UPDATE: The developer of a leading open source application for encrypted online chat, Nadim Kobeissi, claims to have been detained and interrogated at the US-Canadian border yesterday. “Out of my 4 DHS interrogations in the past 3 weeks, it’s the first time I’m asked about Cryptocat crypto and my passport is confiscated,” tweets Kobeissi. The US interrogator also asked about which encryption algorithms Cryptocat deployed and they were curious about its level of censorship resistance.
According to the ACLU, the border interrogation about Kobeissi’s encryption program raises troubling questions about the government’s claimed powers at the border. The “SSSS” designation stands for Secondary Security Screening Selection and if selected you become subject to extensive searches and interrogations — for any reason whatsoever. Ironically, since overall awareness about the existence of the Cryptocat program has increased, perhaps this unfortunate detention at the US border has done some good after all.
Nadim Kobeissi, master hacker, summoned for interrogation multiple times as a teenager by cyber-intelligence authorities in Beirut, Lebanon, sat in the backyard of a restaurant in Brooklyn, astounded that he was being treated to lunch.
“Please,” he protested, “you shouldn’t pay for my omelet.”
Mr. Kobeissi, 21, now a college student in Montreal, spent the weekend in New York City with elders of his tribe, software code writers who have ambitions that do not involve making suitcases of money off clever applications for sharing photographs online.
This group was building a project called Cryptocat, which has a simple, countercultural goal: people should be able to talk on the Internet without being subjected to commercial or government surveillance.
“The whole point of Cryptocat is that you click a link and you’re chatting with someone over an encrypted chat room,” said Mr. Kobeissi, who was born in Lebanon and said he had lived through four wars. “That’s it. You’re done. It’s just as easy to use as Facebook chat, Google chat, anything.”
The Arab Spring showed that the power of the Internet and Web communications is a multi-edged blade, with activists able to organize through social media and to get their stories out, and authoritarian governments often able to target the activists by following the trail of digital crumbs.
Among the conspicuous sources of information are the chat transcripts often kept on commercial servers, making it easy to see who was talking, what they talked about, and when the conversations took place. Cryptocat and a few other services disguise the content of chat messages so that they look like gibberish to anyone who does not have the encryption key. There is nothing new about encryption technology, but it is a brain-breaking subject, and the tools for using it are tricky.
Mr. Kobeissi started building Cryptocat a year ago in his bedroom with the goal of making it simple to encrypt an online conversation. He had help last weekend from the Guardian Project, a group of developers who are trying to make mobile phones secure. They figured out a way to encrypt a chat on an Android phone by shaking it, taking advantage of the motion detectors in many smartphones. This will generate the digits that are part of the encryption process.
“You can dance with your phone to encrypt it,” Mr. Kobeissi said.
Up to 10 people can speak privately to one another at a time in a Cryptocat chat room, a feature that distinguishes it from other encryption chat services. It is not ready for use by people in life-and-death situations, Mr. Kobeissi said, but it can give people a place to avoid everyday monitoring of routine conversation.
“Cryptocat is an enabling, positive technology, and it’s an alternative,” said Jacob Appelbaum, a developer with the Tor project, which routes Web traffic in ways that help disguise sites that people have visited. “A key thing here is that it is an experiment, with valid criticisms. It’s not perfect. But it is important that we have people who are interested and knowledgeable about computer security who are working on these things, not just for money, and not just to break into people’s computers.”
The group met over the weekend at a code-a-thon organized by Julia Angwin of The Wall Street Journal, which has chronicled the spread of commercial surveillance in everyday technology in a vital series of articles and engaging online demonstrations called What They Know. A recent article in Wired magazine detailed big advances in United States government surveillance capabilities. Mr. Appelbaum and a documentary filmmaker, Laura Poitras, are holding a teach-in Friday evening at the Whitney Museum of American Art on the subject of surveillance.
The invention of powerful tools to thwart the commercial and governmental collection of personal data has been criticized as creating hiding places for terrorists and online sexual predators. Mr. Kobeissi said he had been startled by those complaints. “Evil people have been evil forever,” he said. “I don’t think they’re going to stop being evil or become more evil because of Cryptocat.”
He appears to be wide open and unguarded about himself.
“I love it when people criticize me,” he said, pausing for a second and then amending his words. “When they criticize me technically.”
His ambitions with Cryptocat are not financial, though he is trying to raise $2,000 to cover his costs for the next year. “Money is great, money is amazing,” he said. “It’s not like money is something I don’t understand. I understand what it is. I care more about making something nice that people can use, and it’s free and it makes a difference.”
E-mail: [email protected]
Twitter: @jimdwyernyt
By: Jim Dwyer, April 17, 2012
