I am honored to be included in the list of 2017-2018 Berkman Klein community members. This group of scholars, researchers, legal experts, technologists, information specialists, and more inspire me every year, and I can’t wait to meet the newest class. Here’s hoping I can continue to be worthy of inclusion in this fantastic community…the things I’ve learned over the last two years makes me incredibly excited for what’s to come in year three.
Category: Berkman
This morning I woke to a few “remember the day” emails that I thought were worth marking here on the blog for future reference. The first was that it was almost exactly 2 years ago that I officially left my position at UT-Chattanooga, walked away from an associate professorship and tenure, and went out on my own to try to start an independent business. So far, I’ve been very lucky and able to continue in this self-employed mode, although the downside is that it means I’m always looking for a job. 🙂 If you have a consulting need, workshop or training need, or are organizing a conference and want a great keynote….feel free to contact me. I’d love to work with you.
The second is that one year ago I became a Fellow at the Berkman Center, and spent the academic year 2015-2016 mostly living in Cambridge and enjoying the intellectual fruits of Harvard and MIT. I cannot speak highly enough of the amazing group that I was a part of…I learned so much from everyone there, and they are the most caring, careful, and thoughtful group of academics and scholars that I’ve ever been affiliated with.
And now, today, I can say that I am overwhelmingly pleased to be included in the 2016-2017 Berkman Klein community as an Affiliate. This means I get to continue my association with this amazing, wonderful community of learning…although from a distance, as I’ll not be in residence in Cambridge. I am going to be visiting as much as I can manage, though, because I have to get my 23 Everett Street fix occasionally. I’m also really pleased to be in the “transitional” class, the last to be Berkman Fellows and the first to be Berkman Klein, and to see how the Center evolves under the new nom de guerre .
To those in the incoming class at Berkman Klein: buckle up, you’re in for an amazing trip. I hope to meet all of you in September at the opening of the Center for the year.
And to everyone in the library community: I’ve got big things brewing this year. This Fall will see (finally) the launch of Measure the Future, and while I still can’t share all of my news about the project….it’s gonna be big. I’ll be doing some announcements about that over the next couple of months, including information about how your library can get involved. Soon!
OpenArchive
Sitting in the Internet Archive Great Room (see photo above for reference…yes, it’s in an old church….) I’m reminded that I never pushed out the link to the amazing new app that was created in part by my friend Nathan, available now for Android and coming soon for iOS that allows you to use the Internet Archive like your own personal Instagram:
and because Nathan and his group are awesome, the app is also open source:
and finally, direct link to the Google Play store for the app.
I’ve not seen an easier way to add photos to the Internet Archive directly than this app, and it’s got some really fantastic side benefits..the primary one being that it works transparently over Orbot if you’d like, so that uploads and connections can be driven over the Tor network without any extra effort on the user’s part.
UPDATE
The Guardian Project just posted their own announcement for the app. Their take on it is also timely since I’m spending this week at the Decentralized Web Summit:
We see this as a first step towards a more distributed, decentralized way of managing and sharing your personal media, and publishing it and synchronizing it to different places and people, in different ways.
I’ve been doing a lot of thinking, writing, and editing in the last few months that all revolved around libraries and the future of the Internet. It seems more and more obvious to me that there’s an opportunity for libraries as participants in the growing number of decentralized services on the Internet. These services are multiplying, and it seems to me that the future of communication is likely to be a better one if distributed services were more normalized on the Internet.
I’ve decided to share two essays about this topic. The first is
How Libraries Can Save the Internet of Things from the Web’s Centralized Fate over at BoingBoing, which is the highly edited and polished version of the much longer A Special Obligation to the Future over on Medium. Normally I wouldn’t share two similar pieces, but I feel like the shorter BoingBoing essay is the compressed and focused “official” version and there were things that I liked about the longer, more emotive original. So I’m sharing both here, and you can comment on, share, and critique either or both as you’d like.
I’m hoping these serve as conversation starters, and possibly as inflection points for thinking about the future of libraries in terms of their role as pillars of democracy and freedom. I’m going to be doing more work on this topic, speaking and writing and organizing over the next several months. If you’re interested in helping out and lending a hand, let me know.
And if you’re interested in decentralization in general, I highly recommend checking out Yochai Benkler’s work, especially Degrees of Freedom, Dimensions of Power. Also recommended is Phil Windley’s Decentralization is Hard, Maybe Too Hard.
They are both right, decentralization is amazingly difficult to pull off. This is why it needs help in the form of library infrastructure, political capital, and skills.
Thanks especially to David Weinberger, who was instrumental in both the conception and the editing of this piece. Also thanks to everyone who read and commented on the piece as it developed, you are all awesome.
Estonian E-Residency
On August 26th, 2015, I applied to be a digital citizen of the country of Estonia. On November 18th, 2015, I took the train from Boston to New York City, walked to the Consulate General of Estonia, and I officially became an Estonian E-resident.
What does that even mean, and why would I do it?
Estonia is one of the very first countries to implement a robust electronic identity card system for their citizens. The ID card is a smart card that has a chip embedded in it that enables a robust public-key encryption implementation that allows the owner of said card to legally sign documents electronically. Estonia has been building out their infrastructure for electronic signatures and digital identity for over a decade, and Estonian citizens can do a vast amount of interaction with their government through this system, including things like the DMV, registering for governmental programs, and even voting in elections. The system is being overseen by Taavi Kotka, the CIO of Estonia and founder of Skype.
The E-Residency program is an extension of this system to non-Estonian citizens. In its current state, the card allows me to open and run a business in Estonia if I would like (completely remotely), to set up a bank account (not completely remotely, but the banks are promising that soon), and to interact with a handful of companies that recognize the card as a legal identity document. While I don’t currently need to do any of these things, I am intrigued by the potential for robust digital identities to conduct business and interact with agencies in the real world, and right now Estonian E-Residency is the only way to do that as an American citizen.
According to the Estonian dashboard that tracks these things, I am one of 443 applicants from the US, but only 239 of us have actually picked up our cards. So somewhere in the US there’s 238 other people that are interested in playing around with this technology.
Becoming an E-Resident involves applying, paying a 50 Euro processing fee, and if accepted, picking up your E-Residency kit at an Estonian Consulate. The kit comes with your smart card, as well as a USB card reader and instructions for using the two together to interact with online portals securely.
Once you have these in your possession, you can log in to the Estonia E-Residency portal, use your card for authentication, and access the currently-available services through your browser.
I’m doing this partially because I am very curious about the future of the program, and hope that this might enable some interesting things over the next few years. If I’m honest with myself, it’s also because I read far too much cyberpunk literature as an impressionable youth, and the concept of digital citizens of a physical nation-state thrills the hell out of me.
The other aspect of this program that I find interesting is that they are opening the platform for developers to use their cards as an authentication method. Obviously there isn’t enough uptake for that to be useful yet, but systems like this one may well become standards over the next decade and knowing how to use them now will only be an advantage.
As I find interesting uses for my E-Residency, I’ll post about it here. For now, I’m just happy to be one of the first in the US to have the opportunity to test this authentication and identity platform.
I wasn’t sure how my previous post would go over, but after some back-and-forth emailing with the reporter on the piece, WTVC asked me to come in for an interview on anonymity and the “deep web”. So I did!
We talked for almost an hour, and for some stupid reason I didn’t think to record the interview myself (will not make that mistake again). They did a fine job representing my views, although clearly edited the piece for a specific audience. I’ll admit that I probably got too heavy into the weeds of the details of Tor. They were particularly touchy about my correcting the use of “Deep Web” and “Dark Web” as useful categories. I just kept using anonymity, security, privacy and tried very hard not to fall into using their very fuzzy language to describe something with lots of complexity.
My talking points revolved around how anonymity is a requirement for the freedom of speech in a free society, and that fear-based reports like their last one are actually damaging to how people should react to the world (my example, that they didn’t use, was that instead of worrying about the incredibly rare possibility of child-abduction due to predators on Tor, perhaps parents should be more worried about driving their child to school in the morning, since it was orders of magnitude more dangerous). I suppose we’ll see if there’s any feedback that comes from this as a positive concept.
I’m glad they gave me the chance to come in and talk, and I do hope it’s useful for someone out there in Chattanooga to see that wanting anonymity and privacy online isn’t just something to abet criminal activity. Privacy issues online are something that increasingly everyone should be aware of, because the risks are going to be omnipresent as we continue to move our lives into the digital space.
Deep Dark Web
A local Chattanooga news station, WTVC, ran a story about the Deep Dark Web this week. It is so, so badly done that I felt it necessary to write the producers of the work a letter about it, and decided that I would include both the above link to their story and my response here.
My letter to WTVC
Dear Producers of “Chattanooga Police Explain Dangers Of The Deep And Dark Web”:
I have so very many problems with your Deep/Dark web story from earlier this week, that it may be difficult for me to hit all of the points that I found wrong at best, and massively misleading at worst.
You failed to appropriately delineate any aspects of the technology in the piece, conflating web browsers with protocols, and generally confusing how anonymous communication works on the Internet. You mention Tor (https://www.torproject.org), the network protocol for anonymous routing of communications, but only in the service of the Tor Browser, a web interface that runs on top of said network.
More worrisome, you presented the very worst sort of fear journalism by not only presenting an “expert” in “hacktivism” that came off as little more than a stereotype talking about secret murder games without any sort of proof or questioning. The police officer was almost worse, suggesting that parents might worry if their teenagers had something to hide on their devices….of course teens have things to hide. They are teenagers. It is practically their job to find things which they do not want their parents knowing. Conflating child abduction (an incredibly rare occurrence, as I’m sure you know) with kids use of Snapchat or WhatsApp is just terrible, terrible reporting. It’s fear mongering and false from nearly every angle.
The fact that your “expert” couldn’t think of any reasons that people might want to communicate anonymously with each other is a sign of massive social privilege. Nearly any member of any minority group in the US might have reason to communicate anonymously with others, usually because of a fear of retribution from their immediate family or social circle. Imagine an LGBTQ teen struggling with self-identity in a very conservative area, and how anonymous communication might be important. Imagine how repressive regimes throughout the world make open communication between groups literally a life and death issue.
Or maybe just think about how anonymity of speech is a necessary component of the freedom of speech in the US. You are supposed to be journalists, and defending the anonymity of sources is a primary function of your job. You should know about SecureDrop (https://securedrop.org) and other tools that leverage these technologies to ensure that open communication is a thing that is maintained here in this country.
You are supposed to be better than fear mongering and misunderstanding.
Jason Griffey
Fellow, Berkman Center for Internet & Society
Harvard University
https://jasongriffey.net
Here is the video of my talk as a part of the Luncheon Series from the Berkman Center for Internet & Society at Harvard University. Titled When Online is Offline: The Case for Hyperlocal Webservers and Networks, it’s a look at the LibraryBox project, what it is, why I think it’s important, and what impact it has had on the world.
The full abstract for the talk is:
The LibraryBox Project (along with other emerging projects like PirateBox, occupy.here, IdeasBox, and others) is an attempt at bridging the divide in delivery of digital information in areas where there is a lack of communications infrastructure or where that infrastructure has been damaged or is overly monitored or controlled. As self-contained, non-connected portable servers, these devices can be used to circumvent governmental firewalls, distribute information in areas of political upheaval, reach the most remote areas to deliver healthcare information, and help recovery efforts after natural disasters.
In this presentation Jason Griffey — founder and principal at Evenly Distributed a technology consulting and creation firm for libraries, museums, education, and other non-profits — gives an overview of the LibraryBox project and its current state, goals and development roadmap, and a discussion of possible next directions and needs.
During an appearance on the LITA Top Technology Trends panel in 2014, I was discussing privacy of patron data, and mentioned that I thought it was a good idea for libraries to run Tor nodes on library servers. So when the Library Freedom Project launched their Tor in Libraries project, I was totally behind them…I even did a Tor workshop for Librarians for their workshop at ALA Annual in San Francisco.
If you aren’t familiar with Tor, I recommend reading the Wikipedia article. The TL:DR version is that Tor is a protocol and a network that is currently the best mechanism that we have for accessing information on the Internet anonymously. There are a few ways that one can use Tor, ranging from using an operating system that routes all your Internet traffic over the Tor network to just using the Tor browser, which just anonymizes your web traffic.
The way that Tor anonymizes your traffic is through a combination of encryption and blind routing, When you initially connect to the Tor network, the connection is encrypted in much the same way that the connection to your bank would be, via a public key encryption system. When you make a request for a website through the network, the Tor protocol bounces the request from one network node to the next, encrypting the traffic at every hop. Once the traffic gets a couple of hops away from the originating computer, it’s impossible to know where the request came from. Eventually the traffic exits the Tor network, back onto the regular old Internet, and gathers what you asked for, then reverses the process to get back to you.
The result is that, under ideal conditions, it is completely impossible to track or trace what’s being transmitted via Tor. For Tor to continue to operate, it needs two sorts of nodes….relay nodes that act as the “bouncing” nodes for inside the network, and exit nodes that are the places where the traffic goes out of the encrypted Tor network and back onto the regular Internet. You need both, although a ratio of more relay nodes to fewer exit nodes is fine. The traffic that goes across relay nodes is completely anonymous…from the perspective of both the network and the individual server, it is just a random string of binary code. Only at the exit nodes does the traffic decrypt, and thus exit nodes bear the brunt of all of the requests going across the network. The traffic for the broader network all has to squeeze itself through exit nodes, and the fewer exit nodes there are, the easier it is for them to be monitored…although you can’t tell where the requests for the information came from without advanced knowledge.
So why am I talking about Tor? Because I wanted to set up the story that broke last week about the first library in the US to publicly go live with a Tor relay (a middle relay) getting pressured by their local police to turn it off. The police were, in turn, pressured by the US Department of Homeland Security. From the original article on the event:
In July, the Kilton Public Library in Lebanon, New Hampshire, was the first library in the country to become part of the anonymous Web surfing service Tor. The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users’ locations.
Soon after state authorities received an email about it from an agent at the Department of Homeland Security.
“The Department of Homeland Security got in touch with our Police Department,” said Sean Fleming, the library director of the Lebanon Public Libraries.
After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project.
“Right now we’re on pause,” said Fleming. “We really weren’t anticipating that there would be any controversy at all.”
He said that the library board of trustees will vote on whether to turn the service back on at its meeting on Sept. 15.
That’s tomorrow, for those keeping track at home.
Why do I think that libraries should be running Tor nodes? I had a long discussion about this on Twitter recently, but let me use the freedom of more than 140 characters to try and talk through my thinking on this. Tor is, currently, the best option that people have for anonymous speech on the Internet. It is possible to create accounts without using your real name, it’s possible to use wifi at coffeeshops and your local library to prevent your IP from being recorded…but for real anonymity of network traffic, nothing beats using Tor.
Anonymous speech is important because it is a necessary component of the freedom of speech. The US Supreme Court has ruled again and again that the right to anonymous speech is a protected part of the First Amendment, saying in McIntyre v. Ohio Elections Commission:
Anonymity is a shield from the tyranny of the majority…It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation…at the hand of an intolerant society.
Libraries have been concerned over time with the Freedom to Read, but to doubt the role of the library in the Freedom of Speech in the US is to fundamentally misunderstand the Library (and possibly speech itself). Speech is a necessary precursor to Reading, as creation is a necessary precursor to consumption. Libraries are and should be cornerstones of free expression in the United States, and have worked to provide access to the tools of speech for years and years.
For the Department of Homeland Security to use the boogie-man of “bad things happen on Tor” as a lever to get the relay turned off is the worst sort of fear mongering. Any tool can be a weapon, and any communications mechanism can and probably will be used to enable illegal activity. There is enormously more illegal activity on the open Internet, and yet libraries everywhere provide open and robust access to the Internet via both terminal and wifi. To paint Tor as a haven for thieves and drugs and child pornography is to misunderstand not only the Tor network but to, in my opinion, to mistake the forest for the trees. Yes, tools can be used for immoral and illegal things. But that does not make the tool either immoral nor illegal.
The only rational explanation for the DHS pressuring the library to shut down their Tor relay node is that the DHS doesn’t want individuals, including US citizens, to have more robust mechanisms for anonymous speech. Per the US Supreme Court’s rulings on the links between anonymity and freedom of speech, this indicates to me that the DHS is actively attempting to prevent free and open speech on the Internet.
That is not ok with me, and it absolutely should not be ok with libraries.
If you have made it this far, please visit the EFF’s Take Action page on this effort and sign.
Attention Library (and Library-friendly or Library-adjacent) people!
If you’ll be in the Boston area on September 15th at Noon, I’ll be doing a talk as part of the Berkman Luncheon series at the Berkman Center for Internet & Society at Harvard University entitled “When online is offline: the case for hyperlocal webservers and networks.” I’ll be talking about LibraryBox (and other similar projects) and why I think they are interesting. The formal description is:
The LibraryBox Project (along with other emerging projects like PirateBox, occupy.here, IdeasBox, and others) is an attempt at bridging the divide in delivery of digital information in areas where there is a lack of communications infrastructure or where that infrastructure has been damaged or is overly monitored or controlled. As self-contained, non-connected portable servers, these devices can be used to circumvent governmental firewalls, distribute information in areas of political upheaval, reach the most remote areas to deliver healthcare information, and help recovery efforts after natural disasters. This presentation will be an overview of the LibraryBox project and its current state, goals and development roadmap, and a discussion of possible next directions and needs.
If you want to attend in person, you can register at the Berkman site, the talk will be on the Harvard Law School campus, Wasserstein Hall, Milstein East B. If you aren’t in the area it will be webcast at that same link the day of, and archived for later viewing. But if you’re a library type, I’d love to see you there…would mean a lot to have some friendly faces in the audience.