Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 14 2014

October 02 2013

Peru: Congress Passes “Practically Secret” Version of IT Crimes Act

Congresista Alberto Beingolea Delgado. Foto del Congreso de la República del Perú en Flickr (CC BY 2.0)

Congressman Alberto Beingolea Delgado. Photo by the Peruvian Congress via Flickr (CC BY 2.0)

On September 12, Peru's Congress approved [es] the IT Crimes Act, one that has generated serious questions since the release of its Pre Dictamen [es]. This has been based not only on the assumption that a good part of the text was copied from various sources, but also because it constitutes a likely threat to privacy and freedom of expression on the Internet [es].

Despite criticisms [es], the bill, known informally as the Beingolea Act [es] (named after Alberto Beingolea, original proponent of the bill), continued along its course and was approved with 79 votes in favor and none against. Congress reached a final text and voted in what many felt was a quick and questionable process.

The text of the law [es] (filtered) states that its objective is “to prevent and sanction illicit practices that affect computer systems and data, and other legal rights of criminal relevance, committed through the use of information or communication technologies, in order to ensure the effective fight against cyber crimes.” The law establishes sentences of up to ten years in prison for those who commit the offenses, which include crimes against data and computer systems, cyber crimes against sexual indemnity and freedom, and cyber crimes against the privacy and secrecy of communications, among others.

The penalties applied to each offense vary, meaning if someone commits a crime against data and computer systems, a measure written so vaguely that it could refer to various perfectly legal activities, he or she could receive a prison sentence of three to six years. In general, it is easy to see how the police or lawmakers could interpret the law in a way that could be restrictive to the exercise of fundamental rights online.

Despite the dangers that this legislation carries, there have not been as many reactions on the Internet as expected. Twitter user Blackhand @Yonzy commented on some of the legal text's shortcomings:

#CyberCrimeLaw if I built a database of people with information freely available, am I committing a crime, @CongresoPeru?

— BlackHand (@yonsy) September 16, 2013

The user also said it would be impossible to download tools for “ethical hacking,” noting that it is already “a crime to even have them.”

Internet law experts at Hiperderecho recounted the back-and-forth process that the bill went through at different moments, the presentation of a similar bill [es] on behalf of the executive branch, and the turn of events that took place on September 12, when the bill was approved:

[P]ocas horas luego del debate, el congresista Eguren volvía a someter al debate un nuevo texto de la Ley Beingolea que solo conocían los parlamentarios y que fue “plenamente consensuado con los representantes del Poder Ejecutivo, ya que tenían un proyecto de ley presentado que pretendía legislar las mismas materias”. El nuevo texto del Proyecto de Ley incorporaba casi todos los demás proyectos de ley presentados [anteriormente], pese a que no se habían revisado ni votado en Comisión previamente. Sin embargo, el nuevo texto apenas mereció un par de intervenciones menores y fue inmediatamente aprobado…

A few hours after the debate, Congressman Eguren came back to submit a new text of the Beingolea Act for debate, which only the parliamentarians knew about and was “fully agreed upon with the representatives of the Executive Branch, since they had introduced a bill that sought to legislate the same topics.” The new text of the bill incorporated almost all of the [previously] introduced bills, although it had not been reviewed nor voted on in the Commission before. Nonetheless, the new text was barely afforded a few minor interventions and it was immediately approved…

As such, without further debate and with a practically secret text, the Congress approved a bill that, despite eliminating some of the problems of the Beingolea Act, incorporated new ones. Miguel Morachimo of Hiperderecho expressed [es] his opinion:

La aprobación de la Ley Beingolea es el ejemplo perfecto de cómo no se debe llevar a cabo un proceso legislativo. En primer lugar, tienen un texto muy criticado durmiendo por más de un año en la agenda. Luego, lo someten a debate y en cuestión de horas cambian completamente el texto incorporando propuestas nuevas que no han pasado por ningún filtro en Comisión, como la de grooming o discriminación por Internet. Este nuevo texto solo lo conocen los congresistas y todos los demás ciudadanos tenemos que ver por televisión como es aprobado por unanimidad sin que sepamos qué dice. ¿No pensaron que si la primera versión había recibido tantos comentarios críticos era necesario someter a comentarios de la sociedad civil también la segunda?

The approval of the Beingolea Act is a perfect example of how a legislative process should not be carried out. First of all, they have a heavily criticized text hibernating for over a year on the agenda. Then they submit it for debate and in a matter of hours completely change the text, incorporating new proposals that have not passed through any filters in the Commission, such as grooming or discrimination on the Internet. This new text is known only to Congress members while the rest of the citizens have to watch it being approved unanimously on television without knowing what it says. Did they not think that if the first version had received so many criticisms, it would be necessary to submit the second one to civil society for comments?

From the blog V de Verguenza, author Chillinfart's attention was brought to one of the Modifying Supplementary Provisions, specifically the one amending the Criminal Procedure Code: “The licensees of telecommunications public services must immediately provide the geolocation of mobile telephones and records of interception, recordings, or registration of communications that has been ordered by the court, uninterrupted and in real time, 24 hours a day, 365 days a year…” Chillinfart comments:

[esto da] a entender un almacenamiento obligatorio de todo dato de localización generado por los usuarios de telecomunicaciones, independientemente si eres un criminal o no; pero claro, barajando que solo se tocara esa información cuando venga un mandato judicial. El problema de esta intrusion a la privacidad es que puede ser foco de otros crimenes al tener esos datos personales en manos muy dudosas, como pasó con Claro en Chile, Republica Dominicana y Perú (El caso Rosendo Arias).

[this explains] a mandatory storage of all localization data generated by telecommunications users, regardless of whether you are a criminal or not; but of course, thinking that this information would be touched only in the instance of an injunction. The problem with this intrusion of privacy is that it can be the focus of other crimes once this personal data is in very questionable hands, like the case of Claro in Chile [es], the Dominican Republic [es] and Peru (the Rosendo Arias case [es]).

Erick Iriarte of IALAW published a copy [es] of some of the Comments on the Signing of the IT Crimes Bill, which he has forward to Congress. The article is quite extensive and detailed, commenting on and making suggestions article by article, additionally including final comments in which the following is proposed:

la autógrafa no puede continuar como se encuentra, debe volver a Comisión en el mejor de los casos, o pasar al archivo y volverse a plantear una propuesta de la adhesión del Perú al Convenio de Cybercrimen, en un marco de respeto irrestricto a las libertades y derechos constitucionalmente protegidos, y en dicho marco plantear una legislación en materia de delitos informáticos, analizar que hacer con los delitos por medios informáticos y brindar herramientas de informática forense a la Policia.

the signing cannot continue as is, it must return to the Commission in a best case scenario, or be filed and re-sent as a proposal from Peru in support of the [Budapest] Cyber Crime Convention within a framework of unrestricted respect for constitutionally protected rights and liberties, and to propose legislation on the topic of cyber crimes in said framework, analyze what to do with cyber crimes and afford forensic cyber tools to the police.

Following approval, the bill requires a signature from the President of the Republic to officially become law. Given that the bill incorporates parts of the proposal made by the executive branch itself, there is a good chance that the bill will be pushed through without much further delay.

Original post published on Globalizado [es] by Juan Arellano.

September 25 2013

Queer Pakistan is Blocked: Double-Edged Sword of Media Coverage?

Queer Pakistan - Block page

Prohibited! Queer Pakistan – Block page on September 24, 2013

The newly launched Queer Pakistan website was blocked yesterday, coincidentally the same day that Global Voices published an article featuring the site. Homosexuality is legally and religiously condemned in Pakistan, and the goal of the site was to provide a safe space for young lesbian, gay and transsexual Pakistanis to discuss their sexuality anonymously.

In its brief two months of existence, the site attracted both cheers and jeers online for daring to discuss taboo subjects. News reports on Al-Jazeera and on Deutsche Presse-Agentur (DPA) helped boost the site's traffic to 10,000 unique visitors in the past month, with an average visit time of 7 minutes. Both news articles emphasized that Pakistan's web censors are typically hostile to this kind of content, but the Pakistani journalist writing for DPA went as far as requesting a statement from Pakistan's Telecommunication Authority (PTA) about the site at the end of August.

When questioned, a PTA spokesman said the government was “already examining the content of the website” and would block it if they found blasphemous or pornographic content. Alongside quotes from supporters of Queer Pakistan, the journalist also interviewed a religious leader who said, “These practices are completely against Islam. It is the government's duty to control them.” Could this naive search for journalistic balance have sounded the death knell for an otherwise brave initiative?

Gay Pride

Gay pride celebration. Photo by lewishamdreamer, via Flickr (CC BY-NC 2.0)

It's common for “keyboard warriors” in Pakistan to alert authorities when they see content they find morally or religiously objectionable so it's likely the site would have been blocked eventually. But alerting the authorities directly for public comment cannot have helped.

When it comes to communicating with the media, digital activists should remember that journalists are not always to be trusted with sensitive information. Too much press coverage can have a negative effect, especially when articles do not highlight the angles that are most beneficial to a cause. Journalists should be free to cover stories as they wish — but activists need to be conscious of the risks that this can bring.

More than once in the past, I've also seen reporters carelessly use real names instead of pseudonyms, which is why I often advise anonymous activists to maintain two fake names instead of one (the second can be offered as a “real” name to anyone who asks, but doesn't really need to know).

For Queer Pakistan, a blocked website is most likely only a bump in the road — the group obviously understands they are pushing the boundaries for what is normally considered permissible in Pakistan. The site's anonymous young founder is mirroring the website at a different domain and claims to be undeterred, saying “We won’t let PTA get away with this without a fight!”

September 09 2013

How the NSA is Tampering with Encrypted Communications (and how to fight back)

National Security Agency Headquarters. This photo has been released to the public domain via Wikimedia Commons.

National Security Agency Headquarters. This photo has been released to the public domain via Wikimedia Commons.

This post was co-authored by Dan Auerbach, staff technologist at the Electronic Frontier Foundation.
 

In one of the most significant leaks of information about US National Security Agency (NSA) spying, the New York Times, the Guardian, and ProPublica reported last week that the NSA has gone to extraordinary lengths to secretly undermine secure communications infrastructure online, collaborating with GCHQ (Britain's NSA equivalent) and a select few intelligence organizations worldwide.

These revelations imply that the NSA has pursued an aggressive program of obtaining private encryption keys for commercial products—allowing the agency to decrypt vast amounts of Internet traffic sent by users of these products. They also suggest that the agency has attempted to put backdoors (well-hidden ways to access data) into cryptographic standards designed to secure users’ communications. Additionally, the leaked documents make clear that companies that manufacture these products have been complicit in allowing this unprecedented spying to take place, though the identities of cooperating companies remain unknown.

Many important details about this program, codenamed Bullrun, are still unclear. What communications are targeted? What service providers or software developers are cooperating with the NSA? What percentage of private encryption keys of targeted commercial products are successfully obtained? Does this store of private encryption keys (presumably procured through theft or company cooperation) contain those of popular web-based communication providers like Facebook and Google?

What is clear is that these NSA programs are an egregious violation of user privacy. Under international human rights doctrine, users have a right to speak privately with fellow citizens and to freely associate and engage in political activism. If the NSA is allowed to continue building backdoors into our communications infrastructure, as law enforcement agencies have lobbied for, then the communications of billions of people risk being perpetually insecure against a variety of adversaries, ranging from governments to criminals to domestic spy agencies.

Faced with so much bad news, it's easy to give in to privacy nihilism and despair. After all, if the NSA has found ways to decrypt a significant portion of encrypted online communications, why should we bother using encryption at all? But this massive disruption of communications infrastructure need not be tolerated. Here are some of the steps you can take to fight back:

  • Use secure communications tools (read some useful tips by security expert Bruce Schneier). Your communications are still significantly more protected if you are using encrypted communications tools such as messaging over OTR or browsing the web using HTTPS Everywhere than if you are sending your communications without taking such precautions.
  • Finally, the engineers responsible for building our infrastructure can fight back by building and deploying better and more usable cryptosystems.

The NSA is attacking secure communications on many fronts; advocates must oppose them using every method they can. Engineers, policy makers, and netizens all have key roles to play in standing up to the unchecked surveillance state. The more we learn about the extent of the NSA's abuses, the more important it is for us to take steps to take back our privacy. Don't let the NSA's attack on secure communications be the end game.

The original version of this post appeared on the Electronic Frontier Foundation's Deeplinks blog.

August 10 2013

De-Anonymizing Alt.Anonymous.Messages - ritter.vg

De-Anonymizing Alt.Anonymous.Messages - ritter.vg

http://ritter.vg/blog-deanonymizing_amm.html

For the past four years I’ve been working on a project to analyze Alt.Anonymous.Messages, and it was finally getting to a point where I thought I should show my work. I just finished presenting it at Defcon, and because a lot of the people I know are interested in this were not able to make it, I’m making the slides, and more importantly the speaker notes, available for download. This kind of kills the chance anyone will actually watch the video, but that’s all right.

The slides cover the information-theoretic differences between SSL, Onion Routing, Mix Networks, and Shared Mailboxes. It talks about the size of the dataset I analyzed, and some broad percentages of the types of messages in it (PGP vs Non-PGP, Remailed vs Non-Remailed). Then I go into a large analysis of the types of PGP-encrypted messages there are. Messages encrypted to public keys, to passwords and passphrases, and PGP messages not encrypted at all!

http://defcon.org/html/defcon-21/dc-21-speakers.html#Ritter

In recent years, new encryption programs like Tor, RedPhone, TextSecure, Cryptocat, and others have taken the spotlight - but the old guard of remailers and shared inboxes are still around. Alt.Anonymous.Messages is a stream of thousands of anonymous, encrypted messages, seemingly opaque to investigators. For the truly paranoid, there is no communication system that has better anonymity - providing features and resisting traffic analysis in ways that Tor does not. Or so is believed. After collecting as many back messages as possible and archiving new postings daily for four years, several types of analysis on the contents of alt.anonymous.messages will be presented and several ways to break sender and receiver anonymity explained. Messages will be directly and statistically correlated, communication graphs drawn, and we’ll talk about what challenges the next generation of remailers and nymservs face, and how they should be designed.

http://ritter.vg/p/AAM-defcon13.pdf

But what I keep coming back to is the fact that we have no anonymity network that is high bandwidth, high latency. We have no anonymity network that would have let someone securely share the Collateral Murder video, without Wikileaks being their proxy. You can’t take a video of corruption or police brutality, and post it anonymously.
Now I hear you arguing with me in your heads: Use Tor and upload it to Youtube. No, youtube will take it down. Use Tor and upload it to MEGA, or some site that will fight fradulent takedown notices. Okay, but now you’re relying on the good graces of some third party. A third party that is known to host the video, and can be sued. Wikileaks was the last organization that was willing to take on that legal fight, and now they are no longer in the business of hosting content for normal people.
And you can say Hidden Service and I’ll point to size-based traffic analysis and confirmation attacks that come with a low-latency network, never mind Ralf-Phillip Weinmen’s amazing work the other month that really killed Hidden Services. We can go on and on like this, but I hope you’ll at least concede the point that what you are coming up with are work-arounds for a problem that we lack a good solution to.

#remailer #anonymity #encryption #defcon #tor #wikileaks #hiddenservice

August 08 2013

Dangerous buildings, malaria vaccine, PubPeer, and more

Listen to stories on dangerous buildings, a malaria vaccine, post-publication peer review, and more.

June 24 2013

China: Real Name Registration May Threaten Ethnic Minorities

Ethnic minorities in China may be facing discrimination online due to the country's new real-name registration policy. The law mandates all major portal websites to require that users verify their identity (by submitting their national ID number, home address, and other personal information) by June 2014. Since China's national legislature approved the real name registration system in December 2012, many online service providers have implemented the policy and asked their customers to verify their identity before signing up for their services.

Different platforms have unique identity verification procedures. Some have built automatic verification systems in their sites, while others process user applications on a case-by-case basis. Barat Semet, a Uyghur IT professional, recently revealed how the policy may threaten the communication rights of ethnic minorities in China, particularly the Uyghur, a largely Muslim ethnic minority group with roots in both East Asia and Europe.

In July 2009, peaceful demonstrations were broken up by police in an incident that led to riots in Urumqi, the capital city of Xinjiang Uyghur Autonomous Region, where most Uyghurs live. Since then, the Internet and mobile communication in Xinjiang has been subject to heavy censorship and surveillance. Prejudice towards Uyghurs as separatists appears to have increased, to the extent that even some ethnic dress, such as the Muslim prayer cap, has been banned in public venues.

Semet was born in Xinjiang, but his household registration number changed when he moved to Changsha, a city in Hunan Province, where he has lived for over ten years. Last month, he wrote a blog post [zh] expressing frustration over his inability to open an account on WeChat, a mobile text and voice messaging communication service developed by Tencent, one of China's largest tech companies. Semet wondered if his national ID number, which begins with 65, indicating that he was born in Xinjiang and was likely Uyghur, may have been the source of the problem. He suspected that he may have been experiencing discrimination by WeChat because of his ethnicity.

Screen capture of WeChat Public Platform's login page.

Screen capture of WeChat Public Platform's login page.

WeChat is a social media service [zh] that allows individuals and small businesses to develop interactive communication platforms with their customers or fans.

The WeChat platform Semet wanted to use was for football fans, nothing political. When he attempted to register for the platform [zh] on May 24, 2013, he submitted his real name, national ID number, home address, mobile phone number, home phone number and a close-up photo of himself. He submitted the completed application several times, but was rejected each time. On his seventh attempt, WeChat suspended his account and blacklisted his ID, claiming that the information he had submitted was fake.

He then tried to apply for the service using a different email address. Yet when he entered his ID information, a warning message popped up saying that his ID number had been black-listed because he had submitted fake information about his identity.

He called WeChat customer service the next day but reached only an automated system that provided no help. Eventually he was able to speak with a customer service agent online who asserted that the photo he had uploaded met the site's standards and promised to give him a reply within three days. But Semet never heard back from the agent.

Semet finally asked a Han Chinese friend [zh] to register and open the WeChat public platform for him. His friend encountered none of the problems Semet faced even though he completed the registration form exactly as Semet did.

In his blog post, Semet expressed frustration over the fact that WeChat customer service never responded to him. He cannot learn why they did not accept his application, nor can he find out which information the system identified as “fake”. As he has been blacklisted for using “fake” information, Semet will not be able to apply for WeChat services in the future.

April 23 2013

Japan: The Police Don't Want You to Use Tor

According to an April 18 news report, Japan's National Police Agency (NPA) may soon urge Internet Service Providers (ISPs) to ‘voluntarily’ block the use of Tor, the anonymous online communication system. The NPA report carrying this announcement has not been formally released; whether NPA will actually put this move into practice remains unknown.

A report published in late January [ja] quotes the chair of the NPA cyber security committee [temporal translation] saying:

例えばTorについていえば、「捜査」そのものから離れて、Torからのアクセスを制限するというようなことを提言して、国民のコンセンサスを得て、政策として展開していく。本部会では、このような観点から議論していきたいと思っています

As for Tor, for example we would suggest to limit access from Tor. This is something outside of investigation and should proceed as a policy with consensus of the citizens. We would like to discuss from this standpoint.

At Global Voices Online, we have written about Tor which offers a protective measure allowing users to remain anonymous in online environments where freedom of expression is limited and surveillance is prevalent.

The proposed NPA policy would be a voluntary effort to keep criminals from using anonymous networks as a way to issue threats against others. Still, the hacker collective Anonymous had something to say to NPA. ChanologyAgent who claims to be the Anonymous of Japan uploaded a message on Youtube on April 19.

Anonymous emblem. The image has been released into the public domain by its author, Anonymous.

Anonymous emblem. The image has been released into the public domain by its author, Anonymous.

What is regrettable is that Tor is not the dark and dangerous shadow network that you and the mass media would like to paint it as. Tor is merely a tool, and like all tools, it can be used both responsibly and irresponsibly.

The truth is, the Tor network helps people in repressive countries, such as Tibet, bypass censorship and communicate with the outside world. It helps whistleblowers safely expose unethical behavior by powerful people. Tor can and is used every day for noble ends.

At our last count, there were 52 Tor nodes operating in Japan, several of those exit nodes. Each and every one of those nodes contributes to the strength and stability of the network, and the exit nodes in particular help users in less fortunate countries than ours.

By discouraging Tor use in Japan, you weaken the strength of the entire network. You reduce the options for people in repressive regimes. And you rob your own people of a legitimate and perfectly legal tool they can use to protect their privacy in a world that regards it as less and less important with each passing day. We urge you to withdraw this report and renounce your recommendation for ISPs to block the Tor network in Japan.

On social networks and citizen media, users responded to the news, mostly with indignation. On bookmarklet service hatena, users commented in cynicism [ja] that the country's Internet is “turning Chinese”:

umeten:もうインターネットじゃないな

umeten: That's it, there will be no more the “Internet”

Another user, activecute, jokingly writes that communication methods may be very limited in the future.

activecute:今から伝書鳩事業を作っておけば、30年後には…牢屋行きか

activecute: why don't we tame pigeons to be carrier-pigeons…or we may be sent to jail in 30 years later

arajin :「一方で、中東の民主化運動では政府の弾圧から逃れるため民衆が活用。」国内で起きているのは愉快犯。どちらが重大かは自明。

arajin: it says [in the article] ”on the other hand, Tor was used by citizens in oppressive regimes during Arab Spring.” Compare this to what's happening in Japan, which is more like vicious users playing with threatening comments [without real action]. It's obvious the former matters.

Mobile developer Kenji wrote on twitter in reference to the Article 21 of the Constitution that guarantees confidentiality of communications:

@needle:警察がプロバイダに対してTor規制を言い出す。遅かれ早かれ言い出すだろうなと思ったら案の定か。露骨に通信の秘密に抵触しといて何が「理解を求める」だ。

@needle: Now the police start saying that they want to restrict Tor via ISP. I knew they would say that sooner or later, but this could violate the right to communications privacy. What do they mean by ” ask the public for understanding”?

On technology news blog techdirt.com, user JarHead posted a comment wondering whether this move has any effect in decreasing online crimes.

JarHead: Say that there's an “effective” ways to block Tor. What's to stop people to just abandon ship and use yet another anonymizer? Tor isn't the only one in the game, there are others. Then they'll be calling to block those as well, and people just pick up yet another one. This will go on and on until everything is blocked including legal channels.

Police were criticized last year for making wrongful arrests of citizens who they identified using IP addresses. On user submitted news site and forum slashdot.jp [ja], many commented, doubting the ability of the police to tackle cyber crimes.

However, hatena bookmark user festerfester writes that measures are needed and that the anonymous online bulletin board is becoming the hotbed for crimes.

festerfester: 警察の情報通信関係の捜査のずさんさには心底憤りを感じるけど、だからといって2ちゃんねるなどの悪質な書き込みを放置していいという話は全く別問題のはず。元管理人とかあまりにも無責任すぎると思う。

festerfester: I do feel furious about the cops for being so terrible at investigating cyber crimes. With that said, it's a different story that vicious posts on 2channel can be remain untouched. I think the former manager of the 2channel is way irresponsible.

Global Voices Advocacy will continue to cover this threat as it takes shape in Japan. If you have information or ideas for our Japan Internet policy coverage, tweet to us @Advox.

March 05 2013

#FreeRod: Chilean Twitter User Faces Trial for Parody

Chile’s freedom of expression record may be deteriorating. In 2012, after police and government authorities actively repressed media coverage of demonstrations by university students and Mapuche indigenous groups, Chile dropped 47 positions in Reporters Without Borders’ global freedom of expression ranking. This is troubling, particularly given Chile's strong policies on Internet rights — Chile became the first country to legislate Internet neutrality in 2010.

Andronico Luksic Craig. Image by Canal_13_Luksic.jpg: Pontificia Universidad Católica de Chile, retouched by Warko. Licensed for reuse by Wikimedia Commons.

Andronico Luksic Craig. Image by Canal 13, Pontificia Universidad Católica de Chile. Retouched by Warko. Licensed for reuse by Wikimedia Commons.

The Luksic Case

A recent case involving billionaire Andrónico Luksic, who has accused a Twitter user of “usurpation of identity” for running an account that mocked Luksic, also presents a threat to free expression. But it is different from the cases above. Here, it appears that the judiciary and powerful business interests in Chile might have cooperated with one another to suppress freedom of expression online.

In 2011, Chilean lawyer Rodrigo Ferrari noticed that a parody Twitter account (@losluksic) he had created, where he mocked the very rich and powerful family, had been deactivated.  Ferrari chose not to appeal the case to Twitter. What he did not know was that the account was closed due to a two-year investigation involving Mr. Luksic, Chilean government authorities, the US government, and Twitter.

Despite the clearly parodic nature of tweets sent from the account, Ferrari will soon be tried for usurpation of identity (related to but different from identity theft), a crime that can carry a penalty of 61 to 541 days in prison under Chilean law. If Ferrari is found guilty, the case could set a disturbing precedent for both free expression and privacy in Chile.

This is not the first time Mr. Luksic (listed on the Forbes 500) has sought to make expressive content unavailable to the public. Luksic has worked to stop the circulation of books via court injunctions and has requested take-downs of videos from YouTube.

Breach of Due Process?

The right to freedom of expression, enshrined by Chile’s constitution, should clearly protect Ferrari, who was merely exercising this right by commenting on a public figure. Chile's constitution [es] and Law on the Protection of Private Life also protect individual privacy, and Chilean law requires prosecutors to obtain a court order when seeking a user's identity information. Yet it appears that authorities circumvented this requirement in Ferrari's case. Chilean authorities requested assistance from the US Department of State, which in turn worked with the US Department of Justice to produce a court order requesting relevant identity records from Twitter.

Because Twitter's policy is to comply with all requests made by court orders issued in the US, Twitter cooperated and provided the necessary data to identify Rodrigo Ferrari.  With this information Mr. Luksic and his attorneys were able to pursue their case. It is unclear whether Twitter ever notified Mr. Ferrari of the investigation of his account.

The definition of “identity theft” is different in Chile than in the US — under Chilean law, a claimant does not need to prove that the defendant gained any economic benefit from the crime in order for the defendant to be found guilty. This distinction may call into question the decision of US government agencies to comply with the request from Chilean authorities.

If the information that advocates have gathered proves true, the case will embody an alarming breach of due process and rights to privacy and free expression.

Advocates Respond

Chilean NGO Derechos Digitales [es] [Digital Rights] and Derechos Digitales’ director Claudio Ruiz are defending Ferrari in court. Ruiz expressed his concerns about this case in an open letter [es]:

El caso de Andrónico Luksic muestra gráficamente estas fisuras de la libertad de expresión. Muestra, además, el excesivo celo con que el Ministerio Público ha actuado persiguiendo un delito de bagatela, utilizando recursos fiscales por más de dos años sin haber mostrado, incluso al momento de la formalización, siquiera indicios de la configuración de un ilícito penal respecto de Rodrigo Ferrari. La prepotencia que ha mostrado el sistema judicial tiene un efecto perverso, incluso en caso de ser demostrada la inocencia de Ferrari: ¿Estaríamos dispuestos a criticar en público si sabemos que podemos ser expuestos a persecución criminal?

The case of Andronico Luksic graphically illustrates fissures in freedom of expression. Moreover, it shows the disproportionate zeal with which the office of the public prosecutor in Chile has sought to prosecute a crime of minor importance, using public funds for up to two years, without proving, even in the moment when the charges were formalized, any traces of evidence that a crime was committed by Mr. Rodrigo Ferrari. The arrogance shown by the judicial system has a perverse effect, even if Ferrari’s innocence is proven. Will we continue criticizing [public figures] if we know we could be criminally prosecuted?

In a brief interview with La Tercera Newspaper [es], Luksic responded to criticism saying that he sees no parody in the account and that freedom of expression must be exercised under a person’s own name. The interview did not address whether the account actually caused Luksic any damage. Luksic refused to respond when asked whether he would pursue legal actions against other accounts using the “Luksic” name – several have been created since the case became public.

After confirming the involvement of US authorities in the case, US-based advocacy groups have begun to speak out on the issue. Campaign organization Access filed a Freedom of Information Act (FOIA) request to “ask which governments are requesting user information through mutual legal assistance treaties.”

PEN America wrote a letter to US authorities demanding an explanation of the situation:

In a letter to Secretary of State John Kerry and Attorney General Eric Holder, PEN expressed concern about the disclosure of user information, which reportedly occurred without a formal subpoena from the court hearing the case, and pointed out that Mutual Legal Assistance Treaties allow countries to refuse to such requests in cases where the prosecutions are meant to suppress freedom of expression. Noting that promoting Internet freedom has been a top policy priority of the Obama Administration, PEN warns that “complying with the request for user information that led to the identification and prosecution of Mr. Ferrari undermines the principles that the State Department has worked in so many ways to advance.

PEN’s letter requests information clarifying the involvement of the Departments of State and Justice in the disclosure of Mr. Ferrari’s identity, as well as “information on how such requests are evaluated to ensure that information concerning digital media users is not divulged in cases with free expression implications.”

Global Voices Advocacy requested information on the case from Twitter. Attorneys at Twitter responded but could offer no comment on Ferrari's case.

Support the #FreeRod Campaign

Derechos Digitales is leading a campaign [es] asking for all charges against Ferrari to be dropped. The campaign and its supporters are communicating and promoting their cause using hashtag #FreeRod. In solidarity with this effort, many users have created accounts incorporating the Luksic name.

Image by Super45 (CC-BY-NC)

Image by Super45 (CC-BY-NC)

If Mr. Ferrari is found guilty due to evidence obtained using methods that disregard due process of law, and if the judge does not acknowledge that parody is a protected form of expression, there may be a harmful chilling effect on anonymity, privacy and freedom of expression in Chile. The case could hinder the efforts of citizens to respect and fully exercise their fundamental freedoms, online and off. It is troubling that the case has been aided not only by the circumvention of due process by Chilean authorities, but also with the collaboration of the US government, a vociferous promoter of online rights throughout the world.

 

Staff at Derechos Digitales, the Electronic Frontier Foundation, and Twitter provided background information for this post.

February 07 2013

Imgur.com blocked in Azerbaijan?

The Azerbaijani government has a fairly unique way of controlling the Internet. Seldom are websites blocked. It does not behave like the governments of China, Iran or Saudi Arabia. But for a few weeks, one particular website has been inaccessible.

Imgur is a popular image sharing site. This isn’t Flickr or Snapfish where people post photos from their holiday party, it is a site where people post funny pictures, memes, and jokes. It is searchable, but people do not usually tag their photos, rather it is based on social sharing. And, most importantly, it is entirely anonymous and one does not even have to register or sign up for an account to post an image. It is quite popular for sites like Reddit.

Imgur front page

Imgur.com homepage

A few weeks ago I sent a link to an Imgur picture to a friend in Azerbaijan and she couldn’t open it. Though unusual, this may have been due to an error in the system. But since then it seems to have happened multiple times. Users in Azerbaijan can access direct links to photographs, but otherwise Imgur.com is not working in Azerbaijan. This post begins with speculation on the problem, and then presents some technical evidence.

Speculation

Why would Imgur be blocked in Azerbaijan? Why wouldn't Azerbaijan want people to look at LOLcats and cute animals? There is little evidence that Imgur is popular in Azerbaijan. For instance, a term search for Azerbaijan on the site turns up this delightful photo of Caucasian Shepherd puppies.

Caucasian Shepherd puppies

Image submitted by tappimus

The site is not known for political or anti-government content. There may be some pornography hosted on Imgur, a common problem with free photo-sharing sites, but Imgur is certainly not known for this. As in many parts of the world, Facebook and Instagram are popular photo-sharing sites in Azerbaijan – not for memes, per se, but for personal photographs. Another issue could be the degree of anonymity that Imgur provides. Anyone can upload any picture without leaving a trace like one does on Facebook or Instagram. For users concerned about government monitoring, this could make it seem safer to share information — this in turn could be a threat to a government that wants to monitor information shared on the Internet. This is the Imgur privacy policy:

Imgur does not disclose to any third party Private Data you have given us, except to the extent necessary for credit card processing; in such cases your Private Data is used by credit card processors only for that purpose (including guarding against credit card fraud). The only exception, obviously, is if we are forced to disclose the information as a result of a subpoena or other legal process. You may correct, amend, or delete inaccurate Private Data information you have given us, although any credit card transactions that have already taken place will be unaffected. For legal reasons we may retain backup and/or archival copies of information prior to your corrections, amendments, or deletions. We take every reasonable precaution to protect your Private Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. You are responsible for taking every reasonable precaution on your end to protect any unauthorized person from accessing your Imgur account.

But those likely are not the reasons why Imgur is blocked in Azerbaijan. A few weeks ago the hacker group Anonymous released a huge volume of documents leaked from Special State Protection Service of Azerbaijan. In total, there were 1.7 GB of documents released, but someone went through much of it and made the most interesting documents available on another website – Imgur.com (see album here).

It is easy to see why a government might want to block a website hosting sensitive material of this sort. But what about Azerbaijanis that want to enjoy these?

Technical evidence

To determine that Imgur is blocked in Azerbaijan, I asked multiple people located in Azerbaijan to test http://www.imgur.com using multiple Internet service providers — all reported that they could not access the site, but were instead met with a blank screen. I also used a proxy server (this made my computer think it is in Azerbaijan) to test it myself.

proxy server

Browser screenshot taken by author

The above screenshot shows my browser checking that it thinks that it is located in Azerbaijan.

Error message screenshot taken by author

I typed http://www.imgur.com and http://imgur.com into my browser and displayed the message above. I then tried to search for imgur.com on Google.az (Google.az was the default Google because my computer thought it was in Azerbaijan.)

Screen Shot 2013-02-07 at 10.52.47 AM

Google search screenshot taken by author

Next I tried to open Google Cache, a service that takes and stores “pictures” of websites so that if they go down, users can still see a version of that site's content. Google Cache did load for imgur.com, but as I understand it, Google Cache is universal, not country-specific. Next I tested it with a few sites that can verify whether a website's servers are down, including http://www.downforeveryoneorjustme.com/. The site indicated (see below) that while it was not accessible for me (being “in” Azerbaijan), the site was perfectly accessible elsewhere.

Screen Shot 2013-02-07 at 10.31.54 AM

Screenshot taken by author

My next step was to try to figure out where the blockage began with a traceroute — this is a way to see the road that your computer travels, so to speak, to see a particular website.

Azerbaijan to ford.com

Azerbaijan to ford.com

Neither told me anything. It is as if you can’t really do a traceroute from Azerbaijan. So imgur.com appears to be blocked. It may be blocked for a legitimate reason, from the perspective of state security, but it demonstrates that the government is capable of blocking websites. What else might be blocked now or in the future?

If the site being blocked were Facebook, Azerbaijanis would likely be up in arms about the blocking. But because Imgur is not that popular, there may be little reaction.

February 05 2013

Chinese Hackers Spy on Journalists to Track Whistleblowers

On January 2012, the New York Times reported that its news room's computers were constantly attacked by Chinese hackers. Shortly afterwards, the Wall Street Journal and the Washington Post also reported that they were targeted by Chinese hackers. The story is familiar to Chinese journalists, who, together with citizen reporters from mainland China, are very vulnerable to hacking and online harassment compared to their peers overseas.

This is not new for Hong Kong journalists either, who have to put up with daily surveillance of their computers at work.

To shed some light on the surveillance practices against journalists in China, Hong Kong-based online news portal The House News interviewed [zh] Cable TV China desk reporter, Lui Ping-Kuen.

The Chinese government has denied all the accusations about its involvement in hacking activities. Photo from flickr user Futurist CC: AT-NC.

The Chinese government has denied all the accusations about its involvement in hacking activities. Photo from flickr user Futurist CC: AT-NC.

Lui affirms that the hacking of email accounts is very common among journalists. “[O]nce the email account of a colleague of mine was hacked and that account sent out virus emails to all its contacts,” he recounts.

SMS text messages are also under tight surveillance. According to Lui, his interview arrangement was exposed because of a Whatsapp message. He also says that the contacts in his mobile phone were collected by the police after he was detained at a mainland China police station. He also explains that quite often, the conversation between two persons would be disrupted because of mobile surveillance.

The most terrifying experience for Lui was back in 2007 when he was helping to set up a news room in Shanghai, eastern China. “[W]e went out for a meal and when we came back, something was wrong: the windows and the light [appeared to have been disturbed] and we discovered later that the settings of three computers had been changed.”

In order to protect their sources, journalists do not use email and mobile for communication. Instead they use public phones and talk face-to-face with whistleblowers in often secret meeting places. They would not even take their mobiles along with them in meetings for fear of being tracked.

In the past few days, the Twitter accounts of many mainland Chinese independent reporters were hacked. This prompted Twitter to reset the passwords of many Chinese journalists. Twitter also sent out a notice in which it explained the following (via Deng Zhixin, a reporter from the Chinese magazine Sun Affair):

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to reset your password and publicize this attack while we still gather information. We are also helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

Compared to their peers overseas, independent Chinese citizen reporters are very vulnerable. Many of them have to endure regular “tea sessions” (unwarranted police interrogations) with internal security police officers. If they refuse to expose their information sources, it is often the case that the police finds excuse to arrest them.

The latest case is related to a sex-tape scandal, which has resulted in the sacking of 10 party officials. The video, showing Chongqing officials having sexual relations with young girls, was first uploaded on the internet by investigative journalist Zhu Ruifenghas. Zhu was later “visited” by Chongqing police. It is believed that the police wanted to get hold of the original video storage disks so as to track the digital footprints and dig out the information source. But thanks to the military history of Zhu's family and a widespread online support the police was forced to back off.

January 26 2013

Video Advocacy Races Forward: 2012’s Dangers & 2013’s Solutions

Video is increasingly at the nexus of opportunity and danger for human rights activists. Video helps activists to document, confront, circumvent, and lobby against oppressive authorities—but it also allows those authorities to stalk them. Here's what we think will happen in 2013.

Elisângela used video against forced evictions in Brazil.

Elisângela used video against forced evictions in Brazil.

Both those using video for good and for evil made big advances in 2012. Activists marshaled video in new ways to tell their stories, share their evidence, and form their communities online. Activists in Brazil told the story of forced evictions ahead of the World Cup. Activists documented military attacks on civilians in Syria. Activists in Burma documented large-scale attacks on the Rohingya minority.

Activists used video to tell their stories—and they succeeded in raising awareness of issues that risked being lost in the cacophony of world affairs. In return, repressive governments developed new ways to use video to target activists.

2013 will undoubtedly see the next stages of this video tech race—in fact, they’ve already taken shape. Activists and their allies are developing defensive security innovations, and we’ll soon see these tools protecting activists as they use video to advance their causes.

Top Video Security Threats of 2012

1. Video as Lure for Malware

Important new video’ popped up in many Syrian Skype chats in the spring and summer of 2012. The intriguing but unremarkable message seemed to contain an innocuous pdf file, but it also came with spyware called “Blackshades.” Using video as a lure, allies of the Syrian regime could now spy through the camera’s webcam, access any file they wanted, and watch every key that was pressed–including passwords. They could use what they learned to target the activist, or to infiltrate his network. The software developer has since suspended new sales, and BlackShades can now be found and removed. But in many cases, the damage was done. Similar attacks in 2012 were waged against Uyghur activists in China, and others in Bahrain, and a fake version of YouTube was created to target Syrian activists.

Video activist Abdel Karim al-Oqda, aka Abu Hassan, was killed by Syrian government forces in 2012

Video activist Abdel Karim al-Oqda, aka Abu Hassan, was killed by Syrian government forces in 2012

2. Identification through Video

Using online videos to identify and target individuals was not a new trend—but regimes rolled it out on a larger scale in 2012, with increased effectiveness and heightened consequences. Video activists often lack the capacity and resources to effectively protect their own identity, as well as the identities of individuals in the videos they’re filming. In 2012, individuals on both sides of the camera were identified and targeted. A prominent videographer was killed; another activist was arrested merely for having the live-streaming app Bambuser on his phone. As video becomes an increasingly central battlefield, anonymity can literally be a life-or-death issue.

3. Evidentiary Failings of Video

One of the biggest threats to activist video is one you might not think of. Activists worldwide are risking their lives to record video that documents atrocities. Both judicial and journalistic bodies may be unable to use videos if they can’t adequately establish the location, the date, and the civilian status of victims, among other things. Much of it lacks the supporting evidence to stand up in court—say, at the International Criminal Court or your newspaper of choice—and the risks these filmmakers take can be in vain.

Top Video Security Solutions for 2013

1. InformaCam

Video activists who want their video to have the credibility to stand up in a court room or a news room can follow a set of guidelines. Soon, those using Android cell phones can use InformaCam. This app automatically embeds data into the video file, such as location (from GPS sensors and wifi signals), and time (from internal clocks). It also creates a ‘digital fingerprint’ to tie a video to a specific camera. Because all of this can be used against activists by the repressive forces they’re fighting, everything is encrypted to keep it safe. WITNESS and our partners at the Guardian Project are developing InformaCam, and we recently received a Knight News Challenge grant to help support the project.

2. Anonymity via ObscuraCam & the YouTube Blurring Tool

Screen Shot 2013-01-22 at 5.33.14 PMYouTube’s facial blurring tool automatically detects faces in videos, and blurs them to protect the individuals’ identities. This is a huge development—activists use YouTube far more than any other platform to share their video, and this has the potential to save lives. It doesn’t protect video before it’s uploaded, though, which is one reason that WITNESS and the Guardian Project are developing ObscuraCam. ObscuraCam also removes all identifying data stored in photos, including GPS location, data, and phone make and model. These tools can protect individuals who may not even know they’re being filmed, let alone have given their consent.

3. Platform Alternatives

Although some platforms are making efforts to protect the activists who use them, like YouTube with its face-blurring tool, there are still many vulnerabilities that can be exploited with tragic consequences. Skype, a popular tool for video chatting and also sending videos from one activist to another, has recently come under fire. So why not try an alternative? In an impressively thorough article, Lifehacker suggests Jitsi as a safer alternative to Skype. Jitsi encrypts both ends of the conversation, stores nothing online, and uses more secure protocols so “you don't need to worry about that data falling into the wrong hands.” The article also suggests safer alternatives to Facebook (Glassboard) and Dropbox (SpiderOak).

For Better and for Worse: The Revolution Will be Televised

A photo shared by the Saudi Arabia Branch of the Union of Syrian Free Students.

A photo shared by the Saudi Arabia Branch of the Union of Syrian Free Students.

“Protecting Your Account = Protecting Your Friends

A different password for each account”

Videos spread through trusted networks that, like so many things involving human rights video, are a double-edged sword. The Saudi Arabia branch of the Union of Syrian Free Students shared this message because activists’ digital security is increasingly fragile and increasingly important. Video images, social networks, and threats of violence are colliding in very powerful, very dangerous ways.

Wherever human rights issues are being fought, both sides will seek to use video technology. WITNESS will be following these issues through 2013 and beyond.

January 10 2013

#DELETECONTROL/: Campaign Against Digital Repression

The time when governments were only starting to understand the power of the Internet is long gone. Repressive regimes have seen the power of the Internet to bring about change and they are trying to control it by developing sophisticated censorship and surveillance tactics, often working hand-in-hand with private companies.

Fortunately, ways to counter online repression and control do exist.

The Netherlands-based Humanist Institute for Cooperation, Hivos, in partnership with Global Voices AdvocacyWitnessMideast Youth and Tactical Technology Collective, is launching a campaign called #DELETECONTROL/.

The campaign aims to promote tools against censorship, online surveillance and repression to ”help bloggers […] stay under the radar and be safe online.” It also aims to create a supportive environment for threatened netizens through donations, by organizing trainings, creating free online platforms and the development of new solutions against digital repression.

One of the major vehicles of the campaign is an interactive film produced by Godmother Films, entitled “#DELETECONTROL/ Would you dare to upload the truth?”. The video walks us though the most common threats faced by digital activists in a repressive environment and offers simple solutions to avoid being caught.

Please support the campaign by sharing the video and by spreading the word.

#DELETECONTROL/: Campaign Against Digital Repression

The time when governments were only starting to understand the power of the Internet is long gone. Repressive regimes have seen the power of the Internet to bring about change and they are trying to control it by developing sophisticated censorship and surveillance tactics, often working hand-in-hand with private companies.

Fortunately, ways to counter online repression and control do exist.

The Netherlands-based Humanist Institute for Cooperation, Hivos, in partnership with Global Voices AdvocacyWitnessMideast Youth and Tactical Technology Collective, is launching a campaign called #DELETECONTROL/.

The campaign aims to promote tools against censorship, online surveillance and repression to ”help bloggers […] stay under the radar and be safe online.” It also aims to create a supportive environment for threatened netizens through donations, by organizing trainings, creating free online platforms and the development of new solutions against digital repression.

One of the major vehicles of the campaign is an interactive film produced by Godmother Films, entitled “#DELETECONTROL/ Would you dare to upload the truth?”. The video walks us though the most common threats faced by digital activists in a repressive environment and offers simple solutions to avoid being caught.

Please support the campaign by sharing the video and by spreading the word.

January 01 2013

South Korea: Perspectives on Chinese New Net Control Laws

On December 28, 2012, the Chinese government approved a set of new net control laws that would make it compulsory for internet intermediaries such as Internet Service Providers (ISP) and Online Service Providers (OSP) to enforce users' real name registration. In South Korea, a similar online real name registration policy has been in place since 2005, but with little success and eventual failures. In this post, we will examine the South Korean experiment and see the lessons Chinese netizens can learn from it.

How it all started in South Korea

The policy was first introduced in 2005. It was coined the “Real Name Verification Law” (제한적 본인 확인제 in Korean) and was part of the “Public Official Election Law” (”공직선거법” in Korean). This historical background demonstrated the legislation was associated with political elites' interests to suppressing online dissent. Two years later, in 2007, despite protests and criticism from the civil society with regard to threats to online privacy and freedom of expression, the law was expanded to be part of a broader “Information and Communication Network Law” (”정보통신망법” in Korean). Under this new regulation, South Korean netizens were forced to register their real name and resident registration numbers even if they were just commenting on online news bulletins. The regulation was originally limited to sites with more than 300,000 visitors per day. However, in 2009, the bar was lowered to sites with 100,000 visitors per day. The official rationale for this government encroachment on the net was to “reduce the use of offensive language in the cyberspace.”

How the legacy of the authoritarian past led to an Orwellian present

The most controversial element in the legislation is the fact it not only requires users to provide their real names but also their resident registration numbers (”주민등록번호” in Korean). Resident registration numbers are a legacy of the troubled past of South Korea and bring up bad memories. They were first introduced in the 1970s, during the authoritarian rule of Park Jung Hee, officially to help detect North Korean spies.

Many internet users think these registration numbers, while endangering their privacy, are used today to justify an Orwellian control of the internet. The system is also vulnerable. Personal information of South Korean internet users was leaked several times onto the Internet.

On August 23, 2012, the law was challenged before the South Korean Constitutional Court which ruled that the “Real Name Verification Law” (legislated as part of Information and Communication Network Law) was unconstitutional. The court considered that the law hinders online freedom of expression, harms privacy protection and is being challenged by the emergence of foreign and new online services that are not subject to the regulation, such as YouTube and Twitter.

Jeonghwan Lee, a prominent South Korean independent journalist, hailed [ko] the court decision. He lamented, however, that much harm has been caused by the law already. He blamed it on what he called an “ill-conceived state decision inspired by our tormented and tortured past” (오욕과 삽질의 역사 in Korean).

South Korea's Constitutional Court - by Passion84Photos (CC BY-NC 2.0)

Korean perspectives on the Chinese new net control laws

Since China announced it will enforce a real name registration policy, reactions from South Korean netizens were generally negative. They have experienced first-hand the “side-effects” of such a policy and realized long ago that its promises were hollow. Some of them also acknowledged that the new Chinese regulations might have a different effect as the two countries differ economically and politically.

Blogger Barobaro while noting that the Chinese real name registration policy has been actually introduced in 2005, warns [ko] of its impact on foreign firms operating in Chinese domestic market. He writes:

이번 법안은 “모든 인터넷 사용자들이 인터넷 서비스를 사용할 시 반드시 실명인증을 하도록 한 것”으로서 다시 말해서 기존의 모든 실명제를 포함할 뿐만이 아니라 해당 사항을 중국시장에 진출하려는 해외기업에까지 강요할 것으로 보인다.

This act forces “all net users to register their names to use online services”. It means, in other words, that the Chinese real name verification system will be enforced on foreign firms as well.

The blogger also wonders [ko] why the Chinese government has decided to expand the real name registration policy when it has “spectacularly failed” in neighboring South Korea:

한국에서는 2012년 8월 23일 헌법재판소에서 위헌판정을 내리면서 2007년부터 실행되어 온 인터넷실명제가 폐지되었다. 2011년 9월 뉴욕타임즈에서 지적하였다 싶이 ““온라인에서의 익명 표현의 자유는 단순히 개인 정보 보호 차원이 아니라 아랍의 반정부 시위에서 보듯이 정치적으로 민감한 반대 의견을 표명하거나 기업의 기밀을 폭로하려는 내부 고발자에게 필수적”이라고 하였듯이 표현의 자유의 문제와 직결된다. 단순히 이념적인 문제뿐만이 아니라 옥션, 네이트의 개인정보가 해킹을 통해서 대량으로 유출되는 등의 심각한 문제가 발생하였다.

In South Korea, the Constitutional Court killed the five-year old regulation which started in 2007. As The New York Times pointed out “online anonymous expression is not only a matter of personal privacy protection. As shown from the case of the Arab Spring, it is indispensable for political dissenters expressing opposing ideas[, and also] to whistle-blowers revealing the inside information of companies.” Maintaining an online anonymous identity is directly associated with freedom of expression. It is not only an ideological question, as we have witnessed when the public was shocked to discover Auction and Nate's accumulated users' personal information leaked following a massive hacking attack.

The blogger, however, thinks [ko] that, unlike South Korea, the Chinese government will succeed in cementing net control via its real name registration policy, as the two countries' political systems vary with regard to democratic accountability:

중국은 한국과는 다르게 성공할 것으로 보인다. 한국에서는 사실상 수 많은 유져들이 해외서비스를 이용하는 현실적인 회피수단과 동시에 민주주의가 일정 이상 자리 잡은 곳이었기에 인터넷 실명제는 결국 패망할 수 밖에 없었다.  그러나 중국은 구글이나 위키와 같은 “자유언론”을 지지하는 해외 인터넷 싸이트을 완전히 차단하는 행위를 이미 하고 있고, 그 결과 중국정부에 충성하는 국내기업들에 중국사용자들이 모두 몰려 있는 상황이기에 얼마든지 인터넷 실명제를 시행할 수 있으며, 개인정보유출과 같은 인터넷 실명제의 폐단을 은닉할 수 있으리라 생각된다.

Nevertheless, China will succeed in cementing the net control via real name [registration] policy which is quite different from that of the South Korean government. In South Korea, many users can freely use foreign services and democracy has been institutionalized to some extent. Thus real name verification from the beginning was very fragile. However in China, foreign services that support free expression like Google and Wikipedia are totally banned. Chinese users are only using the domestic Internet firms which show loyalty towards the Chinese government. So the Chinese regime can more comfortably enforce real name registration policy, even if serious privacy crises occur, as the government can always conceal its existence at all.

Blogger eBizbooks points out that some Chinese leaders misinterpreted the impact of the real name verification law on the South Korean society. He shares Barobaro's concern that this shift towards control will diminish the attractiveness of the Chinese market to foreign entrepreneurs and investors:

[중국의] 인터넷 실명제 찬성 측의 찬성 찬성 이유 중 하나는 “인터넷 선진국인 한국에서는 실명제를 실시하고 있다”는 것입니다. 중국 정부는 자신들의 체제 유지에 가장 위협적인 요소 중 하나로 인터넷에서의 다양한 주장 표출을 꼽습니다. 정치인들이 곧잘 얘기하는 “민심이 곧 천심”이라면 그 하늘이 인터넷인 것이지요. … 현재 중국의 인터넷 이용자 수는 4억을 넘었으며 2006년 이후부터의 폭팔적인 상승세는 현재진행형입니다. 이들의 힘은 제대로 기능하지 못하는 언론의 기능을 대신 수행하여 정부를 감시할 정도로 막강합니다. … 중국 정부는 당연히 두려울 수밖에 없지요. 이러한 상황에서 중국 정부의 인터넷 통제가 완화되리라는 기대는 시기상조일 겁니다. 중국 진출을 염두에 둔 분들이시라면 결국에는 시장 철수한 구글처럼 중국 인터넷의 통제와 검열의 리스크가 완화되기를 기대하기보다는, 중국 인터넷 시장 상황에 맞는 전략을 다시 수립한 다음 차분히 기회를 노려야겠지요.

[In China], those who are in favor of tightening net control boast that “South Korea, a leading nation in the Internet, already has employed a real name registration policy”. The Chinese government regards the diversity of opinions blossoming over the internet as a challenge to the regime's security. [As the old saying goes] “the collective mind of citizens is the heavenly sovereignty”. It is now expressed through the Internet […] Currently China has more than 4 million net users and it has bee rapidly growing. The Internet public sphere somehow replaced the malfunctioning Chinese media and played the role of a watchdog… It is therefore understandable that the Chinese government fears the Internet. Under this circumstance, it is unlikely that the Chinese government will lighten its grip on the net. […] If you are considering moving your business into China, you need to set up a new business strategy that is adaptable to Chinese government-led market and must wait until the risk imposed by Chinese net control and surveillance is softened.

South Korea: Perspectives on Chinese New Net Control Laws

On December 28, 2012, the Chinese government approved a set of new net control laws that would make it compulsory for internet intermediaries such as Internet Service Providers (ISP) and Online Service Providers (OSP) to enforce users' real name registration. In South Korea, a similar online real name registration policy has been in place since 2005, but with little success and eventual failures. In this post, we will examine the South Korean experiment and see if Chinese netizens can learn any lessons from it.

How it all started in South Korea

The policy was first introduced in 2005. It was coined the “Real Name Verification Law” (제한적 본인 확인제 in Korean) and was part of the “Public Official Election Law” (”공직선거법” in Korean). This historical background demonstrated the legislation has been associated with the political elites' interests of suppressing online dissent opinions. Two years later, in 2007, despite protests and criticism from the civil society with regard to threats to online privacy and free expression, the law was expanded to be part of “Information and Communication Network Law” (”정보통신망법” in Korean). Under this new regulation, South Korean netizens were enforced to register their real name and resident registration number even if they just want to make a comment on online bulletin boards. First, the subject of regulation was limited to the sites which have more than 300,000 visitors per a day however, in 2009, the bar was soon lowered to 100,000 visitors per a day. The official rationale of this government encroachment on the net was to reduce “the use of offensive language in the cyberspace.”

How the legacy of the authoritarian past led to an Orwellian present

The most controversial element in the legislation is the fact it not only requires users to provide their real names but also their resident registration numbers (”주민등록번호” in Korean). Resident registration numbers are a legacy of the troubled past of South Korea and bring up bad memories. They were first introduced in the 1970s, during the authoritarian rule of Park Jung Hee, officially to help detect North Korean spies.

Many internet users think these registration numbers, while endangering their privacy, are used today to justify an Orwellian control of the internet. The system is also vulnerable. Personal information of South Korean internet users was leaked several times onto the Internet.

On August 23, 2012, the law was challenged before the South Korean Constitutional Court which ruled that the “Information and Communication Network Law” was unconstitutional. The court considered that the law hinders online freedom of expression, harms privacy protection and is being challenged by the emergence of foreign and new online services that are not subject to the regulation, such as YouTube and Twitter.

Jeonghwan Lee, a prominent South Korean independent journalist, hailed [ko] the court decision. He lamented, however, that much harm has been caused by the law already. He blamed it on what he called an “ill-conceived state decision inspired by our tormented and tortured past” (오욕과 삽질의 역사 in Korean).

South Korea's Constitutional Court - by Passion84Photos (CC BY-NC 2.0)

Korean perspectives on the Chinese new net control laws

Since China announced it will enforce a real name registration policy, reactions from South Korean netizens were generally negative. They have experienced first-hand the “side-effects” of such a policy and realized long ago that its promises were hollow. Some of them also acknowledged that the new Chinese regulations might have a different effect as the two countries differ economically and politically.

Blogger Barobaro while noting that the Chinese real name registration policy has been actually introduced in 2005, warns [ko] of its impact on foreign firms operating in Chinese domestic market. He writes:

이번 법안은 “모든 인터넷 사용자들이 인터넷 서비스를 사용할 시 반드시 실명인증을 하도록 한 것”으로서 다시 말해서 기존의 모든 실명제를 포함할 뿐만이 아니라 해당 사항을 중국시장에 진출하려는 해외기업에까지 강요할 것으로 보인다.

This act forces “all net users to register their names to use online services”. It means, in other words, that the Chinese real name verification system will be enforced on foreign firms as well.

The blogger also wonders [ko] why the Chinese government has decided to expand the real name registration policy when it has “spectacularly failed” in neighboring South Korea:

한국에서는 2012년 8월 23일 헌법재판소에서 위헌판정을 내리면서 2007년부터 실행되어 온 인터넷실명제가 폐지되었다. 2011년 9월 뉴욕타임즈에서 지적하였다 싶이 ““온라인에서의 익명 표현의 자유는 단순히 개인 정보 보호 차원이 아니라 아랍의 반정부 시위에서 보듯이 정치적으로 민감한 반대 의견을 표명하거나 기업의 기밀을 폭로하려는 내부 고발자에게 필수적”이라고 하였듯이 표현의 자유의 문제와 직결된다. 단순히 이념적인 문제뿐만이 아니라 옥션, 네이트의 개인정보가 해킹을 통해서 대량으로 유출되는 등의 심각한 문제가 발생하였다.

In South Korea, the Constitutional Court killed the five-year old regulation which started in 2007. As The New York Times pointed out “online anonymous expression is not only a matter of personal privacy protection. As shown from the case of the Arab Spring, it is indispensable for political dissenters expressing opposing ideas[, and also] to whistle-blowers revealing the inside information of companies.” Maintaining an online anonymous identity is directly associated with freedom of expression. It is not only an ideological question, as we have witnessed when the public was shocked to discover Auction and Nate's accumulated users' personal information leaked following a massive hacking attack.

The blogger, however, thinks [ko] that, unlike South Korea, the Chinese government will succeed in cementing net control via its real name registration policy, as the two countries' political systems vary with regard to democratic accountability:

중국은 한국과는 다르게 성공할 것으로 보인다. 한국에서는 사실상 수 많은 유져들이 해외서비스를 이용하는 현실적인 회피수단과 동시에 민주주의가 일정 이상 자리 잡은 곳이었기에 인터넷 실명제는 결국 패망할 수 밖에 없었다.  그러나 중국은 구글이나 위키와 같은 “자유언론”을 지지하는 해외 인터넷 싸이트을 완전히 차단하는 행위를 이미 하고 있고, 그 결과 중국정부에 충성하는 국내기업들에 중국사용자들이 모두 몰려 있는 상황이기에 얼마든지 인터넷 실명제를 시행할 수 있으며, 개인정보유출과 같은 인터넷 실명제의 폐단을 은닉할 수 있으리라 생각된다.

Nevertheless, China will succeed in cementing the net control via real name [registration] policy which is quite different from that of the South Korean government. In South Korea, many users can freely use foreign services and democracy has been institutionalized to some extent. Thus real name verification from the beginning was very fragile. However in China, foreign services that support free expression like Google and Wikipedia are totally banned. Chinese users are only using the domestic Internet firms which show loyalty towards the Chinese government. So the Chinese regime can more comfortably enforce real name registration policy, even if serious privacy crises occur, as the government can always conceal its existence at all.

Blogger eBizbooks points out that some Chinese leaders misinterpreted the impact of the real name verification law on the South Korean society. He shares Barobaro's concern that this shift towards control will diminish the attractiveness of the Chinese market to foreign entrepreneurs and investors:

[중국의] 인터넷 실명제 찬성 측의 찬성 찬성 이유 중 하나는 “인터넷 선진국인 한국에서는 실명제를 실시하고 있다”는 것입니다. 중국 정부는 자신들의 체제 유지에 가장 위협적인 요소 중 하나로 인터넷에서의 다양한 주장 표출을 꼽습니다. 정치인들이 곧잘 얘기하는 “민심이 곧 천심”이라면 그 하늘이 인터넷인 것이지요. … 현재 중국의 인터넷 이용자 수는 4억을 넘었으며 2006년 이후부터의 폭팔적인 상승세는 현재진행형입니다. 이들의 힘은 제대로 기능하지 못하는 언론의 기능을 대신 수행하여 정부를 감시할 정도로 막강합니다. … 중국 정부는 당연히 두려울 수밖에 없지요. 이러한 상황에서 중국 정부의 인터넷 통제가 완화되리라는 기대는 시기상조일 겁니다. 중국 진출을 염두에 둔 분들이시라면 결국에는 시장 철수한 구글처럼 중국 인터넷의 통제와 검열의 리스크가 완화되기를 기대하기보다는, 중국 인터넷 시장 상황에 맞는 전략을 다시 수립한 다음 차분히 기회를 노려야겠지요.

[In China], those who are in favor of tightening net control boast that “South Korea, a leading nation in the Internet, already has employed a real name registration policy”. The Chinese government regards the diversity of opinions blossoming over the internet as a challenge to the regime's security. [As the old saying goes] “the collective mind of citizens is the heavenly sovereignty”. It is now expressed through the Internet […] Currently China has more than 4 million net users and it has bee rapidly growing. The Internet public sphere somehow replaced the malfunctioning Chinese media and played the role of a watchdog… It is therefore understandable that the Chinese government fears the Internet. Under this circumstance, it is unlikely that the Chinese government will lighten its grip on the net. […] If you are considering moving your business into China, you need to set up a new business strategy that is adaptable to Chinese government-led market and must wait until the risk imposed by Chinese net control and surveillance is softened.

December 31 2012

10 New Year's Resolutions to Browse the Internet Safely in 2013

At Global Voices Advocacy (GVA), we are dedicated to defending freedom of expression online. We have always been keen on publishing guides and tools to help our fellow netizens navigate the internet safely, circumvent censorship and protect themselves online.

That is why, in 2013, we are committed to continue to defend your rights as netizens by publishing original reports and a new series of guides covering areas as diverse as circumvention, anonymity, surveillance, privacy, citizen journalism, visualization, online activism and advocacy.

As 2012 draws to a close, dear reader, here at team Advox, we've decided to suggest 10 resolutions for 2013, presented in the form of a review of the tools and strategies to protect yourself online. This is a selection of the best ways and methods we've come across in 2012. Remember that no one tactic will ever provide you with 100% security and safety online. At all times, stay armed with your common sense.

#1 - Hide your identity when using your mobile

Whether you're a company wishing to monitor the browsing habits of your potential customers or a repressive government obsessed with tracking dissidents online, mobile devices have been created for you. No technology has come so close to achieving Orwell's dystopian nightmare. Yet there are many ways to help users browse the Internet with their mobile devices in a smarter and safer way:

Orbot is a free, open source Android application that uses Tor's worldwide network of servers to conceal user's location and identity. The application was developed by Tor and The Guardian Project.

#2 - Learn good mobile reporting practices

Whether you're a professional journalist or a citizen media producer you might want to take a look at “Media Workers’ Toolkit for Safer Online and Mobile Practices“. This comprehensive guide, produced by Internews, a non-profit organization working to empower local media worldwide, offers good advice for media producers on how to protect themselves and their sources while using their mobile devices.

#3 - Stay anonymous online

Keep websites and governments from tracking you online, use Tor. Tor is a popular free browser that uses a global volunteer network of servers that helps you surf the internet securely while concealing your location from network surveillance and traffic analysis. Tor can also be downloaded onto a USB drive and used from any computer.

#4 - Remember the basics

It's always a good idea to remind ourselves of some basic online safety rules. Google offers a set of useful tips for staying more secure on the web.

Speaking of basics, the Electronic Frontier Foundation's (EFF) Surveillance Self Defense page remains a must-read for those of us willing to know more about the fundamentals of defensive technologies such as encryption, secure deletion or virtual private networks.

#5 - Think ahead of trouble

If you're a blogger, especially if you live in a repressive environment, think of a contingency plan in the event of an arrest. GVA's own Jillian C. York offers a number of tips and premeditated actions for threatened bloggers in this article she wrote for the Electronic Frontier Foundation.

#6 - Browse like James Bond… Don't leave a trace

Lifehacker walks us though how to use a portable Linux-based, live-boot operating system called Tails, to browse the internet from any computer “without leaving a trace.” The tactic is not completely infallible, but nothing ever is, isn't it?

#7 - Protect your privacy, stop online tracking

Your browsing habits say much about you. Most websites and online advertisers know it very well and use invisible tracking techniques to record personal information about you.

EFF offers an quick 4-step guide that will allow you to stop unwanted privacy invasion.

You may also want to use DuckDuckGo, an alternative search engine that, unlike Google, does not record user information.

#8 - Protect your data

Protect your sensitive data by using a hard disk encryption software like Truecrypt. Use it on every computer you own. Trucrypt is an easy-to-use, lightweight and intuitive freeware that can encrypt parts or your entire storage device. It is particularly useful for protecting and hiding your sensitive files, especially when travelling and crossing borders.

This Wikipedia article offers additional information on alternative disk encryption software and their system compatibility.

#9 - Destroy undesirable data

Deleted files may easily be recovered by interested parties. Make sure your sensitive data is not available to others by using data erasure software. One of the most popular of such tools is Eraser, a freeware available for Windows. It destroys undesirable data by overwriting it several times.

#10 - Commit to defeating censorship

Because the internet's original purpose is to allow people to communicate freely, without governments or corporations interfering, it is essential that we, netizens, learn about ways to make life difficult for the enemies of freedom of expression.

Floss Manuals, a Netherlands-based non-profit foundation dedicated to promoting the use of free software, published a comprehensive book earlier this year called “How To Bypass Internet Censorship” [PDF, 240 pages, 12 MB]. The book contains a diverse range of tools and techniques tailored to defeat censorship. It also assesses the risks associated with the use of each tool. A lightweight “Quickstart” version is also available here [PDF, 8 pages, 268 KB].

* * *

- Tactical Technology Collective's Security In A Box: A comprehensive set of digital security tools tailored for activists. Available in multiple languages.

- Access' “A Practical Guide to Protecting Your Identity and Security Online and When Using Mobile Phones“. Also available in multiple languages.

Thanks to the Global Voices Advocacy community for helping put together the resources available in this post.

10 New Year's Resolutions to Browse the Internet Safely in 2013

At Global Voices Advocacy (GVA), we are dedicated to defending freedom of expression online. We have always been keen on publishing guides and tools to help our fellow netizens navigate the internet safely, circumvent censorship and protect themselves online.

That is why, in 2013, we are committed to continue to defend your rights as netizens by publishing original reports and a new series of guides covering areas as diverse as circumvention, anonymity, surveillance, privacy, citizen journalism, visualization, online activism and advocacy.

As 2012 draws to a close, dear reader, here at team Advox, we've decided to suggest 10 resolutions for 2013, presented in the form of a review of the tools and strategies to protect yourself online. This is a selection of the best ways and methods we've come across in 2012. Remember that no one tactic will ever provide you with 100% security and safety online. At all times, stay armed with your common sense.

#1 - Hide your identity when using your mobile

Whether you're a company wishing to monitor the browsing habits of your potential customers or a repressive government obsessed with tracking dissidents online, mobile devices have been created for you. No technology has come so close to achieving Orwell's dystopian nightmare. Yet there are many ways to help users browse the Internet with their mobile devises in a smarter and safer way:

Orbot is a free, open source Android application that uses Tor's worldwide network of servers to conceal user's location and identity. The application was developed by Tor and The Guardian Project.

#2 - Learn good mobile reporting practices

Whether you're a professional journalist or a citizen media producer you might want to take a look at SpeakSafe's “Media Workers’ Toolkit for Safer Online and Mobile Practices“. This comprehensive guide offers good advice for media producers on how to protect themselves and their sources while using their mobile devices.

#3 - Stay anonymous online

Keep websites and governments from tracking you online, use Tor. Tor is a popular free browser that uses a global volunteer network of servers that helps you surf the internet securely while concealing your location from network surveillance and traffic analysis. Tor can also be downloaded onto a USB drive and used from any computer.

#4 - Remember the basics

It's always a good idea to remind ourselves of some basic online safety rules. Google offers a set of useful tips for staying more secure on the web.

Speaking of basics, the Electronic Frontier Foundation's (EFF) Surveillance Self Defense page remains a must-read for those of us willing to know more about the fundamentals of defensive technologies such as encryption, secure deletion or virtual private networks.

#5 - Think ahead of trouble

If you're a blogger, especially if you live in a repressive environment, think of a contingency plan in the event of an arrest. GVA's own Jillian C. York offers a number of tips and premeditated actions for threatened bloggers in this article she wrote for the Electronic Frontier Foundation.

#6 - Browse like James Bond… Don't leave a trace

Lifehacker walks us though how to use a portable Linux-based, live-boot operating system called Tails, to browse the internet from any computer “without leaving a trace.” The tactic is not completely infallible, but nothing ever is, isn't it?

#7 - Protect your privacy, stop online tracking

Your browsing habits say much about you. Most websites and online advertisers know it very well and use invisible tracking techniques to record personal information about you.

EFF offers an quick 4-step guide that will allow you to stop unwanted privacy invasion.

You may also want to use DuckDuckGo, an alternative search engine that, unlike Google, does not record user information.

#8 - Protect your data

Protect your sensitive data by using a hard disk encryption software like Truecrypt. Use it on every computer you own. Trucrypt is an easy-to-use, lightweight and intuitive freeware that can encrypt parts or your entire storage device. It is particularly useful for protecting and hiding your sensitive files, especially when travelling and crossing borders.

This Wikipedia article offers additional information on alternative disk encryption software and their system compatibility.

#9 - Destroy undesirable data

Deleted files may easily be recovered by interested parties. Make sure your sensitive data is not available to other by using data erasure software. One of the most popular of such tools is Eraser, a freeware available for Windows. It destroys undesirable data by overwriting it several times.

#10 - Commit to defeating censorship

Because the internet's original purpose is to allow people to communicate freely, without governments or corporations interfering, it is essential that we, netizens, learn about ways to make life difficult for the enemies of freedom of expression.

Floss Manuals, a Netherlands-based non-profit foundation dedicated to promoting the use of free software, published a comprehensive book earlier this year called “How To Bypass Internet Censorship” [PDF, 240 pages, 12 MB]. The book contains diverse range of tools & techniques tailored to defeat censorship. It also assesses the risks associated with the use of each tool. A lightweight “Quickstart” version is also available here - PDF, 8 pages, 268 KB.

 

* * *

More resources

- Tactical Technology Collective's Security In A Box: A comprehensive set of digital security tools tailored for activists. Available in multiple languages.

- Access' “A Practical Guide to Protecting Your Identity and Security Online and When Using Mobile Phones“. Also available in multiple languages.

Thanks to the Global Voices Advocacy community for helping put together the resources available in this post.
Reposted bycheg00 cheg00

August 26 2011

02mydafsoup-01

[...]

This whole persona/pseudonym argument may seem like a tempest in a teapot, but the fact is, the forum for public discourse is no longer the town hall, or newspaper, or fliers on the street. It is here on the Internet, and it is happening in communities like this, hosted by private sector companies. Freedom of speech is not guaranteed in these places. As +Lawrence Lessig once said,"the code is the law." The code that Google applies, the rules they set up now in the software, are going to influence our right to speak out now and in the future. It is imperative that we impress upon Google the importance of providing users with the same rights (and responsibilities) as exist in the society that nurtured Google and brought about its success.

I'm going to try to summarize the discussion as I've seen it over the past few weeks. Since this is a long post (tl;dr), here's a description of what's coming so if you want, you can skip to the section that you're interested in.


[…]

Here lies the huge irony in this discussion. Persistent pseudonyms aren't ways to hide who you are. They provide a way to be who you are. You can finally talk about what you really believe; your real politics, your real problems, your real sexuality, your real family, your real self. Much of the support for "real names" comes from people who don't want to hear about controversy, but controversy is only a small part of the need for pseudonyms. For most of us, it's simply the desire to be able to talk openly about the things that matter to every one of us who uses the Internet. The desire to be judged—not by our birth, not by our sex, and not by who we work for—but by what we say.

Pseudonyms are not new to the computer age. Authors use them all the time. Our founding fathers used them. Anonymous and pseudonymous speech have been part of democratic society since its beginning. What is new is that more and more strangers, whom we have never seen and never spoken to, know our names. What is new is that a name, with just a few minor pieces of information (birthdate, friends names, employer, industry, town…) can in a few seconds provide thousands of personal details about who you are and where you live.

[…]
On Pseudonymity, Privacy and Responsibility on Google+ - TechnoSocial | 2011-07-27
Reposted bykrekkeat-slow

August 22 2011

02mydafsoup-01
via Diaspora* - graphics & icon support from a community member

Registration at Diaspora* - a decentralized social media platform - is meanwhile unlimited - no real name obligation, like in G+ and Fb !
https://joindiaspora.com
or have a look to this list of Diaspora* pods to choose whatever pod you want to join as your registration server.

oAnth's Diaspora handle: 02mydiaspo01@joindiaspora.com |
oAnth's profile: https://joindiaspora.com/people/22992

For French speaking users: follow the hash tag #French;
for German speaking users: to start, follow for instance #jul14 or #German ;
for English speaking users: you may try #English (not useful); it's in general for you much easier; many conversations are by necessity in English -

 generally it's easy, once you will be registrated:
you will have no problems to build up your contacts and to figure out their specific nationalities and interests (profiles);
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl