Team Tor: DiscoTech and update

Posted on by

At this discotech, we showed visitors http://fuerza.is: an interactive checklist to help a victim determine whether their various devices are infected and being used in their stalking. Then we discussed scenarios and potential solutions for stalking via digital communication tools. A visitor came up with the idea of collecting app fingerprints. Even if it is less likely to be delivered at the term end, it exemplify how existing product helps framing the problem.

 

Another workshop held in the DiscoTech was explaining encryption. Activities included showing how to fake an email on behalf of somebody else (via shell script), using GPGTools to sign emails, and using GPGTools and AESCrypt to encrypt files. The workshop also included trying to use RetroShare (a P2P communication tool encrypted under PGP), but it didn’t work out.

We also had some conversations with some of the guests on actions they would take if they noticed they were being digitally surveilled. What steps would they take. We also went through some of the source of data around abuse and which of those cases may have a digital surveillance component. Among conversations we had regarding possible tools, is a digital application fingerprinting software that could detect changes in applications or changes in the behavior of some of the applications and how that could be used to inform users of threats possible. The other application we brainstormed about was on an activity log, resident on the phone that tracks a users actions and phone operations. A technique akin to self surveillance which would then help one in curating and identifying suspicious behavior.

 

In the team meeting this week, we drafted three personas of users, in which we will pick one to work on. They are:

 

  1.  Advocates
    1. their ages range from teenager through elders
    2. their technical skills vary.
    3. They work at shelter organizations, generally focusing on all aspects of abuse and victim safety. Their focus is not on technology.
    4. When they are working, they are assigned to clients when they seek for help. During the help, they try to gain information from the client including feeling and mental status. Establishing the victim’s trust may take a long time.
    5. They need to assess the dangerousness of the victim’s situation quickly, in order to determine the best course of action for the victim.
  2. Victims
    1. They are possibly stalked by someone they know.
    2. The stalker generally is an intimate partner, co-worker, or a fellow student. They use technology in stalking as a way to exert control.
    3. A victim could be male or female – though females are more likely to seek help.
    4. The victim generally has little technology understanding. The stalker surveilling them only has to be more technology aware than the victim.
    5. They need to figure out what’s happening – build a picture of what’s happening.
    6. They are not sure about when it started and how often it is happening. Information on anything they feel threatening can be helpful to alleviate their suffering.
  3. By-standers
    1. They are any third party to the stalker and victim.
    2. Friends or family members of the victim could be the most helpful.
    3. The victim generally only hints at the surveillance to friends or family as a quiet plea for help.
    4. Once aware of the problem, a bystander is in the best position to get involved and do something to support the victim.
    5. One thing they can do is tell the victim’s situation to somebody in authority – See something, say something.

 

ACLU + Guardian at the DiscoTech

Posted on by

The DiscoTech was a huge success for us and gave us the opportunity to share with others information on cell phone surveillance.  The DiscoTech allowed us to speak with people in a variety of settings, from meet and greets to hands on workshops.  Through this, we were able to speak about the problem we’re trying to solve (IMSI-catcher detection) in a variety of ways.  There was a huge disparity in how much people know and this allowed us to field questions ranging from how IMSI-catchers work, to what protocol they’re able to spoof.  Throughout the day, we talked with people and learned a lot about what people know and got a lot of great feedback on our project idea.

The hands-on workshop we offered was “Locate your cell tower”.  We used this time to show people how they could look at some advanced diagnostic menus on their phones (menus generally hidden and accessible through special key codes).  This allowed the audience to see and compare which cell towers they were connected to.  We took this information and compared it to some databases of cell towers to identify the location of the cell towers that they were actually connected to, seen in Figure 1 below.  Additionally, we used the time to explain the theory of how we can use this knowledge to detect possible IMSI interference.  A lot of questions came up and we had amazing conversations on topics such as cell tower databases, protocols, and areas of concern.

Figure 1: Example cell tower location of one of the attendees

Overall we had a great experience participating in the DiscoTech.  We learned a lot from the attendees and got some great feedback on our project.  Additionally we opened peoples eyes to a real problem and the reception was great.  People enjoyed seeing how they can utilize their phone and get more information for themselves and they were interested to hear more about how IMSI-catchers are being used.

 

Team CURE: DiscoTech and Progress!

Posted on by

This past weekend’s DiscoTech was an amazing event at which we had the opportunity to meet an incredibly interesting and diverse group of people. For our project specific workshop, Team CURE came to the DiscoTech armed with a questionnaire and statistics that we hoped would both stir conversation and help us develop a more accurate end user profile. We are hoping to develop an online awareness platform for CURE’s sex offender advocacy work (read more about it here!). Because the topic is potentially controversial, we thought that developing a firm understanding of prospective user initial assumptions/value systems would be particularly useful. We expected that the answers would shed some light on possible perspectives and, in turn, inform the crafting of our project. Although we started with the questionnaire, our workshop participants were much more interested in the discussion that our introduction presentations and questions spurred. We were surprised that many of our visitors had deeply personal stories to tell about how their lives have been affected by the sex offender registry and/or associated legal processes. Although we didn’t get as much data as expected, we had a very rich discussion about the complexity of the US detention system, rehabilitation, and sex offender rights. As we continue to develop the project, we are becoming more and more aware of how important it is that we are sensitive to language and the significance of a positive framework.

Earlier this week we also had quite a bit of fun with our partners at CURE crafting and choosing user personas. The user personas, like the DiscoTech activity, are meant to help us hone into the profiles of our end users – so that we will have a ficticious but very discerning audience to guide some of our design decisions. The group settled on two different/similar end users:

Daniel Young

  • 25 yr. old, recent college graduate
  • Unaware of and uninformed about issues surrounding the Sex Offender Registry
  • Has heard of potential risks of dating a minor during high school/through his college fraternity
  • Checks Internet news, Email, Facebook at least once a day
  • Interested in social issues, but hasn’t taken any actions

Amelia Smith

  • 27 yr. old, working at an NGO
  • Generally aware of social justice issues but not about the sexual offenders’ registry specifically
  • Relatively active online: Twitter, Blog, FB, Email
  • Previously participated in student government while in college
  • Enjoys participating in demos and other events
  • Has influence in her friend circle (well respected by her friends and peers)

Here’s to hoping that Daniel and Amelia are pleased with our future product! Until next time, some food for thought:

http://www.psychologytoday.com/blog/witness/201309/efficacy-sex-offender-treatment-still-in-the-air

UYC @ the DiscoTech!

Posted on by

Daniel: The discotech was an interesting experience for learning about surveillance and counter surveillance activism. Through talking with the numerous attendees there, I came out with a fresh perspective on how to approach social issues and think about these problems, such as surveillance, with a more critical and analytical mindset. I thought it was also interesting to see numerous artists who were there, also accomplished with their various social projects they are currently undertaking. During the hands on workshop, I especially found the analytical workshop for threatmodeling and the facepainting very informative. The face painting demo demonstrated the far reaches of technology, and how advanced facial recognition technology currently is. I believe the experience I gained at the DiscoTech will definitely allow me to be more aware of surveillance issues in the future.

Our workshop differed slightly from our original goals, in that it switched to more of a group discussion rather than a scenario hands-on activity. However, the information we gained was also incredibly valuable. We need to find out who exactly is the target audience of the UYC, in order to better understand how to frame our project. Ultimately, we should aim to capture both sides of the story in the schools in order to better allow student stories’ to be told.


Nushelle: I especially enjoyed Saul Tannenbaum‘s short talk on the surveillance of MIT – it really brought home the face that surveillance is a lot closer than you think, and that often the reasons why you might be under surveillance are out of your control, and may sometimes have much more to do with chance connections.

I also found the face-painting workshop to be surprisingly educational (in addition, of course, to being a lot of fun!). I admit that while I was excited about the face-painting, I wasn’t sure it would ‘work’. I think the beauty of it was that although we came in without a lot of knowledge as to how to get it done, we had such enthusiastic volunteers (Elizabeth H Cho offered her face to be experimented on first, and Bilal suggested we use Open CV to check our success rate) that the workshop grew organically. We realised that it wasn’t about the binary of whether one fooled the camera or not, but rather about the extent to which we could reduce the camera’s ability to detect a face. Elizabeth managed to fool the camera almost entirely, and we found that unusual hairstyles or accessories like scarves helped as well.

Apart from the great discussion we had about our project, Sasha also suggested that we work with UYC to create user stories to help us narrow down who are target audience is going to be, as nailing this down early will ensure we’re all on the same page, and will influence the content, form, aesthetics, and style of the final product. Basically, it’s a sentence of who (student/parent/teacher/local councillor/etc), what (what do they want to do) and why (why do they want to use the product?). Creating several of these stories, and then picking one, or at least ranking the order of importance of these users, helps clarify who we envision benefiting from the product.

E.g. As a studentI want to record my side of the story so that I can change how we are perceived.

We hope to discuss possible user stories with Maria tomorrow.

Elizabeth: I found this DiscoTech to be a great experience to learn and interact with people. A student from a small liberal arts college, I am more accustomed to discussing and learning with people my age with a single professor or lecturer present, so it was quite a new but exciting experience for me to engage in discussions and hands-on activities with people who are already in fields I might be interested in.

To begin, during our short talks our group immediately had a couple of responses from others on punitive practices in schools. One attendee suggested we look into the history of juvenile discipline, while another suggested we compare the ways in which student safety is executed in suburban schools as opposed to urban schools. I then participated, or rather listened in, on the “Surveillance and Public Art” DIY talk. People discussed some of their projects and ideas, like USB drops and surveillance camera- recorded plays. I find public art to be such a strong platform to generate consciousness on surveillance, and I hope to hear and even participate more with it.

As Nushelle mentioned, our anti-face recognition was an unexpected hit. It was fun to discuss surveillance and face recognition software through an activity as simple as face-painting, we even got to talk and facepaint with a young girl (her mom also commented how nice it was to see lots of “girls” at the event!) Finally, we talked to Terry of Intelligent Mischief about storytelling methods, which I found very useful. I’m excited to use what we learned in our project.

IMG_20140301_144131_258

IMG_20140301_134139_885

IMG_20140301_140231_178

 

Posted in UYC

EFF: Project Update #2

Posted on by
IMG_6576
We learned a lot at this past weekend’s DiscoTech! It was great to see people from a lot of different backgrounds discussing stories about and problems with surveillance.
IMG_6601
To help with our project with the EFF, we held a threat model workshop, allowing people to map their assets and what threats may target those assets as well as the level of risk associated with threats gaining access to assets.
IMG_6602
We also provided people with potential scenarios to create threat models if they did not want to make their own.
IMG_6575
We envisioned this as a way to gauge what types of asset/threat combinations people are aware of as well as what level of action people are willing to take on their high-risk assets. Since we are hoping to make the EFF’s Surveillance Self-Defense website more accessible to more people, this is important information for us to have about our target user population. Moving forward, we want to make the information more visual and bite-sized, and we’re excited to start wireframing and designing this week!
– Wei-Wei & Paulina
IMG_6578
Posted in EFF

Detention Watch Network: Project Update #1

Posted on by

detentionwatchnetwork

The Detention Watch Network works through the collective strength and diversity of its members to expose and challenge the injustices of the U.S. immigration detention and deportation system and advocate for profound change that promotes the rights and dignity of all persons. Our project could potentially focus on the Detention Watch Network’s current campaign to end the bed quota.

The reality that exists is that the immigration detention bed quota requires U.S. Immigration and Customs Enforcement (ICE) to hold a minimum of 34,000 immigrants at any given time. Having a quota on how many people must be locked up every day is an issue that indirectly affects everyone. Chrislene, Sean, and I met last Wednesday 2/19 via a google hangout with Silky and Carly from the Detention Watch Network to brainstorm ideas.

A question that came up during our conversation is what would the world look like without detention centers. During the upcoming Discotech this weekend, we hope to address this question and explore the possibilities. We will be meeting with our project partners on Friday 2/28 to finalize what will be covered during the workshop portion.

So far we’ve been researching relevant projects and other inspiring works and started a list:

Punishment and Profits

Innocence Project

Personal Analytics

Data Visualisations by Jer Thorp

MIT database of interactive documentary projects 

Iced Game

Between the Bars

Vojo

For more information about the end the bed quota campaign, please visit: http://www.detentionwatchnetwork.org/EndTheQuotaNarrative

SoMove — Project Update #1

Posted on by

We (Arthi, Richard, and Ricardo) are working with SoMove: Social Movements Oral History Tour. We had our first Google Hangout on Monday, 7pm EST with our contact, Puck Lo.

SoMove is network of independent oral historians, multimedia producers, journalists, storytellers, artists and activists working together to collect digital oral histories, share resources and some content with each other, and tour to present their work.

SoMove works with activists and community groups to document ways people creatively change their lives, neighborhoods and the world. Such stories push back against and reframe conventional ideas and oppressive narratives that derive from colonialism and are used to justify inequality.

Infiltrated, our project, is an ambitious multimedia project and online searchable database that tells the national story of government infiltration and surveillance of activist groups and communities targeted by the state since 2001. To do that we’ll be collecting and compiling government records (using the Freedom of Information Act) as well as first-person accounts.  The challenge is to to build the multimedia platform, a hub/clearing house to share these stories. At launch there will be possibly two accounts of infiltration of activist groups each one with audio and their corresponding FOIA file —this will be the initial cohort to base the platform design around. Another goal is to have the platform be self-sustainable and also scalable as more stories and documentation are added to the website.

We had a preliminary discussion on methodology of design.  Based on the information we have from our conversation with Puck, the team will produce a series of wireframes to iterate and discuss on the next meeting. It is possible that this exercise can be conducted at the Discotech event.

 

 

Tor/Transition House – Project Update #1

Posted on by
Tue Feb. 25
Blog Post Draft
Today we discussed what surveillance means in domestic violence and what are the problems we can address on. We found that the subjects of surveillance are not limited to government or big firms: ordinary people – such as one’s close partner or an online stalker – can also be the subject of surveillance and do harm to the victims being surveilled.
Abuse leads to control. Control leads to surveillance. In many cases, people are living with their communication channels (e.g. Facebook accounts, mailbox passwords, cellphones) controlled by their partners or someone else. Victims in these cases are not facing death threats or under direct violence (forcing them seeking help from Transition House), but their abuse condition may last longer and be hard to escape from.
So the group of people we are serving is **the ones who are susceptible to “domestic surveillance”**. It is still hard to determine the size of this group. Some people claim that they are being surveilled and their devices are infected, but it may be a real security threat or just their own illusion.
The potential co-design projects forked from this domain are:
1. Build tools to help people find out whether their devices are infected, and whether their social network activities make them vulnerable of being stalked. The solution may be an extension of fuerza (http://www.fuerza.is/), a set of security diagnosing questionnaires. The challenge is how to gain trust from clients using these tools, and what’s the next steps after diagnosis (how to detect the source of attacks, how to de-infect the device etc.).
2. Build dataset to understand to what extent our privacy and security are being compromised in terms of infected devices and other types of digital surveillance. Works may include interviewing local police departments or building tools to collect data.
3. Raise awareness among people about security risks within their mobile devices. (Perhaps we can make some educational tools?)
What are we going to do on the Discotech?
– a fast security check of cellphone?
– a mini game or some storytelling forms?
– hacking on fuerza.is codebase or content? https://gitorious.org/fuerza

 

ACLU + Guardian (Project update 1)

Posted on by

This semester we are working with the American Civil Liberties Union (ACLU) as well as the Guardian Project.  The ACLU is an organization whose mission is “to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States.”  Often, because they are more likely to be the targets of government harassment or unequal application of the law, the ACLU works with clients from oppressed groups of people: those who are marginalized because of class, race, religion, gender, disability, immigration status, or sexual identity. The organization also works with activists, who are often also targets of government repression. People within these groups are spied on, arrested, and even deported.  It is the mission of the ACLU to help these people get the rights they deserve, and in so doing to expand civil rights and civil liberties protections for all people. The Guardian Project works to build mobile applications that help people communicate more freely, and protect themselves from intrusion and monitoring.

Projects we have discussed range from crowdsourcing the location information of surveillance devices, to notifying people when their cell-phone signal is being intercepted.  When discussing project ideas, we thought it was important to understand who would use the proposed application, in what ways would they use it, and how would it affect them.  Our initial project ideas and thoughts are shared below.

The first project we discussed was building a comprehensive dataset of information regarding surveillance devices.  This would involve building smartphone applications that enables crowdsourcing the collection of surveillance information.  For example, someone could take a phone of a video camera or other surveillance technology and then upload the data anonymously.  Building a complete data set relies heavily on user participation and other attempts have shown that it is infact a lot harder than it seems.  Moreover, the value-add is limited in that having the complete data does not do much to prevent surveillance.

Another idea we had was to begin to suggest a way in which we can diminish the 1% surveyor vs. the 99% participant of surveillance, through interactive systems. In a way that lets the public interact with video surveillance. As the simplest example, Walgreens stores have TVs that let us see ourselves being recorded, “Smile, you’re on Camera,” which acts as the first step in allowing the public to interact with surveillance.

The final project we talked about building is an application that alerts users when their cell phone signal may be compromised.  This could happen when a cell phone, unknown to the user, connects to an IMSI-catcher (http://en.wikipedia.org/wiki/IMSI-catcher).  A simple implementation of this project might alert a user when he or she connects to a tower the device has never seen before.  A more robust version might aggregate the data about cell phone tower locations to inform a user when he or she is connecting to a false or unknown mobile tower (IMSI-catcher).  The audience for this application would range from technologists to activists, and extend to anyone that’s concerned about their communication being monitored by a 3rd party.  The cost of a device that can intercept cell phones signals to monitor SMS messages and calls has dropped dramatically, and so the threat of any number of 3rd party bad actors is something to be concerned about.

We have decided to initially pursue the last project listed above (IMSI-catcher detection) after considering pros and cons of each project.  This project seems to have the largest audience, and does the most to help people combat surveillance while also revealing to them the vast telecommunications network we are all invisible tethered to.

IMSI-Catcher