Category Archives: privacy enhancing technologies


Keeping the ball rolling: In memory of Özgür Uçkan and Caspar Bowden

It is hard to keep floating when two people who have inspired you in life pass away within days from each other. I owe it to these two troublemakers to thank them for their great work and for the paths that they have opened to many of us.

Today the news came that we lost Özgür Uçkan. Özgür was a digital rights activist, as well as a professor, philosopher, artist, economist, and one of the founding members of Alternatif Bilisim, an association based in Turkey working on digital rights and freedoms. I have had the fortune of meeting a number of polymaths in my life, but few of them sustain an equal passion for working with people, as they do for their intellectual endeavors like Özgür did. The picture below from an anti-censorhip protest in Istanbul that Ismail Hakki Polat used in his eulogy says it all.

Ozgur Uckan Sansure Karsi

Özgür, in the brown t-shirt, is standing tall and proud, and most probably having some good fun at the front-line. Most importantly, he is surrounded by peers and some of the many young people he inspired, many of whom continue to be part of the struggle for digital rights and freedoms in Turkey. Within a year from the time that picture was taken, the same networks would organize large protests that would come to attract 60.000 people in over 30 cities within and outside of Turkey. People have argued that these series of actions were some of the stepping stones that led to the Gezi Park protests. After all, ruptures like Gezi are often the product of widely felt frustration as well as the accumulation of years of organizing. From where I stand, Özgür Uçkan belonged to the group of people who understand what it takes to create a collective vision, and then to organize and mobilize people around it. He worked relentlessly to capture the spirit of our times, to resist infringements upon our fundamental freedoms, and to do so in a way that inspired action and change.

There is another detail in that same picture which will bring me to Caspar Bowden, the other person who passed away this week. Next to Özgür Uçkan stands Yaman Akdeniz, yet another important academic, activist, and free-speech advocate. Caspar Bowden was the first person to mention Yaman’s name and work to me. Yaman Akdeniz and Caspar Bowden went way back. Here is a chapter in a book the two wrote together titled “Cryptography and Democracy: Dilemmas for Freedom” in 1999. The piece was written during Caspar’s time at the Foundation for Information Policy Research. While Yaman Akdeniz moved onto fighting government censorship as his prime area of activity, Caspar Bowden switched to Microsoft where he would later become the Chief Privacy Adviser. I met him during this time and was surprised by his commitment to promoting Privacy Enhancing Technologies given the title he was holding. Throughout the years, I witnessed how he leveraged all the powers and connections he had to push forward technical architectures and designs that would serve to protect privacy. He would encourage those of us working on such systems to continue our line of work, while also pulling us into rooms with policy makers and parliamentarians so that we could demonstrate the powers of encryption and distributed computation in the service of protecting privacy. When he parted paths with Microsoft and returned to his advocacy work, I saw him at first struggle with the legacy of his association with the company. But this being Caspar, he just held on to his grounds and pushed every channel possible to make it known to the public what Edward Snowden’s revelations about NSA and GCHQ surveillance programs would eventually confirm.

Today, the loss of Özgür Uçkan and Caspar Bowden feels like two hard punches. Tomorrow, I can imagine gaining courage from the many inspiring memories we have of them and to dream futures informed by the principles they held true. As one wise community activist from NYC once said, “they rolled the ball over to us, it is now our turn to keep it rolling”.

For a collection of videos of interventions by and about Özgür Uçkan see Erkan Saka’s compilation.

For a sweet farewell to Caspar Bowden, see Malavika Jayaram’s post.

And, here is a video of Caspar’s talk at 31C3 which will allow you to enjoy his talk _and_ his infamous slides.

Panel at PETS 2014: Privacy Enhancing Technologies Post-Snowden

Our plan for a panel on the implications of the disclosed NSA and GCHQ surveillance programs for PETs researchers is materializing. The panel will take place on the 17th of July in Amsterdam at the PETs Symposium. We expect to have a lively discussion with Susan Landau, Wendy Seltzer, Stephanie Hankey, Nadia Heninger and George Danezis. In fact, thanks to a blog post on “The Dawn of Cyber-Colonialism”, it is maybe better to state, George has already kicked off the discussion.

Great thanks goes out to the program committee who have supported the idea from the first minute, and to the general chair Hinde ten Berge, Jaap Henk Hoepman from the PI.lab, and NWO for their material support.

PETs Post-Snowden: Implications of the revelations of the NSA and GCHQ Surveillance Programs for the PETs community

Despite the entertainment value of program names like “egotistical giraffe”, “onion breath” and “moth monster”, the revelations about the NSA and GCHQ surveillance programs are more than troubling. Specifically, BullRun (attacks on crypto) and the egotistical series (attacks on Tor) pose challenges to the PETs community and the solutions they work on. This panel focuses on some of these challenges, discuss their implications for PETs researchers and practitioners, and explore ways forward.

According to some, the revelations show that law and policy have failed to protect citizens around the globe from surveillance. It falls, among others, upon the shoulders of the PETs community to build technical solutions that are resilient to “mass surveillance” practices. But while Edward Snowden announced that “crypto still works”, intelligence agencies will continue to find ways to work around it. So others have argued that technology is far from a complete answer and that working with policy and law is more necessary than ever. If so, the challenges here range from finding ways to convince policy makers that weakening the Internet for surveillance is not acceptable to actually regulating “good” security and “bad” surveillance practices.

Both positions are troubled by motions to prevent companies from applying secure designs that may be seen as obstructing law enforcement agencies from conducting investigations. Further, governments around the globe are likely to consider implementing “back doors” as well as utilizing zero-day exploits as a way to guarantee law enforcement and intelligence access. These aggressive policies raise questions about where PETs can and should live; and, how to guarantee that their design remains robust, e.g., by keeping the implementation open to scrutiny?

Simultaneously with the revelations, cybersecurity for critical infrastructures has gathered force. Governments around the globe now bring intelligence agencies, standards bodies, contractors as well as academic researchers around tables in order to align technical security issues with national security interests. Cybersecurity funding abounds, affecting research trajectories as well as what gets done. How are PETs researchers and practitioners to manage these increasingly politicized demands along national lines?

Finally, people in their everyday lives navigate the implications of the revelations about the surveillance programs as much as engineers and researchers. Prominent security engineers have favored prioritizing developing measures against mass surveillance rather than for targeted surveillance. How “targeted” end users may be impacted by the prioritization of protections against “mass surveillance” is unclear. And indeed, the distinction itself may not be as clear cut as some of its proponents suggest. In other words, the issues raised here beg the question as to how we can ensure that user interests can be a continuous part of the PETs community’s priorities?