Summer Institute 2015 Participants
To help ensure participants get the most out of the workshop, we've asked you to fill out a short form describing your project, what you need help on, and how you can help others. Below you will find a list of participants that can be filtered by general research interest.
Add your name to the list!Fill out this short form.
Filter participants by stream
-
Amin Sabeti Small Media
Project Description
The aim is to build a user-friendly website which will act as the focal point for Iranian users seeking information on internet infrastructure and policy developments, while serving as an up-to-date information hub for issues of online security and circumvention.I can help others with:
We are well placed to advise other participants working on Iran-related issues, as well as those working on projects dealing with topics such as censorship, surveillance, circumvention, and online security more generally.I need help with:
We currently provide information about Iranian internet policy, digital security, and circumvention via three separate portals. We need help folding them into a single, integrated platform which will serve as a ‘one stop shop’ for Iranian internet users. We would like to get feedback on the idea and potentially design a mockup for the platform. We would also like to find potential partners who might be interested in contributing to the platform.Resources / Readings
smallmedia.org.uk/term/1/47 -
Andrew Clement Faculty of Information, University of Toronto
Project Description
I’m looking forward to working on and sharing with others various aspects of bringing greater transparency and accountability around internet communication surveillance by state security agencies (NSA, CSE, GCHQ) and the telecom carriers they access, whether with their cooperation or not. i.e. Upstream rather than PRISM surveillance. This is related to my on-going IXmaps.ca project, which provides a way for people to contribute to and selectively map an open-access pool of internet routings, notably through sites of suspected (NSA) interception, and to compare the privacy transparency scores of the ISPs and backbone carriers that handle Canadian internet traffic.I can help others with:
+ Advice and cooperation in aligning various transparency/accountability initiatives + Traceroute data, especially inside North America + Geo-location data for internet backbone routers, especially inside North America + Accessing and refining the Snowden Digital Surveillance Archive SnowdenArchive.CJFE.org + Welcome related requestsI need help with:
+ Advice and cooperation in aligning this transparency/accountability initiative with other related efforts + Contributions of traceroute data generated individually across a diversity of geographic locations and retail ISPs. + Feedback on the IXmaps.ca platform, from a user as well as technical perspective, especially related to a recently upgraded version of the traceroute generation tool that contributes to the shared database. + Geo-location data, at least to the city level, for internet backbone routers, especially for the larger carriers. + Identifying and locating sites of 5 Eyes internet interception points, e.g. as they may be discerned from the Snowden docs + Feedback on our 10 criteria Privacy Transparency ratings for telecom carriers. See: ixmaps.ca/transparency.php + Advice on how best to release and explain our software and data so as to be usable and useful to others.Resources / Readings
IXmaps project website: ixmaps.ca
Github repo: github.com/ixmaps Snowden Digital Surveillance Archive, the first complete, publicly accessible, indexed, searchable collection of the secret NSA documents released by Edward Snowden and subsequently published in news media SnowdenArchive.CJFE.org Privacy Transparency report: ixmaps.ca/transparency.php Papers: "Canadian Internet 'Boomerang' Traffic and Mass NSA Surveillance: Responding to Privacy and Network Sovereignty Challenges", Chapter 1 in Law, Privacy and Surveillance in Canada in the Post-Snowden Era, edited by Michael Geist, Univ of Ottawa Press, 2015 (with J. Obar) ruor.uottawa.ca/bitstream/10393/32424/1/9780776621838_WEB.pdf “Keeping Internet Users in the Know or in the Dark? Data Privacy Transparency of Canadian Internet Carriers,” 2014 IXmaps Research Report, (March 12, 2015) (with J. Obar) ixmaps.ca/transparency.php -
Andrew Hilts Citizen Lab / Open Effect
Project Description
Access My Info (AMI) is a web app designed to help citizens create legal requests for access to their personal information from data operators.
Last year, we launched the tool focusing on the Canadian telecommunications industry. This year, we've received funding to broaden the application to different industries and jurisdictions. I hope to work on developing a data schema for a generic right to information request, and work with people to develop right to information request templates for their jurisdictions.I can help others with:
Application usability and privacy by designI need help with:
Insights about different countries' right to information regimesResources / Readings
Hilts, Andrew & Parsons, Christopher A. Right to Information in Canada: Drawing Analogue Law into a Digital Present. The Winston Report, Winter 2014. papers.ssrn.com/sol3/papers.cfm?abstract_id=2504109 openeffect.ca/access-my-info -
Ben Jones Princeton
Project Description
Censorship measurement can be dangerous and the research community is currently struggling with ethics. In response to these problems, we are developing stealthy censorship measurement techniques. These tools would make users safer in lower risk countries and, ideally, could enable measurements in higher risk countries by hiding the fact that users are conducting censorship measurements.I can help others with:
network measurementI need help with:
ethics, building better techniques -
Ben Zevenbergen & Jon Penney Oxford Internet Institute
Project Description
Our project deals with the ethics of information controls research. We want to organise two sessions over two days, that feed into each other. The first will be a general discussion between engineers about recent ethical dilemmas in this field. The second sessions will dive into these dilemmas more deeply and we will attempt to formulate questions to make engineers come to conclusions and solutions about the ethics of their project design.I can help others with:
Ethical considerations of their workI need help with:
Creating an interest for this work -
Bennett Haselton Peacefire Inc / Circumventor
Project Description
Fixing incompatibilities between popular web proxy scripts (Psiphon/Glype) and websites like Facebook, Youtube, and Twitter, so that web proxies can be used in places where VPNs are blocked.I can help others with:
technical advice on implementing a project (or evaluating whether a technical project is feasible)I need help with:
funding for the proxy debugging project -
Bram Abramson TekSavvy Solutions Inc.
Project Description
We are an independent Canadian ISP. We are sometimes described as having been the first Canadian telco to have put out a transparency report. However, we did so in the form of responses to questions that were put to us, not based on a consistent template. We are now systematizing our transparency reporting and related materials, such as a law enforcement guide, that provide better information to our users and to third parties as to how we handle and who else comes into contact with personal information, including communications data (including metadata). That is a time-consuming and broad process that is sometimes difficult to prioritize ahead of deadline-driven activities. We seek a dialogue as to best practices.I can help others with:
Information about Canadian telecommunications law and policy; practicality and lived practices from the standpoint of an operating Canadian ISP.I need help with:
Finding ways to enhance (a) transparency and (b) cost-effective safeguards for user privacy. -
Chris Dehghanpoor & Seth Hardy Lookout, Inc.
Project Description
At Lookout, we ingest tens of thousands of malware samples every day. A number of these samples originate from or target many regions under conflict in the Middle East or Africa. We would like to find ways we can use this data to help protect users in those regions from mobile threats.I can help others with:
Information on attack trends and information on specific samples that may be targeting users in the affected regionsI need help with:
Context/information around emerging threats in the Middle East/Africa. -
Chris Prince Office of the Privacy Commissioner of Canada
Project Description
Conceptual overview of changes in the past year around new lawful access legislation and broadened surveillance powers as segue to discussion of implications for technologists, activists and advocates, those interested in transparency and democratic oversight, etc.I can help others with:
State of the law, overview of the political process, administrative structures involved, information sourcesI need help with:
sharpening recommended reforms, prioritizing areas of intervention, clarifying discussion for public consumptionResources / Readings
Report to Parliament on reform of security oversight in Canada: priv.gc.ca/information/sr-rs/201314/sr_cic_e.asp Senate submission on lawful access legislation (C-13): priv.gc.ca/parl/2014/parl_sub_141119_e.asp Senate submission on Security of Canada Information-Sharing Act (C-51): priv.gc.ca/parl/2015/parl_sub_150416_e.asp -
Christopher Parsons Citizen Lab
Project Description
I have two projects related to telecommunications transparency. First, I would like some insight about the effectiveness of summaries I've developed around Snowden documents -- are they effective in communicating content? Accessible? There are plans to scale up the summary project and so feedback is appreciated. Second, I at the early stages of developing a transparency reporting tool and would appreciate comments on what participants believe makes a good report, why, and how such a report should be structured.I can help others with:
Discussion of Canadian-related Snowden documents and domestic surveillance laws/practices; advice on transparency research and advocacyI need help with:
Analysis of previously written work / comments about developing a transparency reporting toolResources / Readings
* Canadian SIGINT Summaries: christopher-parsons.com/writings/cse-summaries* The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians (see Section Three: Corporate Transparency Policies): telecomtransparency.org/release-the-governance-of-telecommunications-surveillance * Do Transparency Reports Matter for Public Policy? Evaluating the Effectiveness of Telecommunications Transparency Reports: christopher-parsons.com/draft-do-transparency-reports-matter-for-public-policy -
Collin Anderson Independent/M-Lab
Project Description
I would be interested in best practices on the collection of malware, with an interest in documenting the campaigns targeting Iranian civil society.I can help others with:
Internet MeasurementI need help with:
Malware Collection -
Davi Ottenheimer
Project Description
Building privacy controls into infrastructure (storage, networks, compute) platforms is challenged by lack of consumer demand. Would like to discuss current standards, projects and state of control, given market pressure towards intelligence/knowledge/analysis.I can help others with:
enterprise/corp capabilities and perspectivesI need help with:
nailing down reasonable baseline for product privacy controls -
Emad Khazraee Annenberg School for Communication, University of Pennsylvania
Project Description
This project aims to develop an analytical framework for analyzing how communications tools and digital repertoires of actions evolve through contentious action. The initial case study for this project focuses on Iran investigating contentious politics in Iran over the past decade and analyzes eventful histories and critical incidents in the ongoing tension between activists and authority forces. In our analysis, we document which tools have been used by activists, while we consider the tools as a target of contention between activist and authorities. Also, we discuss how this contention and changing efficacy leads to evolving repertoires of action.I can help others with:
Social network analysis, social media analytics, and internet policy.I need help with:
Archival data on the incidents of filtering and blocking of different tools and communication platforms in Iran; Data on internet traffic interruption in Iran; Data on monitoring of circumvention practices in IranResources / Readings
Milan, Stefania. 2013. Social Movements and their Technologies: Wiring Social Change. Palgrave MacMillan.
Sassen, Saskia. 2005. Electronic markets and activist networks: The weight of social logics in digital formations. Princeton University Press. Sewell, W. H. (2005). Logics of history : social theory and social transformation. Chicago: University of Chicago Press. Tarrow, Sidney. 1994. Power in movement: Social movements, collective action and politics. Cambridge: Cambridge University Press. -
Enrico Calandro Research ICT Africa
Project Description
The research project investigates African users awareness and experience of censorship, surveillance, and internet safety and security, in order to asses levels of trust and mistrust of the internet in Africa. The perception of internet users on the protection or denial of their rights online is examined as an outcome of constraining or enabling internet policy and regulatory frameworks in three major African jurisdictions, i.e. South Africa, Nigeria and Kenya. It does so by collecting and analysing nationally representative demand-side survey data which are analysed within the context of internet ecosystem as it plays out at national level in these three countries.I can help others with:
I can share my expertise on ICT policy research, on how to conduct ICT surveys for evidence-based policymaking and on policy research for advocacy purpose.I need help with:
I need help with the identification of alternative research approaches to ICT surveys for measuring not only internet access and use, but also users perception of trust, safety and security of the internet, privacy violation and online surveillance in selected African countries. -
Erin Kenneally UC San Diego/CAIDA/CESR
Project Description
The vast majority of efforts to guide cyber risk research are focused on raising community dialogue about ethics principles and applications and not on ways to implement those foundational elements into research practice. The Cyber-risk Research Ethics Decision Support (CREDS) project addresses the implementation of substantive and procedural ethics guidance via a scalable and accessible online risk decision support tool. The CREDS tool will integrate a conceptual framework, methodology, and reference model for: estimating and communicating uncertainty and risk, understanding the process of ethics analysis, and measuring and improving judgment and reasoning about potential research impacts.I can help others with:
Legal and ethical risk assessment in support of innovative research.I need help with:
Community feedback on the decision framework and tool.Resources / Readings
(in development) -
Fenwick McKelvey Concordia University
Project Description
For the past 4 years, I have been working with CIRA to build a M-Lab data Internet measurement tool in Canada. The project finally launched this year. I am working on adapting M-Lab data for use in Canada and in particular with the CRTC's BSO offeringI can help others with:
WritingI need help with:
Data analysis / visualzation -
Gbenga Sesan Paradigm Initiative Nigeria
Project Description
To codify citizen rights online, we started working on a Digital Rights and Freedom Bill for Nigeria. At #CLSI2015, we'd love feedback on the content and spirit of the bill.I can help others with:
I'm happy to share lessons learnt from our work, in the following areas: freedom of Information requests, legal advocacy, working with tough governments, stakeholder managementI need help with:
Bill reviewResources / Readings
The coalition website, with information on the background to the project is available via netrights.ng -
Jamie Tomasello Access
Project Description
The Internet Alarm System (IAS) is an Access initiative to find a solution for users at risk who are the target of state-sponsored, commercial, and targeted malware attacks. Our intent is to provide a simple device which detects and mitigates these threats, but also notifies our Access Digital Security Helpline to reach out to the targeted individual to communicate and offer resolution. In addition, the Helpline will facilitate sending forensic information to malware researchers.I can help others with:
We are aiming to bring one technologist and one manager. The technologist would be able to provide technical expertise to other participants, and the manager would bring higher level input on approaches, challenges, collaborative project management, and facilitate the conversation developing the workflow. Both could contribute our experiences providing an incident response services and digital security advice to a variety of at-risk groups in the field.I need help with:
By bringing together the organizations who are also working on this issue and mapping the different implementations, experience, and expertise, we hope to move this work to the next stage of productive collaboration.Resources / Readings
We can circulate our initial design specification to Citizen Lab Institute participants. -
Jan Rydzak University of Arizona
Project Description
Preliminary analysis I conducted in 2014-15 on 60 nondemocratic states shows proof of governments increasingly shutting down digital networks in tandem with expanding ICT capacity - until they reach a ‘digital threshold’ of high penetration at which disconnection begins to wane. In this project, I would like to (1) conclusively establish whether there is a connection between expanding ICT access and network interruption; (2) examine how this plays out in individual regimes, especially in situations of civil conflict; (3) analyze national legislation through text mining to search for patterns of diffusion; and (4) find applications of programming, GIS, SNA, and other interdisciplinary methodological approaches for this project.I can help others with:
Statistical analysis, translation (5 languages), legal frameworks.I need help with:
Applications of text mining, social network analysis, and GIS (+ any other useful methodologies) to this project. Choice of case studies; guidance in best programming tools and software to propel the project.Resources / Readings
[Will submit a link to a relevant paper on this topic as soon as some minor corrections are applied.] -
Jason Q. Ng Citizen Lab
Project Description
I would like to discuss ways to make the leaked censorship orders to Chinese journalists published by China Digital Times more useful to both China and non-China researchers/online activists. I hope to use these discussions a springboard for creating an online hub for all the China-related censorship data that groups like Citizen Lab, CDT, HKU, GreatFire, and others are generating. Hopefully we can make our data more shareable and useful to each other--and ensure that we maximize our resources by not overly re-duplicating similar efforts now or in the future.I can help others with:
Chinese social media, data scraping, methods for content analysisI need help with:
Discussions about this proposed China data hub could also serve as a potential model for other groups--and groups that are already working together in similar regions are encouraged to offer suggestions on what challenges they faced and how they overcame obstacles.Resources / Readings
Freedom House report that analyzes some of the Directives: freedomhouse.org/report/china/politburo-predicament -
Jeffrey Knockel University of New Mexico & Citizen Lab
Project Description
I study censorship implemented in software applications (e.g., chat applications) by reverse engineering those applications. Often this reveals the exhaustive lists of keywords they use to trigger censorship and/or surveillance. I also study censorship implemented over the network by performing side channel measurements. These kinds of measurements allow us to measure if something is blocked via IP address or port in a country/city/etc. without having any vantage points (e.g., VPN servers, shells, measurement boxes, etc.) there.I can help others with:
Do you need something reverse engineered? Do you want to know if or how widely something is censored somewhere where you have little or no vantage points?I need help with:
What software (e.g., chat software) should I look at? What should I test for censorship in which countries?Resources / Readings
cs.unm.edu/~jeffk -
Jennifer Zhang Hong Kong Transparency Report
Project Description
HKTR hopes to examine transparency reporting practices by other governments besides Hong Kong and if possible, conduct a comparative analysis of the existing government transparency reports.I can help others with:
share the state of Hong Kong government's transparency reporting practicesI need help with:
research on other governments' legal and policy frameworks -
Jiwon Sohn Korea Internet Transparency Reporting
Project Description
The (South) Korea Internet Transparency reporting project is disclosing, researching, and analyzing the censorship and surveillance of South Korean government on internet. The aim of the project is to promote the civic awareness of government requests for takedowns and user data.
For this, we are efficiently informing the public about the status of internet censorship and surveillance through the website. We are providing an ongoing analysis of the data released by the Korean government and reporting problematic cases to the public.I can help others with:
Introducing transparency status of Korean government and corporationI need help with:
Sharing the laws and practices concerning transparency reporting in different countriesResources / Readings
transparency.kr -
Jon Penney Oxford Internet Institute / Citizen Lab
Project Description
Our project deals with the ethics of information controls research. We want to organize two sessions over two days, that feed into each other. The first will be a general discussion between engineers about recent ethical dilemmas in this field. The second sessions will dive into these dilemmas more deeply and we will attempt to formulate questions to make engineers come to conclusions and solutions about the ethics of their project design.I can help others with:
Law, Ethics, Internet Social Science, Understanding Impact of Internet Law/Regulations/SurveillanceI need help with:
Creating an interest for this work -
Josh Rudolph China Digital Times
Project Description
CDT's ongoing “Directives From the Ministry of Truth” series has gained a substantial following in recent years. Relying on anonymous leaks from China, we verify, translate, and contextualize orders from propaganda authorities in the PRC. As our format for archiving and presenting this information has matured over the past three years, we are now planning a comprehensive project identifying PRC news censorship trends and analyzing the impact they have on political, social, and economic progress in China. This project will serve to inform those working on similar issues in other political landscapes, and also to anticipate how Chinese censorship tactics are shaping global trends.
I can help others with:
Offering experience-informed knowledge of PRC Internet policy framework and censorship trends; providing suggestions on how to present information on censorship through translation and collaborationI need help with:
Identifying censorship policy and propaganda strategies in other countries; Deciding on the best way to present our findings in a widely-accessible and helpful manner (be it in an ebook form, via data visualization, through an open-source database, or some combination of the three)Resources / Readings
chinadigitaltimes.net/china/ministry-of-truth -
Joss Wright University of Oxford
Project Description
We have developed a technique to detect anomalous patterns in time series data, and have applied that to per-country usage data from the Tor Project. The result is a tool that highlights when any country's Tor usage deviates from its expected behaviour.
This shows not only when and where Tor itself is blocked, but also highlights anomalies that result from protests or blocking of other significant resources, such as YouTube. Our next step is to introduce other data sources, and in particular to link our anomaly detection methods to reported real-world events.I can help others with:
Data/time series analysis, mapping and visualisation, ethics.I need help with:
Data sources, media landscape expertise, interactive web visualisation.Resources / Readings
(Current work is under submission.)
Prior work: Regional Variation in Chinese Internet Censorship cs.kau.se/philwint/censorbib/pdf/Wright2012.pdf Fine-Grained Censorship Mapping: Information Sources, Legality, and Ethics db.usenix.org/events/foci11/tech/final_files/Wright.pdf -
Jun Matsushita iilab
Project Description
The ECSA project is an EC - DG CONNCT funded feasibility study which we presented last year at CLSI. As we work on presenting our recommendations as a conclusion to this study, we would like to present our findings and preliminary recommendations and gather feedback from the CLSI community of practitioners.I can help others with:
UX, architecture, strategyI need help with:
Feedback on recommendations to ECResources / Readings
Preliminary recommendations:
docs.google.com/document/d/1kZlm6qRtZ6vQeMBMCYVt28NN84-QUjVM6m2Feambefg/edit?usp=sharing Data Governance Framework: docs.google.com/document/d/1TxgZoEyIIVMrY2cObYY3shmtQguCKk00fsr-DLrwQK0/edit?usp=sharing -
Keith McManamen Psiphon
Project Description
This project looks at the state of information control in Turkey during the run-up to and directly following the countries general elections June 7th, as related to important political and social developments during this time period and correlates this against the usage of circumvention technology. We will look at past precedents in Turkey with respect to content filtering and blocking events, as well as characterize the current and future information control regime for the country. We will also discuss ways of identifying likely precursors or triggers to filtering or blocking and how this affectsI can help others with:
anatomy of a blocking event; 3rd generation information controlsI need help with:
tools for social media analysis; supplementary datasets -
Kelly KY Kim Open Net
Project Description
My project will involve exposing danger and vulnerability of parental control software (spying apps) on mobile phones.Those spying apps will be tested to reveal vulnerability to hacking, circumvention technologies, levels of encryption, etc. We will analyze the spectrum of information those apps collect and transmit. Building upon a pool of real cases of ill-use will be also useful. Moreover, we can work together to find effective circumvention methods and draft a guideline for both parents and kids.I can help others with:
I'm a Korea-licensed lawyer and I can help anything to do with Korean ICT policies and trends, from censorship to surveillance. I'm in good terms with policy teams at Korean Internet companies, Naver and Daumkakao, which own chat apps like Line and KakaoTalk.I need help with:
It will be great to have a few technologists and software developers in the workshop. We will also need test mobile phones with various operating systems.Resources / Readings
Warning: Minor Smartphone Spying Law Now Comes into Force opennetkorea.org/en/wp/1248 Related news articles thestar.com/life/2015/05/15/south-koreas-smart-sheriff-app-lets-parents-monitor-kids-phones.html zdnet.com/article/govt-to-spy-upon-south-korean-minors-through-smartphone-apps koreaittimes.com/story/49376/korean-government%E2%80%99s-parental-control-monitor-apps-facing-backlash -
Menso Heus Free Press Unlimited
Project Description
FPU wants to be able to better protect its partners in the field against malware & other digital threats. By doing network traffic analysis over VPN, we can save a lot of costs vs round trips to the partners. The NetAidKit (netaidkit.net) was the first step in affordable, easy to use VPN access. The next step, dubbed MALICE, will be creating a malware analysis information center and exchange. Greenhost, CitizenLab, Claudio Guarnieri, Access and others have similar intentions. We want to properly design this system with you during our stay.I can help others with:
Product development, field partners, etcI need help with:
Malware analysis knowledgeResources / Readings
netaidkit.net -
Ming-Syuan, Ho Taiwan Association for Human Rights
Project Description
According to article 9 of Freedom of Government Information Law, nationals of Taiwan and the legal persons or groups that are established by the nationals may request government agencies to provide government information.
Therefore, as a project forcing Taiwan’s government to be transparent in the field of internet administration, Taiwan Internet Transparency Report (TITR) will continue to request Taiwan's government to release the related data, and organize those data to public an report every year. TITR looks forward that the government would voluntarily release its own data finally rather than rely on people’s requests.I can help others with:
TITR can share experience or difficulties about dealing with the governmentI need help with:
TITR need the knowledge about how governments do internet surveillance, collecting personal data, and censorship, and the useful skills to confront that.Resources / Readings
TITR has a website, but it's only available in Chinese now.
transparency.tahr.org.tw The Freedom of Government Information Law: law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I0020026 -
Moses Karanja Strathmore Law School
Project Description
Integrating technical and policy measures (i.e quantitative + qualitative) to develop a real-time threat analysis of Internet freedom in Sub-Sahara Africa.
I can help others with:
Africa specific Information control landscape needs.I need help with:
Technical measures: Which tools will offer objective comparative value across countries?Resources / Readings
cipit.org/index.php/intellectual-property/getting-started/aucc -
Nathalie Marechal Ranking Digital Rights/USC
Project Description
The goal of Ranking Digital Rights' Corporate Accountability Index is to benchmark and evaluate some of the world’s most powerful Internet and telecommunications companies on disclosed policies affecting users’ free expression and privacy. However, we don't have the funding to evaluate the number of companies we would like, and so we would like to learn from the Citizen Lab and other attendees about how to build an effective international research network - both in terms of managed work at the core, as more as a network of more loosely affiliated or federated projects in order to scale up.I can help others with:
Launching their own rankings/ratingsI need help with:
How to scale up through parternships, and how to make our data useful for advocacyResources / Readings
rankingdigitalrights.org -
Nicholas Weaver ICSI
Project Description
Inside Middleboxes: We've developed a good set of expertise in fingerprinting and analyzing both benign and malicious middleboxes. We need targets for futher analysis.I can help others with:
Middleboxes: how they work. Plus all about Snowden...I need help with:
Targets: what middleboxes to analyze and appropriate vantage points -
Peter Micek / Deniz Duru Aydin Access
Project Description
Transparency reporting is a growing trend in the ICT sector, and should be leveraged by civil society and academia. The Access Transparency Reporting Index (TRI) serves as a clearinghouse, providing a record of reports from leading internet companies and telcos globally. We use the TRI to spotlight government surveillance and to impact corporate policies. As an experiment, we recently used data extracted from these reports for a research project on access to online communications data in forty-one countries, and seek more ways to use these reports for evidence-based research and advocacy.I can help others with:
As a global human rights organization, Access engages with activists from all around the world, offering direct support via our Digital Security Helpline. Our advocacy team focuses on creating campaigns that raise awareness and mobilize individuals for action, while through the work of the policy team we impact and keep track of legal and policy developments that directly or indirectly have consequences for our digital rights. Across the team, we focus on diverse policy areas including net neutrality, surveillance reform, data protection and internet governance, as well as business and human rights - the impact area that covers our Transparency Reporting Index project. So we are ready to actively contribute in discussions on corporate transparency and beyond, in an effort to ensure a more rights-respecting telecom and tech sector. We can help others with understanding the challenges faced by grassroots groups around the world and how their projects can best respond to their needs. In addition, as it is in our mission to extend and defend digital rights of users at risk around the world, we can introduce a rights-based perspective to others’ research agendas.I need help with:
The difficulties and opportunities we faced in this project provoked a two-layered discussion on the corporate transparency trend: What do these reports show in terms of the role played by private actors in “advancing or restricting information controls”? And secondly, what are the ways for us to use the content (ie. numbers per country on government requests for user data) made available by these reports? We want to brainstorm for ideas, identifying topics for further research and creating a plan for action. We also want to receive feedback on the Transparency Reporting Index to find areas of improvement. Insights into these questions will help us highlight best practice and use the Index as an advocacy tool: What does a model transparency report look like? Is the answer different across business sectors (mobile providers vs. equipment vendors) and countries, with different legal requirements?Resources / Readings
Access Transparency Reporting Index: accessnow.org/tri Examples from our blog posts, with updates on new transparency reports, as ways for using the TRI for advocacy and public awareness: accessnow.org/blog/2015/05/11/transparency-report-more-companies-start-sharing-information-user-data accessnow.org/blog/2015/03/06/new-transparency-report-cheezburger-medium-reddit-karaoke Blog post focusing on free expression online around the world using data from transparency reports: accessnow.org/blog/2015/03/16/turkey-and-russia-share-dubious-honor-of-leading-content-removal-requests-o Link to the data set we compiled from transparency reports and other sources for the research project: github.com/dd-a-dda/dda-thesis (Shortened version of the research project will be available before the start of the conference.) Important resources beyond our work: EFF's “Who Has Your Back?” (eff.org/who-has-your-back-2014) and “Ranking Digital Rights” (rankingdigitalrights.org) projects - which both use whether a company publishes a transparency report as one of the parameters in rating / ranking companies. Christopher Parsons paper on the effectiveness of transparency reports: “Do Transparency Reports Matter for Public Policy? Evaluating the Effectiveness of Telecommunications Transparency Reports” papers.ssrn.com/sol3/papers.cfm?abstract_id=2546032 James Losey / GISWatch Paper on transparency reporting giswatch.org/en/information-and-democracy/transparency-reporting Global Network Initiative - Paper on telecom transparency: globalnetworkinitiative.org/sites/default/files/GNI_OpeningtheLines.pdf -
Phillipa Gill Stony Brook University
Project Description
ICLab is a platform that leverages a combination of VPN end points and devices hosted by volunteers to run flexible experiments to measure online information controls around the globe.I can help others with:
network measurementsI need help with:
development/support -
Pilar Sáenz Karisma Foundation
Project Description
Karisma Foundation, is a Colombian NGO working on the promotion of human rights in Internet. With the support of EFF Karisma lauched Where Is My Data? This project aims to promote best business practices among ISPs for the benefit of users. The project seeks to identify areas where more transparency is needed and raise awareness among customers about how their data is used by ISPs and the government so they can take informed decisions when choosing an Internet provider. Initial results show vague and unclear policies and a lack of disclosure about government surveillance requests. There is room for improvement.I can help others with:
This project is part of a regional initiative to promote greater transparency in the work of Internet intermediaries in the region, an initiative that is also being worked on in the Mexican organization Red para la Defensa de los Derechos Digitales and the Peruvian Hiperderecho. Other NGOs in the region plan to join the project too. Workshop participants may be interested in expanding this initiative and begin to develop it in other countries around the world. On the other hand, the exchange of experiences with other organizations that undertake similar projects, will allow us to make an assessment of the project and include variables that have not been contemplated for future measurements. Also we share our research using open data standars, we think this is an aspect of the methodology used by us that we can share with others.I need help with:
Sustainability: We hope to repeat this assessment every year. Beyond the usual financial needs (resources to carry out the evaluation, update the web site and print the annual report), we want to build alliances with other NGO, consumer groups and advocates. We believe sustainability depends on that. Also we want to include new issues: new categories of ISP, new analyzing criteria which means more research resources. Follow up: This first evaluation leave us with concerns. First in relation to the issue of blocking and removal of content, because ISPs does not have clear protocols that can give some sense of relief to the users about their rights in relation to the content generating sets in the net. On the other hand, there is a major concern on the due process for users. These companies don't consider notifying their users when they understand that they are committing an illegal and improper behavior althought that can mean extreme mesuares (such as account cancelation), or when the government through its judicial or administrative authorities requests their data. We need to follow up these identified problems, seek to improve the ISP’s Privacy Policy or to build up policies that see these problems and take the challenge to solve them. Advocacy: As result of launching the report we found that ISPs are available to work with us between reports, question remains on how to do this. We also want to use the results to involve government in the discussion and to ask for better controls. Finally we want to create processes to rise of citizen conscience and even to capacity building in this issues. -
Ronald Deibert Director, the Citizen Lab
Project Description
As one of the convenors of the Citizen Lab Summer Institute, I am interested in all aspects of the event, and will have a hard time figuring out how to split my time. I am co-shepherding the targeted threats stream with John Scott Railton.I can help others with:
I can assist on just about anything people need having to do with support and resources and space.I need help with:
Need help better understanding the technical information.Resources / Readings
targetedthreats.net -
Roya Ensafi Princeton University
Project Description
Censored Planet is an ongoing project and a platform to measure both IP and DNS censorship. Our community lacks techniques that can be widely used anytime and anywhere to detect packet drops between two hosts and where neither host is under the researcher’s control. My past research efforts related to novel side channels overcame this limitation, allowing the researcher to measure the connectivity between arbitrary end points (that satisfy some basic requirements) from almost anywhere. Censored Planet builds on top of these techniques to shed light on entirely unexplored areas of the Internet. In this project, we aim to discover what governments censor, how they restrict access, and how decisions about censorship vary across regions, countries, and time.I can help others with:
design/develop sound Internet measurements, analyse how a middle box block, monitor, or tamper with network traffic,I need help with:
Developing a global calendar of (political) events, and nailing down a systematic way for detecting anycast IPs -
Sebastian Garcia CTU University in Prague
Project Description
The Stratosphere IPS Project is a free software, behavioral-based, Intrusion Prevention System. Its main goal is to extract the behavioral network models of malware and normal traffic, and then use these models to detect and stop similar malicious traffic in new unknown networks by using machine learning algorithms. However, since the behavioral patterns of people may be collected by many organizations, we believe that this project can help raise awareness on the network privacy topic, such as the behavior of malware used for privacy invasion or the abuse of this technology in the surveillance of citizens.I can help others with:
Analysis of network traffic (malware and normal), analysis of behavioral patterns, machine learning, python development.I need help with:
Obtain real case traffic of RAT attacks, targeted attacks, NGO attacks or other privacy violations. Test the suitability for analyzing citizen surveillance. -
Tamir Israel Canadian Internet Policy & Public Interest Clinic (CIPPIC), University of Ottawa
Project Description
The objective of the project is to examine existing initiatives and inherent challenges on the road to mass adoption of PGP as a standard mechanism for email encryption. A number of initiatives are underway by a number of third party email providers to make this happen. Are they on the right track? Will they open up new security / legal challenges? Will their impelementations be 'on' by default? What are the policy challenges inherent in this move (key escrow, mandatory backdoors, mandatory password disclosure, etc, a possibility?) and can we overcome them?I can help others with:
Legal policy relating to technologyI need help with:
Tech / policy surrounding encryption & service provider accountability/transparencyResources / Readings
A/HRC/29/32, Encryption, anonymity & Free expression: ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspxAdditional Resources: ohchr.org/Documents/Issues/Opinion/Communications/States/Selected_References_SR_Report.pdf Large communications providers taking steps to better implement PGP: wired.com/2014/04/google-crypto-gmail theguardian.com/technology/2015/jun/01/facebook-introduces-pgp-encryption-for-sensitive-emails Description of Court order, enforced in BC via MLAT, mandating BC-based email provider to effectively install keylogger on service in order to facilitate access to PGP encrypted email: wired.com/2007/11/encrypted-e-mai Quebec court of appeal rules that mandating someone to disclose their password can implicate the right against self-incrimination: canlii.org/en/qc/qcca/doc/2010/2010qcca1108/2010qcca1108.html CBSA compels individual to disclose device password at border crossing: slate.com/blogs/future_tense/2015/03/06/alain_philippon_case_cops_can_search_your_cellphone_in_canada.html -
Vasilis Ververis OONI
Project Description
* Improving our informed consent research
* Increase the impact our reports have * Produce data visualizations and interactive tools * Publish recurring reports about Internet censorship * Collaborate with interested parties and individuals that research on Internet censorship * Analyze and detect sighs of Internet censorship events from network measurement data * Acquire knowledge of censorship and surveillance casesI can help others with:
Analyzing or achieve a better understanding of Internet censorship instancesI need help with:
Collaboration with Citizenlab on URL input lists, Visualization and dissemination of dataResources / Readings
ooni.torproject.org -
Will Scott University of Washington
Project Description
Activist.js is a library looking at what can be done to make websites more resilient to network interference without user involvement or help. The library uses the application cache and serviceworker primatives in browsers to cache content and inform users who have previously visited a site which is subsequently inaccessible.I can help others with:
internet scanning/measurements. Browser tech.I need help with:
deployment, especially connections with news sites which are occasionally blocked.Resources / Readings
Measurement work:
github.com/uwnetworkslab/satellite Activist: github.com/willscott/activist -
Yongxi Chen The University of Hong Kong, Faculty of Law
Project Description
The project studies the forthcoming integration of online and offline IDs of citizens in China, reviews its legal basis, and discusses the Party-State’s rationale behind the paradoxical co-existence of surveillance-strengthening rule-making and privacy-enhancing law-making in recent years. It will sort out the legal rules imposing state surveillance of individuals’ online behaviors and the rules introducing limited obligations of data protection to private entities, and examine the effects of both kinds of rules on protecting citizens’ privacy from intrusion by public authorities. It will also explore the potential use of two new access rights in monitoring the evolving surveillance regime.I can help others with:
To provide a concise introduction to China’s legislation on surveillance as well as privacy protection, and present ways of locating relevant laws (in English version). To introduce how to exercise the data access right under China’s privacy laws and the right of access to government information under open government laws so to assist research on corporate transparency, censorship mechanism and government policies on surveillance.I need help with:
To understand the core technologies (and their various models) that are commonly used by authorities to reveal and track the real identity of Internet or telecommunication users. To learn about the how surveillance data are shared between law enforcement agencies and other public authorities in other jurisdictions.Resources / Readings
Privacy Law in Greater China: a database on legislation concerning privacy and data protection in mainland China, Hong Kong, Macao and Taiwan [chineseprivacy.law.hku.hk] -
Project Description
I can help others with:
I need help with:
-
Enrique Piracés RightsLab
Project Description
Over the past months I have been developing, testing and improving a system that could facilitate the collection and preservation of phishing and malware samples. The primary objective has been to lower the barrier for the collection of technically relevant information from human rights practitioners and journalists. The secondary goals (or collateral benefits) are the provision of automated review and report (as an incentive) as well as the creation of an early warning system and a retroactive alarm mechanism for global civil society. The proof of concept for the system is a working Chrome extension and its accompanying server-side scripts.I can help others with:
I can help others with insight into how human rights practitioners work. I can also help code, test and debug applications.I need help with:
Integrating the HSF Reporter with other projects and APIs. Evaluating the relevance of the proposed design.Resources / Readings
Public repository of the PoC: github.com/epiraces/hsf-reporter-chrome Extension in Chrome Store: chrome.google.com/webstore/detail/hsf-reporter/jelkpbipoleejjoifbdlkljojmehaogl Proposed design for the HSF (Harm Stories Framework): enriquepiraces.com/documents/hsf.jpeg -
Jordan McCarthy Measurement Lab
Project Description
My first-order goal is to determine, in as concrete and specific terms as possible, what kinds of centralized resources (eg, toolkits, reference guides, research compendiums, regular newsletters, ethics checklists, etc.) would be most helpful to the censorship measurement community at large. My second-order goal is to determine how to build some of these resources in an inclusive, sustainable way, such that the community itself can maintain them without having to spend excessive time/resources doing so.I can help others with:
Deployment strategies; data sampling issues; identifying and dealing with ethical challenges; Integrating measurement tools into M-Lab platformI need help with:
Determining the concrete needs that are shared by the majority of the projects in this space; brainstorming ways to reduce replication of efffortResources / Readings
measurementlab.net -
K.S. Park Open Net Korea
Project Description
A campaign to put subscriber identification information under the international human rights principles such as warrant doctrine. In major countries, subscriber identification information is being accessed by authorities without any judicial supervision when such access allows the authorities to link various online or communication activities to specific actors thereby restricting the privacy of those actors who engaged in those activities believing them to be anonymous to the authorities and the public.I can help others with:
Experience in human rights and constitutional law principles and litigation experienceI need help with:
Currently, I am trying on one hand to understand how much (or whether) the ready availability of subscriber identification info incentivizes the authorities into conducting mass surveillance of the types that Snowden revealed and on the other to change laws to curtail the warrantless seizure. Any insight?Resources / Readings
review papers at opennetkorea.org/en/wp/main-free-speech
also at opennetkorea.org/en/wp/main-privacy. -
Jennie Phillips Citizen Lab
Project Description
I am looking at how resilience can be developed in networks. Specifically I am taking an inter-disciplinary look at resilience definition, assessment and development models to design a framework. The networks I look at are citizen-driven response networks that form online during crisis situations i.e. digital activist and digital humanitarian networks. Part of this work involves studying how people use technology in crisis situations, and the associated risks with doing so.I can help others with:
Understanding how people use technology in crisis situations; humanitarian innovation; humanitarian relief; resilience definition, development and assessment; the types, development, challenges and evaluation of human networksI need help with:
Different perspectives on resilience development i.e. how is resilience developed in computer networks? experiences with technology integration related to riskResources / Readings
You can read more about my work on jenniephillips.com