In March of this year, Hillary Clinton announced that the U.S. government had granted a license to a company whose software would “help information continue to flow freely into and out of Iran.” That software was called Haystack, an anti-censorship tool that received glowing coverage from the BBC, NPR, the Christian Science Monitor, the International Herald Tribune, and many other news sources. Perhaps it was Haystack’s teasing, provocative slogan—”Good luck finding that needle”—that so intrigued the reporters. Or maybe it was the story of its founder Austin Heap, the twentysomething IT specialist from San Francisco who, prior to founding Haystack in June 2009, spent much of his time killing dragons in World of Warcraft. Just nine months later, Heap was given the Innovator of the Year award by the Guardian. Soon after, Heap claimed that he was headed to Washington, D.C., to meet with Sen. John McCain.
Heap came up with the idea for Haystack during the 2009 Iranian protests, when the country’s draconian censorship system prevented communication with the outside world. Haystack, Heap promised, would not only allow Iranians access to e-mail and Twitter; it would do so while offering them full anonymity. “It’s completely secure for the user so the government can’t snoop on them,” Heap told the BBC in August 2009.
There are plenty of other tools that can help circumvent censorship. While government censors in Iran, China, and elsewhere can easily block access to, say, Google, Web users can bypass such blocks by connecting to some other computer on the Internet and using that computer‘s connection to access Google. Most of these tools, however, suffer from one major problem: While they may succeed in hiding the exact Web sites browsed by their users, the censors may still get a hint that you’ve got something to hide. Haystack claimed to have solved this important problem: It could both circumvent censorship and trick the Iranian police into thinking that nothing suspicious was going on, making it look as if its users were just browsing innocuous Web sites.
It all sounded great in theory, until security professionals began asking Austin Heap for a copy of Haystack’s code. (The program was never made available for download.) Every time someone would ask for a copy of Haystack, Heap would demur, explaining that releasing a copy of the program would imperil the project’s security. As the code stayed under wraps, the admiring reviews of Haystack—a program that no one in the media had ever seen—continued to pour in, and the project continued to raise money. While the funding details remain murky, Haystack did get at least one sizable grant—$50,000 from the global advocacy group Avaaz.org.
Heap’s ambitious plans for Haystack went far beyond Iran. In May, he told NPR that he was already working on exporting the program to at least two other countries. As Heap explained to Newsweek in August, “We will systematically take on each repressive country that censors its people. We have a list. Don’t piss off hackers who will have their way with you. A mischievous kid will show you how the Internet works.”
As Heap promised to tear down censorship worldwide, a group of Iranians began to test Haystack inside the country. It didn’t work. On top of the fact that it couldn’t pierce the Iranian firewall, Haystack was extremely insecure. The program’s security holes are so severe, in fact, that describing them here could help the Iranian government retroactively hunt down anyone who ever tested Haystack in Iran. In essence, Heap’s haystack was very, very small and the needle buried within carried GPS coordinates. (On the bright side, despite Heap’s earlier claims that 5,000 people were using Haystack by March 2010, it now seems that only a few dozen Iranians were actually recruited to test it.)
Full disclosure is due at this point: I was one of the skeptics who was not convinced by Heap’s original claims, and I publicly challenged them in a series of posts on my blog. After almost two weeks of investigation, I managed to obtain a copy of Haystack and passed it on to a fellow Haystack skeptic—security professional Jacob Appelbaum—for testing and review. It was Appelbaum’s conclusions about the software’s violation of basic safety principles that led Heap to disable the program. A few days later, Haystack’s leading developer, Daniel Colascione, resigned, claiming that the program was a case of “hype trumping security.” The program’s high-profile advisory board soon disbanded as well.
I’m not a security professional and my interest in Haystack was not technological. The question that intrigues me is why, to use Colascione’s words, it was so easy in this case for hype to trump security. What made the Haystack affair possible?
First published in slate.com.
