Hong Kong's #612strike uprising is alive to surveillance threats, but its countermeasures are woefully inadequate
vendredi 14 juin 2019, 19:18 , par BoingBoing
The millions of Hong Kong people participating in the #612strike uprising are justifiably worried about state retaliation, given the violent crackdowns on earlier uprisings like the Umbrella Revolution and Occupy Central; they're also justifiably worried that they will be punished after the fact.
After all, the #612strike was triggered by a proposed legal change that would allow people in Hong Kong to be extradited to the Chinese mainland for political crimes -- and Hong Kong people already witnessed the horrific spectacle of dissident booksellers being kidnapped to China and then tortured into giving coerced, televised 'confessions.'
The movement is taking countermeasures to avoid identification, using masks to beat facial recognition systems, organizing in encrypted Telegram chats (Telegram blamed the Chinese state for a wave of DDOS attacks that could disrupt these chatrooms), and using cash money to pay for subway fares to and from the protests, avoiding leaving identifiable e-payment trails.
But all of that will be of limited use if the protesters are identified by other means. The most significant risk is from cell-site simulators -- briefcase-sized fake cellular towers that trick your phone into contacting them and coughing up its unique identifier, which can be used to conduct mass re-identifications of every person with a switched-on mobile phone at the protests. These devices are small, cheap, powerful, and can even mounted beneath aircraft, including drones.
Unless the protesters are using burner phones -- not just burner SIMs, but burner handsets, too -- they face a significant de-anonymization risk.After all, they're using mobile phones to coordinate the protests themselves, and that means that they're effectively carrying always-on wireless nametags that the state can silently enumerate and store indefinitely.
A second risk comes from their public social media usage; some protesters are using public Facebook groups to coordinate after-protest cleanups, where protesters return to protest sites to clear away litter, etc. To prevent themselves from being tied to protests, these protesters are deleting their messages after the cleanups. Likewise, protesters are deleting the social media messages they post about the protests while they're ongoing, and turning off their location histories. But it's very likely that the Chinese state is automatically scraping these message boards and storing them for later scrutiny and action, including arrests, blacklisting, etc.
The past decade has seen a cat-and-mouse game between protesters and authorities use of mobile phones to coordinate action, and to surveil protesters after the fact. From the Dakota Access Pipeline to the Ferguson uprising to Gezi Square to Euromaidan to Tahrir Square to Hong Kong, mobile devices are a powerful dual-use tool for authoritarians and anti-authoritarian uprisings.
It's heartbreaking to see these brave people doing the best with what they have, knowing that it's likely not enough. Like watching front-line workers in an ebola outbreak wearing trashbags over their bodies and bread-bags over their hands as they desperately try to save their countries without dying themselves.
The more I learn about the #612strike opsec, the more worried I am on their behalf. Stay safe, folks, and fight on.
Recent prosecutions of protest leaders have also used video and digital data to help win convictions.
Bruce Lui, a senior journalism lecturer at Hong Kong Baptist University, said awareness around security has increased, particularly with China's 'all-pervasive' surveillance technology and wide use of facial recognition and other tracking methods.
'In recent years national security has become an urgent issue for Hong Kong relating to China. Hong Kong laws may have limitations, but China only needs to use national security to surpass (them),' he said.
Surveillance-savvy Hong Kong protesters go digitally dark [Elaine Yu/AFP]
(via Naked Capitalism)
56 sources (32 en français)
mer. 28 oct. - 20:39 CET