Earlier this year, NSA whistleblower Edward Snowden met
with Jacqueline Moudeina, the first female lawyer in Chad and a
legendary human rights advocate who has worked tirelessly to bring
former dictator Hissène Habré to justice. Habré was convicted of human rights abuses — ordering the killing of 40,000 people, sexual slavery, and rape — by a Senegalese jury in 2016.
Snowden told Moudeina that he was working on an app that
could turn a mobile device into a kind of motion sensor in order to
notify you when your devices are being tampered with. The app could also
tell you when someone had entered a room without you knowing, if
someone had moved your things, or if someone had stormed into your
friend’s house in the middle of the night. Snowden recounted that
pivotal conversation in an interview with the Verge. “She got very serious and told me, ‘I need this. I need this now. There’s so many people around us who need this.’”
Haven, announced today,
is an app that does just that. Installed on a cheap burner Android
device, Haven sends notifications to your personal, main phone in the
event that your laptop has been tampered with. If you leave your laptop
at home or at an office or in a hotel room, you can place your Haven
phone on top of the laptop, and when Haven detects motion, light, or
movement — essentially, anything that might be someone messing with your
stuff — it logs what happened. It takes photos, records sound, even
takes down changes in light or acceleration, and then sends
notifications to your main phone. None of this logging is stored in the
cloud, and the notifications you receive on your main phone are
end-to-end encrypted over Signal.
Announcing a new mobile app project, built from a collaboration between @FreedomofPress and @guardianproject Learn more at https://t.co/2lzt7rH2SH aka https://t.co/vJkeAwKR8Q #keepwatch pic.twitter.com/Hk2Aos447Y— Haven (@gethavenapp) December 22, 2017
Snowden hasn’t carried a mobile device since 2013, but in
the last couple of years, much of his time has been taken up by prying
apart smartphones and poking away at their circuit boards with the aid
of fine tweezers and a microscope. In 2016, he collaborated with
hardware hacker Andrew “Bunnie” Huang on Introspection Engine, a phone case that monitors iPhone outputs, alerting you to when your device is sending signals through its antenna.
Snowden is notoriously careful about the technology around him. In the documentary Citizenfour,
Snowden is shown taking increasingly extravagant precautions against
surveillance, going as far as to drape a pillowcase (his “Magic Mantle
of Power,” he says, deadpan) over himself and his computer when he types
in a password. Famously, he also asked journalists to place their
phones in the hotel fridge, to prevent transmission of any surreptitious
recording through their microphones or cameras.
Snowden at least has a pretty understandable reason to be
paranoid — and while he doesn’t expect the rest of the world to adopt
his somewhat inconvenient lifestyle, he’s been trying to use his
uniquely heightened threat model to improve other people’s lives. “I
haven’t carried a phone but I can increasingly use phones,” he said.
Tinkering with technology to make it acceptable to his own standards
gives him insight into how to provide privacy to others.
“Did you know most mobile phones these days have three
microphones?” he asked me. Later he rattled off a list of different
kinds of sensors. It wasn’t just audio, motion, and light, an iPhone can
also detect acceleration and barometric pressure. He had become
intimately familiar with the insides of smartphones while working with
Bunnie Huang, and the experience had left him wondering if the powerful
capabilities of these increasingly ubiquitous devices could be used to
protect, rather than invade, people’s privacy — sousveillance, rather than surveillance.
It was Micah Lee, a security engineer who also writes at the Intercept,
who had the first spark of insight. For years, developers with access
to signing keys — particularly developers who deal with incredibly
sensitive work like the Tor Project — have become fairly paranoid about
keeping their laptops in sight at all times. This has much to do with what security researcher Joanna Rutkowska dubbed “the evil maid attack”.
Even if you encrypt your hard drive, a malicious actor with physical
access to your computer (say, a hotel housekeeper of dubious morals) can
compromise your machine. Afterwards, it’s nearly impossible to tell
that you’ve been hacked.
Snowden and Lee, who both sit on the board of the Freedom
of the Press Foundation, partnered with the Guardian Project, a
collective of app developers who focus on privacy and encrypted
communications, to create Haven over the last year. Snowden credited
Nathan Freitas, the director of the Guardian Project, for writing the
bulk of the code.
Though “evil maid” attacks are not a widespread concern —
“we’re talking about people who can’t go into the pool without their
laptops,” said Snowden, “that’s like nine people in the whole world” —
Haven was conceptualized to benefit as many people as possible. Micah
Lee points out in his article for The Intercept that
victims of domestic abuse can also use Haven to see if their abuser is
tampering with their devices. Snowden told me that they had thought very
deliberately about intimate partner violence early on.
“You shouldn’t have to be saving the world to benefit
from Haven,” said Snowden, but acknowledged that the people most likely
to be using Haven were paranoid developers and human rights activists in
the global south. Andy Greenberg describes in WIRED
how the Guardian Project worked with the Colombian activist group
Movilizatario to run a trial of the software earlier this year. Sixty
testers from Movilizatario used Haven to safeguard their devices and to
provide some kind of record if they should be kidnapped in the middle of
the night.
It was this case scenario that sprung to the mind of
Jacqueline Moudeina when she spoke with Snowden earlier this year. “In
many places around the world, people are disappearing in the night,” he
said. For those dissidents, Haven was reassurance that if government
agents break into their home and take them away, at least someone would know
they were taken. In those cases, Haven can be installed on primary
phones, and the app is set to send notifications to a friend.
I asked Snowden what it was like to collaborate on a
software project while in exile in Russia. It wasn’t that bad, he said.
Since he became stranded in Russia in 2013, technology has progressed to
the point where it’s much easier to talk to people all over the world
in secure ways. The creators of Haven were scattered all over the globe.
“Exile is losing its teeth,” he told me.
More than anything, Snowden is hoping that Haven — an open source project
that anyone can examine, contribute to, or adapt for their own purposes
— spins out into many different directions, addressing threat models of
all kinds. There are so many different kinds of sensors in mobile
phones that the possibilities were boundless. He wondered, for instance,
if a barometer in a smartphone could possibly detect a door opening in a
room.
Threat models don’t have to involve authoritarian
governments kidnapping and torturing activists. Lex Gill posted on
Twitter that her partner had been testing Haven with a spare phone for a
month, and she had begun to use it to send “helpful reminders.”
My partner has been testing Haven for a few months with a spare phone. Every time you open the closet, it sends a picture by Signal. In addition to impressive intrusion detection capabilities, you can also use it to send helpful reminders! ✨ https://t.co/FHi1bjFsLP pic.twitter.com/IS58HzDVha— lex.txt (@lex_is) December 22, 2017
And when Nathan Freitas explained his most recent project
to his young children, he discovered yet another use case. “We’re going
to use it to catch Santa!” they told him excitedly.
No comments:
Post a Comment