means complete, but I felt it would be useful to publish these to a wider audience here on my blog. Finally, before you say “well couldn’t criminals and terrorists use these techniques too?”, I will refer you to an excellent Abuse FAQ page from the Tor Project which covers this very topic (“Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides”).

Now, on to the topic at hand…

Changing Your SIM Card
Often the first thing that comes to mind when people think about reducing tracking of their mobile phone is to change their SIM card. Unfortunately, changing SIM cards isn’t a reliable solution to stop centralized tracking because each phone also has an IMEI (http://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) that uniquely identifies the underlying phone hardware itself. This means that even if you change your SIM card, the phone’s unique identifier can still be tracked. Still a new SIM card would change the phone number that is displayed or logged on the receivers phone, which could buy someone time or throw off a lazy investigator.

You can check your IMEI by typing in: *#06# or something similar depending upon carrier or phone. There are a number of cheap Chinese phones on the market in some countries that have an IMEI of 000000000000, which can come in handy if they are those types of things available. It is illegal in most countries to change the IMEI or to use a phone with an invalid IMEI.

Airplane Mode Ain’t Just for Airplanes
If their phone has “Airplane Mode” or a way to disconnect from a network or manually choose a network, that usually works as well as taking the battery out. This is useful if they still want to take pictures, notes, record message, queue up SMS messages to be sent once they reconnect in a different location from where the data was captured.

To step back a bit, it is important to understand, that mobile phones are always in constant contact with the cellular towers in the area. As you move about, your phone is in constant negotiation with different towers to connect to the best single, check for incoming calls, SMS message and so on. In addition, the server provider is checking your identifiers to make sure your phone is valid to work on the network, that you have an activated account, that your hardware isn’t blacklisted (aka stolen, etc), and so on. In summary, even if you aren’t using your phone, your phone is being tracked for operational and billing purposes, not necessarily malicious. However, it must be understand that this same data can be used by authorities for whatever purpose they like and is legal in the current country or context.

In theory, if you put your phone into “Airplane Mode” all signals emanating from your phone are stopped.

Complicating Monitoring by Turning Text into Pictures
If picture messages or MMS is available, write a message/code on paper and take a picture of it instead of sending it as text. Harder to automatically filter/monitor, and that the small resolution on the screen harder to read… if they can get the message on a PC on the receiving end, it can be zoomed up, but if the sender is stopped by local authorities, they may not see it.

In addition, picture messages of colors can also be a code:

  • Blue Sky = “okay”
  • Red Sign = “problem”
  • Brown Dirt = “Ballot Stuffing”

Your Very Own Secret Code
Come with a very basic text code that say involves ten digits, with each different representing 0-9 of possible states.

  • 0-9: how long is the wait (in hours)
  • 0-9: how bad is intimidation from militia (scale)
  • 0-9: how good is the turnout (scale)
  • 0-9: general code (0 = no problems, 1 = polling place closed, 2 = armed men outside, 3 = riot, 4 = no ballots available)

could then result in a code:

  • 2190 <— this would be a pretty good polling place
  • 9912 <—- this would be a report of trouble

You could easily write this on piece of paper and take a picture of it as well.

Again, this type of code would just look like gibberish at the local level, and perhaps buy some time at a state surveillance level until they got their own copy of the code. At the least you would be making them work some more to figure it out, and make them less able to filter by keywords.

Mobile Pyramid Scheme aka Improved Autonomy
Local groups can send to one local person, and then that person can forward each message to another level up the tree and so on. This would enable a bit more protection than all field election monitors texting to a centralized number. It introduces some other issues around reliability of the data and complexity of the process, but in exchange you help foster autonomy and decentralization, two great tools to improve safety and privacy in your overall network.

Managing What Gets Logged
By default, phones tend to log and track everything you do, in the name of convenience. This includes all the text messages you send. The problem is that if a person is detained, it can be difficult to quickly delete those messages before the detainers take away the phone to see what they can learn from it.

Most phones offer a way to NOT save outgoing SMS messages and also to potentially delete inbound after they are read. This feature should be utilized. In addition, numbers should be memorized and manually entered, instead of stored in an address book.

More Ideas?
If you are reading this post and have your own thoughts or firsthand experience to contribute to the discussion, please add them using the comment section below. I will make sure the right people see this information. Your insight and creativity can make a difference!

Building tactile iPad apps using Open Standards

Some of you may know that I work part-time in the NY Senate CIO team helping improve transparency of our state government through the use of open technology standards. In addition, I am working on a number of mobile applications to provide broader “get it when you need it” access to pending legislation, committee meeting information and agendas, live video streams, Senator contact information and more. Today, we’ve got a cross-device mobile web site up at http://m.nysenate.gov that you are free to check out.

Our goal is to build all of these applications using a mobile web-based approach. This means instead of building apps in Java for Android, or Objective-C/Cocoa for iPhone, we use HTML5, CSS and Javascript. However, this does mean we have to spend some extra effort to make these web apps feel like actual, native mobile applications.

Fortunately, projects like JQTouch, a library that provides automatic formatting and interactivity tuned for the iPhone, make our lives much easier. However, with the release of the iPad this weekend, it has begun to hit us that that same old lists, menus and forms that make sense on the iPhone, may not be the best metaphor for the larger iPad screen. With that in mind, I’ve begun some basic prototyping focused on building a more tactile interface where the user can drag, pinch and swipe their way through all the legislative data they might want. Through using JQTouch, along with the JQuery Touch plugin, I was able to pull something together fairly quickly.

Here’s a video below of my first crack at this. You can also point your iPad or iPad Simulator device at http://m.nysenate.gov/ipad to play with it live. I’ll release some of this code shortly, but you can also view source on that same URL with any web browser.

Discussing New Tactics for Human Rights

This week, I’m participating in a one week online dialog regarding the development of new tools and tactics for the purpose of documenting human rights violations. The New Tactics in Human Rights Project, led by a diverse group of partner international organizations, advisors and practitioners, promotes tactical innovation and strategic thinking within the international human rights community. While there is an amazing list of researchers and practitioners who have been invited to seed the thread, all are welcome to join in the discussion, as well.

Here’s a brief summary of what we’ll be covering:

Join us for this important on-line dialogue featuring Documenting Violations: Choosing the Right Approach from January 27 to February 2, 2010. This dialogue will feature practitioners that have developed database systems to document human rights violations, organizations on the ground documenting violations, and those that are training practitioners on how to choose the right approach and system for their documentation. We will look at options for ways to collect, store and share your human rights data safely and effectively. If you are trying to figure out the best documenting system for your work – or if you have found something that works well, please join us for this conversation to share your questions, ideas, resources and stories!

Featured Resource Practitioners
Featured resource practitioners for this dialogue include (click here for more biographical info):

  • Vijaya Tripathi and Megan Price work with the Martus database developed by Benetech
  • Agnethe Olesen, Daniel D’Esposito and Bert Verstappen work on the OpenEvSys database developed by HURIDOCS
  • Jorge Villagran and Sofia Espinosa of the Guatemalan National Police Archive Team
  • Patrick J. Pierce, head of the International Center for Translational Justice – Burma Program
  • Oleg Burlaca, utilizes HURIDOCS methodology and working on websites for World Organisation Against Torture and SOVA Center for Information and Analysis
  • Patrick Stawski, Human Rights Archivist at Duke University and Seth Shaw, Duke’s Libraries’ Electronic Records Archivist
  • Jana Asher, M.S., is the Executive Director of StatAid
  • Agnieszka Raczynska of Red Nacional de Organismos Civiles de Derechos Humanos, Mexico
  • Daniel Rothenberg is the Managing Director of International Projects at the International Human Rights Law Institute (IHRLI) at DePaul University College of Law

Read on:
http://www.newtactics.org/en/blog/new-tactics/documenting-violations-choosing-right-approach

Video from Open Mobile Camp at UNICEF

I am grateful to have been included in this video round-up from the Open Mobile Camp a few weeks ago:

Mobile phones in human rights monitoring is still relatively rare and there are few examples where mobile shave been used successfully in this field. In this video from the recent Open Mobile Camp in New York, three experts are discussing their projects and thinking on the use of mobiles in human rights work. Nathan Freitas discusses security issues in regard to using mobiles in this field and his project Guardian, Enrique Piraces from Human Rights Watch describes his thinking in regard to the use of mobiles in human rights work, and Emily Jacobi features Handheld Human Rights and the mobile tools that are part of the project.

Transcript & comments from "Twitter against Tyrants" Congressional hearing

Some choice adhoc quotes that tumbled out of my brain during the Congressional hearing on new media, titled “Twitter against Tyrants”, that I spoke on last Thursday in Washington, D.C..

“I’ve learned an important lesson in working with the Tibetan
independence movement and others:  It’s that we can’t presume what people are
willing – are or are not willing to do for their own freedom and liberty and
democracy.  We can’t say, oh, if they do that, they might get arrested or go to
jail or get killed and we can’t do that.  These are people, as we saw in Iran,
who are willing to take to the streets and die for their freedom, and you know,
the – it’s an important fact to remember to not presume that you want to
protect them.”

“I get asked this question a lot as well because I’m building,
like, an encrypted phone and people are like oh man, the Mafia is going to love
that, or something.  So it is – and my students ask me this as well – and I
don’t, from an engineer perspective, I don’t want to be the guy that said yeah,
just, I made the AK-47 and you know, it’s a great gun.  (Laughter.)  So you
have to be careful.  You need to inject morality into these things, but you do
– it’s a slippery slope.”

“I’m happy for tools like Twitter, that they can be used just as well to cover
the daily lives of Ashton and Demi or break the news of Michael Jackson’s
death.  But the fact that they can be used to broadcast updates from the
streets of Iran or spread the news of political prisoners in Tibet being
executed is a very weighty obligation and responsibility that they’ve taken on.”

Many thanks to my fellow panelists (Daniel Calingaert, Evgeny Morozov, Chris Spence and Shiyu Zhou) for the enjoyable discussion.

Shout-outs to Ushahidi, Alive in Baghdad, Lech Walesa and more in the full un-official transcript.