Winston Smith Project

Winston Smith Project (in Italian "Progetto Winston Smith", or PWS) is the name of an informational and operational project for the defence of human rights on the internet and in the digital era. It was started in 1999 as an anonymous association and it is characterised by the absence of a physical reference identity.

The name is inspired by George Orwell's novel "1984". The reference to Orwell's dystopia is embodied in the motto of PWS: "Unplug the Big Brother" which is aligned with the more generalist other "Paranoia is a virtue".

PWS aims to render users aware of the risks connected with the violation of privacy on the internet and threats to freedom of speech. PWS is operationally engaged in spreading the informational tools which allow users to maintain confidentiality in their communication, anonymity in the network and freedom of expression with technologies which counter censorship.

PWS has generated and maintains the following initiatives: "e-privacy", "Big Brother Awards Italy", "Privacy Box" and "Project 95%".

Objectives

The thesis upheld by PWS is that the Big Brother described in George Orwell's novel is gradually gaining form, passively and with silent acceptance on the part of people. The way in which it is gradually inserted in our lives is through the false statement: "it is right to sacrifice one's privacy in exchange for greater security".

According to security experts such as Bruce Schneier, and following scandals such as the one by Telecom Italia, official bodies which monitor telecommunications are acquiring a de facto totalitarian power, whatever the official political situation. If the target is really to increase public security, the mere presence of monitoring agencies constitutes an element of insecurity.

As the work of official agencies, due the ignorance of citizens regarding security, is pushing for an ever increasing situation which damages human rights, PWS is engaged in spreading tools to protect users from such risk. Those tools fortunately exist because Internet is based upon Open Technologies.

Individual security can be achieved only by using preventive protection tools on private computers, it cannot be delegated to others, such as, for example, internet service provider or providers of services on Internet.

PWS aims to increase the use of technologies such as encryption and anonymity. This can be achieved by using programs written according to the guidelines of secure software, such as:

* the software in use (including the operating system) must be "open code", allowing the user, if so inclined and capable, to verify its effective behaviour.
* the cryptographic algorithms employed must be "public". Only thus can the community perform a mathematical analysis (cryptanalysis) and a study of potential attacks, in order to achieve a continuous improvement.

If one of the above conditions is missing, the software cannot be considered secure, as it is then based upon the concept of security through obscurity, which has never been proved a valid paradigm for security. Events such as JAP [ [http://www.securityfocus.com/news/6779 Net anonymity service back-doored ] ] , PGP 5.x and 6.x [ [http://www.rossde.com/PGP/pgp_backdoor.html David Ross - PGP - Backdoors and Key Escrow ] ] have shown the unreliability of this model.

To be coherent with the proposed technologies, the PWS site is not available on Internet, but through Freenet, at the following key:

USK@RU-C2q5kN7K62WO3seMMjSTUY8izF2vCFyVFOnLf~Q0,wxvGO2QMT6IN9c7dNUhHeHnXVVwhq8YLbQL~DlMA7YE,AQACAAE/pws/3

A mirror is also available on the internet to increase accessibility. [ [https://www.winstonsmith.info Winnie lives here / Winnie vive qui ] ]

In order to contact members of PWS conventional e-mail addresses are not used, but rather the nym alias "ws@nym.panta-rhei.eu.org", whose PGP key is published on keyserver [ [http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1FB41E19 Public Key Server - Get ``0x1FB41E19 ' ] ] .

The Resources of The Project

To guarantee anonymity in the network, use is made of the Mix-net technology, first studied by David Chaum in 1981. This technology requires that user resources be employed in collaboration. The reciprocal sharing of resources through secure algorithms ensures that any attacker able to monitor the network passively (reading all traffic in all segments) or actively (generating arbitrary traffic) would be unable to discover the identities of individuals, which are protected within an anonymous network.

Software like anonymous remailer, TOR and Freenet are based on these advanced concepts, evolved through the years.The architecture of these networks is based on collaboration and availability of shared resources. As a beginning in this direction and to ensure a minimum functionality, groups of volunteers like PWS are making 8 servers available, dedicated to the support of this network. [ [https://www.winstonsmith.info/statistiche_server_PWS.html Statistiche delle risorse del Progetto Winston Smith ] ]

A Law Proposal

At the 2005 annual convention organized by Bileta [http://www.bileta.ac.uk] , an association active since 1986 for the study of laws concerning the use of technology in Britain and Ireland, PWS has presented a study concerning data retention. [http://www.winstonsmith.info/presentation-final.pdf]

Data retention is the automatic collection of network data in support of investigative bodies and law enforcement. Before several reforms concerning security, it was necessary to possess a mandate by a Judicial Authority before collecting data to be used in investigations. With the decentralization of technologies due to the spread of Internet, many private bodies have been invested with the responsibility for data collection.

Such automatic data collection of Internet traffic is possible using freely available software, such as Wireshark or tcpdump, originally conceived to aid network technicians in debugging and maintenance.

Collection of personal data is forbidden in Europe according to the principle of freedom of secrecy of correspondence. For this reason a law proposal has been investigated to regulate the collection of log and backup data, which would define which data are to be considered sensitive, and allowing technicians to perform maintenance operations, but at the same time preventing the unauthorized access to personal data by external parties. This law proposal was presented to the Italian Parliament by deputy Maurizio Turco in 2006. This law proposal was not accepted. Instead, the validity of the current Italian Law Decree 144/2005, due to expire on 31 December 2007, has been extended in time, to continue allowing the collection of personal data with a view to combating international terrorism.

E-Privacy Conference

PWS organizes the annual E-Privacy conference, which is the first such Italian conference concerning aspects of privacy in the network. Contributions are given by both technical and law experts. This conference has been held in the Palazzo Vecchio in Florence, with the exception of the 2002 edition, which was hosted at the University of Florence.

Each edition has had a main theme:
* 2002: "E-privacy, confidentiality and individual rights in the network, opposing Big Brother in the third millennium" Topics covered: Italian Law 675/1996, political trends to pass laws reducing freedom in the net, Freenet, PGP/GPG, anonymous remailer and steganography.
* 2003: "Defending identity and freedom of expression against requests for more security" Topics treated included: data retention, TCPA, analysing threat models to define a minimum personal security standard, digital signatures, cryptography as a basic user defence tool.
* 2004: "Data retention and the right to oblivion" Topics included: data retention, RFID, the right to delete sensitive data, surveillance as an answer to terrorism, anonymous p2p networking, abuses of video surveillance, decentralized technologies.
* 2005: "Data retention and privacy in the network": darknet was considered, as well as presenting the P-Box project, then Free software, civil responsibilities and privacy violations, the OpenPGP standard, a law proposal to regulate automatic data collection, Biometry.
* 2006: The main theme was not set. Topics discussed were: spyware, trusted computing, DRM, possible misuses of electronic voting, dangers to privacy caused by search engines.
* 2007: "Social control and technocontrol". Topics included: VOIP, personal identity and digital identity, accessibility, the Tanga articles and IT incidents.

The 2008 edition will be held on 9 and 10 May in the Palazzo Vecchio, Florence.

"e-privacy" is also the name of a mailing list. Its e-mail address is e-privacy@firenze.linux.it, subscription is free and archives are publicly available online. [cite web |url=http://lists.firenze.linux.it/pipermail/e-privacy|title=Archivi mailing list e-privacy ]

The P-Box Project

Anonymity technologies are based on collaborative groups of users who reciprocally choose to share their resources. Even just a low computing power a little of band are sufficient to access these anonymous networks. To help in the diffusion of these technologies PWS has introduced P-Boxes [cite web |url=http://www.winstonsmith.info/pbox/index.html|title=Privacy Box homepage ] (Privacy Boxes), which are small and simple devices to help protect one's privacy.

Three models have been developed:
* P-Box Model I: a modified Xbox, with the GNU/Linux operating system, running standard services and the Mixminion remailer.
* P-Box Model II: a PC Soekris 4501, with the GNU/Linux operating system, running Mixminion, TOR, Mixmaster and the Postfix mail server.
* P-Box Model III: based on a Soekris 4801, it includes the same applications as model II. It can also be used as access point and includes the e-mail server protocols IMAP and POP3.

Big Brother Awards (Italian Section)

Big Brother Awards (BBA) is an initiative of Privacy International with the motto "watching the watchman worldwide". PWS manages the polling and negative award assignation to the Italian bodies with the worst performance in the field of human rights. Several negative categories exist, according to the rights violation achieved:
* Life long threat: the body or agency which has caused most damage to privacy all along its existence.
* Worst public agency: given to the public agency (government institution, public body, authority, etc.) which caused most damage to privacy in the current year.
* Worst private enterprise: awarded to private or corporate institutions with the worst privacy record in the current year.
* Most invasive technology: any technology with the worst impact on privacy.
* Boot mouth: the ‘best’ (most terrifying, ridiculous, erroneous, falsely tranquillizing) statement said or printed about privacy in the current year.
* People’s lament: who received most votes, also in different categories.

Project 95%

Project 95% (Ninety Five Percent - No False Privacy) is a project advocating awareness in Internet issues. The internet was born as a free and decentralized network, but its most common use relies on a few centralized services. A blatant example is the number of users who are increasingly more dependent on webmail services such as Gmail, Hotmail, Yahoo! Mail. Even though this is an understandable tendency favouring ease of use, as the customers can access their services from disparate locations, the downside is the vast usage of profiling instruments on the part of free service providers, with the view of providing more targeted web marketing.

It is not PWS’s intention to tag any specific commercial service as a danger to privacy, but to point out that a greater confidentiality can be achieved using individual mail servers, private webmail programs, privately owned domains.

This is perfectly achievable using freely available software and their configuration can be automated even for non technically competent users.95% is the percentage of reliability of a home based server, connected to the Internet through a flat ADSL line, to demonstrate that it is not necessary to employ the offerings of centralized enterprises to obtain good services. Hence the NFP project, which informs on the technical possibilities that a modern computer can offer, to connect to the Internet fully and without undue effort on the part of the user.The P-Box is an example of a technological answer to these necessities.

Critics

A view like PWS’s, which envisages a completely anonymous, free and decentralized network as the sole possible alternative to a network controlled by totalitarian powers, is bound to impact institutions, private and governmental, which are intruding between normal life and life as influenced by the network, in this transitional and highly sensitive historical period. The vision offered by PWS may therefore appear to be extreme, preventive and paranoid, also from a technological standpoint.

People at PWS see this kind of criticism as a further evidence of the impending digital divide, and of the generalized lack of awareness as to the real impact of informational risks.

References