Tag Archives: blog

Open Letter to the Cuba Internet Task Force

The following is a response to an invitation to participate in the recently formed Cuba Internet Task Force.

Task Force Representatives:
I will not be joining the Cuba Internet Task Force, or Subcommittees, because I believe the harm done by the existence of these committees outweighs any potential benefit of the recommendations that can come from them.

In recent years, Cuba has increasingly normalized Internet usage, through expansion and cost reduction of WiFi, through the advent of AirBNB as a major source of tourism revenue, and through growing traffic capacity.

In the scope of my work, I have documented the flourishing community wireless networks operating in tandem with official Internet service from ETECSA. These community efforts already address the “last mile” problem, and it is not hard to imagine the future where they are consolidated or integrated to provide Internet-to-the-home for many more Cubans.

These efforts are hindered by the perception by the Cuban government that the Internet and its associated ‘freedom’ are being forced upon them by the United States. In the wake of the creation of this task force, Cuban media has focused on the implied pressure, and private individuals in the Cuban technology sector have come under increased scrutiny.

Instead of attempting to influence the policies of another sovereign nation, I encourage us to reflect more on our internal policies. US government sanctions currently require a wide range of US-based education and reference sites from blocking Cuban traffic. Likewise, limitations preventing Cubans from connecting to US-invested undersea cables are partially responsible for the scarcity and cost of Cuban Internet connections. Reducing these sanctions can allow Cubans to become a market for US companies, and will provide additional incentives for widespread connectivity across the country.

A whirlwind trip to Beirut

Through a series of unlikely events, I found myself with the opportunity to visit Beirut for a week in early March of 2018. It was a great experience, and challenged many of the stereotypes I had developed about the realities of both the middle east and proximity to conflict zones.

The most impressive aspect of Lebanon to me was the handling and presence of the refugee situation in the area. Lebanon has had a significant southern area of refugee camps for those moving away from conflict in Palestine. More recently, a sizable refugee population has entered the country leaving the Syrian conflict. Today, there are more refugees in Lebanon than citizens, which is a source of conflict and tension in many parts of the country.

Camps, at least the impressive images of dense clusters of refugees we see in western news, do not reflect the reality I found in Lebanon. At least from the portion of the eastern countryside I saw, refugees are situated in small clusters of a few families at edges of existing towns and cities. While shelter construction is rushed, as families arrive and quickly need places to stay, there’s a significant local variability in how much local time and resources are available to construct more livable dwellings. On the ground, the competence and overloaded-ness of the local NGOs and community members is probably the biggest factor in outcome. The structures I saw had power, TVs, and charging android phones.

I was caught off guard in a good way by the urban population center of Beirut. First, Beirut continues to exist as a melting pot of a bunch of different ethnicities and cultures. Second, there was both a general tolerance and liberalism that exceeded what I’ve seen in UAE or Pakistan. Third, that liberalism translated into a much less pervasive security apparatus than I was expecting given the location and strife in the region. I needed to provide a passport as Identification for hotels, but did not need it for travel in the country, and did not need to show ID for access to school campuses of businesses. Part of that is white privilege, but in general there was not infrastructure to support any meaningful restrictions of movement or exclusion of groups from public areas.

I was likewise surprised by the seeming ease with which people were able to travel between Lebanon and Syria. For the demo day of a syrian entrepreneurship bootcamp, a number of spectators traveled to Beirut for the day from Damascus. The general sentiment I heard from several Lebanese was that the country is generally safe, but that as you get towards the edges, it’s preferable to travel with someone from the area who knows people. It’s often non-obvious, but traveling with someone who already has relationships built with those in the region seems to be the accepted way of keeping situations diffused.

In terms of connectivity, much of the stress of the country is that the conflict surrounding it has meant that there are not solid landline connections to the rest of the world. This means most Internet traffic is routed through an undersea cable to Cyprus, which limits the overall capacity for the country. In turn, this leads to relatively expensive fixed-line Internet pricing, with many people opting for mobile Internet. Mobile connections can often be cheaper and faster than the DSL providers. In rural areas, it was noted that there are some cases of communities sharing mobile connections, through hotspots or tethering to a connected phone.

One of the signs I found heartening was that at the makerspace in Beirut, there were members with Tor project and Internet activism stickers on their laptops. The ability openly express support for those causes is a great sign that civil society is able to function without significant pressure on that front.

34C3

I’m very excited to have two talks at CCC at the end of the month. The bulk of accepted talks can be seen and voted on at the CCC “halfnarp”.

The first talk is on the Internet in Cuba. It expands upon the recent talk I presented at IMC last month, to provide additional color on what Internet access is really like in Cuba, and what the community there is doing to create LANs and other alternatives to the official but expensive ETECSA service.

The second talk looks again at technology in Pyongyang. Since 2014, there have been a number of talks about the totally closed off tech ecosystem there, but as it ramps up we continue to only get a few glimpses into what’s going on, and it’s getting only harder as the broader tensions ramp up. My goal is to propose a path for getting more rather than less transparency into the picture, because it is a really fascinating place.

The talks should both be recorded, and might even be streamed. If you’re one of the (I hear it could be up 16,000) participants, I hope to see you in Leipzig!

China in 2017

I had the chance to visit China last week and tag along with the tail-end of a longer trip organized around various Makerspaces around the region. This is the first time in several years that I’ve spent a prolonged amount of time in the dense population areas of Beijing and Shanghai, and it was fascinating to watch the evolution that continues in this majority of Chinese life.

The most noticeable change from my perspective is that Beijing and Shanghai are effectively almost cashless. The use of Alipay and wechat pay are ubiquitous, to the point that you feel that you are creating an imposition to shop keepers by paying with cash. While funding your account on either of these services requires a chinese bank account (which itself requires a mainland cellphone number), the process can be short-circuited by making an unofficial exchange with someone willing to send you a personal transfer within the systems. It remains easy enough to find people at hostels, (as well as localbitcoins, I hear) who are willing to trade.

The systems themselves are fascinating to use. Payment to a merchant will automatically cause you to follow the merchants account, typically leading to messages about member cards and discounts. These messages seemed to only be pushed directly in response to a purchase, and weren’t overly intrusive. It seems to be the realization of the business-to-consumer engagement systems facebook and google have been struggling and so far failing to build in the US. Smaller vendors often operate directly as individuals – you type in how much money the bill is, and send it as a direct transfer to an account specified by the waiter or merchant.

This payment structure has resulted in a secondary industry of android-based devices dedicated to sales and scanning QR codes for these systems, as well as receipt printers that turn app orders into printed requests for food or similar.

Apart from the payment evolution, it is really interesting to watch China modernize. Life there now is much more comfortable from a western perspective than it has been in the past, with both a larger presence of foreigners visible and more english available to help navigate. Some distinctive characteristics remain, including a self-interested approach to queuing and different expectations of personal space. Prices in Shanghai have reached parity with those in the west, although cheaper options remain if you look for them.

In terms of Internet connectivity, I was surprised to find that connectivity remained quite similar to what I had experienced in the past. An SSH tunnel to a foreign server was sufficient to maintain email access while I was there, and disruptions I experienced seemed to be much more a function of over-loaded local networks than of more restrictions for international traffic. I talked with a couple different people who mentioned that Astrill continues to not be blocked, and seemed surprised that something so well known continues to operate without disruption.

Initial Measurements of the Cuban Street Network

Internet access in Cuba is severely constrained, due to limited availability, slow speeds, and high cost. Within this isolated environment, technology enthusiasts have constructed a disconnected but vibrant IP network that has grown organically to reach tens of thousands of households across Havana. We present the first detailed characterization of this deployment, which is known as the SNET, or Street Network. Working in collaboration with SNET operators, we describe the network’s infrastructure and map its topology, and we measure bandwidth, available services, usage patterns, and user demographics. Qualitatively, we attempt to answer why the SNET exists and what benefits it has afforded its users. We go on to discuss technical challenges the network faces, including scalability, security, and organizational issues. To our knowledge, the SNET is the largest isolated community-driven network in existence, and its structure, successes, and obstacles show fascinating contrasts and similarities to those of the Internet at large.

Talks

The Internet in Cuba: A Story of Community Resilience. Chaos Communication Congress. 2017

Publication

P Pujol, Eduardo E., Will Scott, Eric Wustrow, and J. Alex Halderman. “Initial measurements of the cuban street network.” In Proceedings of the 2017 Internet Measurement Conference, pp. 318-324. ACM, 2017. Slides

Privacy issues for City Wi-Fi Deployments

At the end of last month, Seattle posted a request for information exploring the feasibility of a municipal Wireless deployment. With others at the Seattle Privacy Coalition, I draft a response to the city flagging some of the major privacy issues that we hope they will consider in the initiative. I believe these are much broader than just our specific case, and hopefully can help others when navigating the landscape of business models and privacy risks in this area.

Pitfalls of Public Wi-Fi: data selling, tracking of nonusers, injecting ads

Freely available municipal wireless Internet is an exciting service, but there have also been Wi-Fi deployments that have had significant, unintentional impacts on citizen privacy. This brief from the Seattle Privacy Coalition attempts to highlight some of the hidden costs that the City of Seattle should watch out for.

Many freely offered commercial wireless systems make money by selling analytics about customer behavior. An example is the Google-sponsored Wi-Fi provided at SeaTac airport and used in Starbuck’s coffee shops around town. While free to users, these services make money through the sale of user data to third-party advertisers.

This practice is especially questionable when low-income communities are targeted with ‘free’ services, greatly increasing the surveillance burden for an already vulnerable population.

Tracking and profiting from the sale of people’s behavior for advertising or other commercial purposes is a troubling practice at best, but it clearly goes against the public interest when it targets communities depending on a service as their primary or only access to the Internet.

Another threat to privacy found in commercial wireless deployments is the ability to track and analyze the behavior and location of every person in the vicinity, whether they are using the service or not. Cisco’s Meraki, a popular retail wireless product, advertises that it can “Glean analytics
from all Wi-Fi devices connected and unconnected.”

The city, perhaps unlike a business, has a responsibility to protect citizen privacy, and we think it would be irresponsible to track the locations of unconnected devices that have not explicitly opted-in to such a program.

From the start, the City must have a clear understanding of how collected data will be used, and it must not collect any data without the consent of the people tracked. Few citizens will welcome long-term, involuntary behavioral and location logging of their personal electronic devices by the government.

Finally, there are instances of wireless service which are based on a business model of injecting advertisements into web browsing. We merely note this is impossible to do without severely compromising the security of the Internet experience, and we do not believe that any trade off of benefits involving such approaches are justified.

We welcome additional digital connectivity through the city, and are especially excited by the potential for more equitable accessibility. There’s great potential in this technology, and while some incarnations impinge user privacy, many others have found successful models that avoid
such pitfalls.