I attended the Google I/O Extended “Develop for Good” hackathon in San Francisco in late June. We were asked to create a solution for one of three challenges:
- Google Politics & Elections: Citizen Engagement for Politics & Elections
- Google Ideas: Conflict Reporting for Blackout Situations in Repressive Regimes
- Google Green: Help us all be a little greener!
Our team won the Google Ideas challenge! My sincere congratulations to my team mates Perry Chow, Ansgar Halbfas, Ryan Quellet, and Andrew Song.
I joined up with a team that was exploring the Google Ideas challenge. We wondered: could we allow citizens to anonymously report violence in repressive regimes when phone and internet connections may be temporarily limited or intermittently severed?
There’s a “market” for this product: more than 24% of the world population lives under repressive governments. In 2011, Freedom House’s 17 Worst of the Worst countries had 1.6 billion citizens living in them. The governments of these countries censor journalists, jail dissidents, and deny basic freedoms of speech to citizens. When the people in these countries rise up against their governments, these governments turn violent (most recently in Egypt and Syria). Information about incidents of violence in these situations is tremendously important: it can shame governments into reform, help the international community pressure regimes to cease violence, and increase citizens’ own commitments to affecting change.
The solution needed to do four things very well:
- Support citizens in hostile environments (i.e. disaster, civil unrest, etc),
- in documenting matters of civil importance (i.e. disasters, attacks on civilians),
- to communicate forensically-useful evidence to witnesses outside of the hostile environment,
- even in the face of interference from hostile forces and/or limited internet connectivity.
At first, we considered developing applications primarily for “feature phones” such as less-expensive Nokia Series X0 devices. However, as we explored various product concepts we realized that these devices simply lacked the horsepower, flexibility, and hardware necessary to develop a robust solution.
So, here’s the use case we came up with:
- The user installs the Silent Lens application on their Android device, most likely by obtaining the APK from a local collaborator (not the Google Play Store where it’s use could be intercepted). Silent Lens does not have a visible presence on the device.
- The user ‘dials’ their chosen secret numeric passphrase to open the application and begin taking photographs. Meta data (IMEI, Latitude/Longitude, etc.) is added and then the application encrypts the evidence using a public key. The private key is stored safely by the Silent Lens team outside of the conflict zone.
- Silent Lens promiscuously attempts to connect to other devices running Silent Lens and transfers evidence bi-directionally. This is similar to how BitTorrent clients can quickly exchange various chunks of a file among many different peers except that in this case the “file” is the entire pending corpus of evidence to be submitted.
- Each device has an encrypted ‘payload’ that can a) be submitted automatically to a ‘mothership’ whenever the device has a reliable Internet connection or b) downloaded from the device and couriered to the mothership via other means (simple desktop connection or shuttled out on physical media).
- Once a payload makes it out to the ‘mothership,’ the mothership provides a ‘immunity’ payload response that advises the mesh network to a) delete and stop caching/transmitting evidence that has been successfully retrieved, b) ban hostile devices from the mesh network, and c) prioritize communications from devices that have previously provided useful evidence.
This product would have four key features:
- Robust, multi-modal ad-hoc mesh network (Bluetooth, WiFi, direct cabled connection)
- Resilience against poisoning thanks to a robust ‘immune system’ that identifies trusted and untrusted sources of evidence.
- Considerable flexibility in how devices can deliver evidence payloads to the mothership.
- Provides useful evidence for international criminal courts by offering verifiably-authentic documentation without compromising the safety of citizens.
We’ve described the concept in more detail on the Silent Lens website.
Does it require rooting the phone?
Yes. This software was never actually developed. It would require the considerable support on the part of either Google or Apple to update their mobile devices with the ability to do this. There are a lot of things that could possibly go wrong with this, not least of which that these devices would be certain to be discovered because they would likely be lot “chattier” on whatever open network they were on relative to devices not running the application. But I think it would still be worth investigating.
Please, design distributed solutions to this problem. As soon as there is centralization (mothership) it can be either influenced or faked by the controlling power. The user of an application has no way to tell it came from a mothership that shares trust with them or not.
That’s great feedback, Kyu. Yes, I could see that being an issue. I wonder if there is a way of effectively hardening that authentication?