Slaying The Dragon-Slayer: The Debate About Anti-Censorship Software In Iran

You can see why the media is interested in Austin Heap. His name sounds a bit like a 1970s rock band. He was playing video games at home when he decided to help the people of Iran with his anticensorship software Haystack. Hell, he even looks like a rock star.

But now Heap has incurred the wrath of "Foreign Policy blogger Evgeny Morozov, who's never happier than when he's bursting the bubble of techno-optimism.

First, a bit of background. Heap was playing "World of Warcraft" last year when he read about the events in Iran on Twitter. A programmer and marketer, he began posting on his blog advice for Iranians on how to use proxy servers, which allowed people to access sites blocked by the authorities. But then Heap took things a step further and created Haystack. Here's “Newsweek” on how it works:

The anti-censorship software is built on a sophisticated mathematical formula that conceals someone’s real online destinations inside a stream of innocuous traffic. You may be browsing an opposition Web site, but to the censors it will appear you are visiting, say, weather.com. Heap tends to hide users in content that is popular in Tehran, sometimes the regime’s own government mouthpieces.

Morozov, however, is not impressed:

[S]omething just doesn't feel right about Haystack. What really bothers me is that one cannot download and examine their software; as far as the Internet is concerned, Haystack doesn't exist. In fact, Heap says that it is only distributed to trusted contacts inside Iran; putting it online would create a situation where the government could easily get hold of it as well and then reverse-engineer it or ban it or find a way to track its users.

So, in essence, the outside public -- including Iranians -- are asked to believe that a) Haystack software exists, b) Haystack software works, c) Haystack software rocks, and d) the Iranian government doesn't yet have a copy of it, nor do they know that Haystack rocks & works.

Morozov's beef is that as closed-source software, Haystack hasn't had enough testing to ensure it's secure -- and by extension "doesn’t endanger" lives (i.e. the Iranian authorities could easily find out who's using it and throw them in Evin prison).

Heap responds (you can read the full thing on his site here):

For what it’s worth, the most popular anti-censorship tool in the world, Freegate, is also closed source and does not invite outside experts to review their code. They’ve done a pretty amazing job in China. I look up to them on a lot of issues.

Heap also defends the slow rollout of the project:

This, again, is why we’re taking our time to make sure we’ve crossed our Ts and dotted our Is — we don’t want to put people at risk. At this point, we’re not happy with the total state of the software, which is why we’re not putting *endless* people at risk. So your point is well taken, but misguided and lacking understanding of how we’re moving the project forward.

I won’t even try to comment on the security or effectiveness of Heap's software, and will leave that to my more qualified colleagues. But just a few thoughts:

* It does seem that perhaps the media is jumping the gun a bit on Haystack, which is pretty unproven and an unknown quantity. But then again, it's not exactly a shocker that media jumped on a story about a 20-something hacker who puts the chic in geek. I mean, this is "Newsweek" and not a cryptology listserv. Specialists always have issues with the ways in which their pet subjects are treated by the mainstream press. Morozov's concerns are valid but he's skewering admittedly scanty evidence that Haystack works, with some pretty scanty and anecdotal evidence that it might not.

* The world needs poster boys like Heap. While it might annoy the pants off anyone working in this field who doesn’t get attention from "Newsweek" and Roger Cohen, stories like those do wonders in raising awareness about the possibilities of anticensorship software and the power of proxies. Without Heap's marketing talents and the buzz he creates, there might be a lot of good, worthy projects of a similar type that don’t get funded. Funders and investors are a fickle bunch who jump on bandwagons. And they also read "Newsweek."

* We also need people like Morozov, who might be a bit snarky, but generates debate -- debate that can lead to smarter implementation of projects, and perhaps even wiser U.S. foreign policy choices. Since last June, he has been a tireless critic of the "Twitter Revolution" narrative, the idea that people in Iran and Moldova tried using social media to overthrow their governments (on both counts a huge stretch). Without curmudgeons like Morozov, the State Department/philanthropists/investors might be throwing money at any project that could wow them with terms like "onion router." For non-techie funders and policymakers, the use of anticensorship software and proxies is still seen as a dark art: understood by a chosen few, but devastatingly effective when deployed. It can be easier to see the promise in something you don't fully understand. That can lead to a lot of money on bad projects.

So well done Heap for having the courage and energy to start Haystack and well done Morozov for not shying away from poking holes in it.