When Mexican president, Enrique Peña Nieto, presented the Mexican Telecommunication Law, also known as the "Ley Telecom," human rights defenders and privacy watchdogs were alarmed to find that the proposal contained articles that would directly attack net neutrality, allow for Internet censorship and expand law enforcement powers to spy their citizens. By organizing a community CriptoRally and a series of security workshops, digital rights activists provided Mexican citizens with effective and practical tools to fighting the Ley Telecom.
The hackerspace, Rancho Electrónico, and allied organizations
Mexico DF
The Surveillance Practice:
When Mexican president Peña Nieto introduced the Ley Telecom, activists all over the globe were concerned about its contents. The bill contained clauses that posed threats to the fundamental freedoms of Mexican citizens, directly attacking net neutrality, free expression, and privacy.
Members of the Rancho Electrónico, a community-managed hackerspace, participated in online protests and peaceful marches against the Ley Telecom, but it soon became evident that the federal government was not open to dialogue or negotiation. Despite widespread public outcry, the bill was one of a series of constitutional reforms the government of Peña Nieto was determined to pass. Activists knew that the Ley Telecom would likely become law, so they prepared themselves for the eventual expansion of government surveillance programs and worked to increase public awareness on the dangers of digital surveillance. In an effort to do this, as well as promote the use of free software tools that would allow people to better protect their personal communications, digital rights activists in the community rallied to create an action plan.
The Event:
Rancho Electrónico, along with their allies Primero de Mayo/Enlace Popular and ContingenteMX, used grant funds they received from the Web We Want to organize a CriptoRally—a public competition in Mexico City designed to promote the principles of a free and open internet. More than just a friendly game, the goal of the CriptoRally was to garner community support for free software and resistance to online surveillance.
In July 2014, the partner organizations used social networks and independent media to announce the competition. By August 2014, 88 participants divided into 16 teams were registered. The timing was impeccable: on the 13th day of the same month, the Ley Telecom was enacted.
With law in place, Rancho Electrónico looked to introduce the general public to technology that could be used to protect their electronic communications from government surveillance. They organized five free workshops (each 3-4 hours long) featuring different guest presenters during the month of August that would lead up to the CriptoRally competition. The workshops were designed to be “hands-on”—introducing digital security best practices and encryption technologies which would later be used for the actual CriptoRally. An average of 50 to 60 people attended each of the workshops; inviting the general public was a successful way to reach more than just the usual suspects. The workshops had five themes:
- General introduction to digital security What elements of your personal electronic communications are vulnerable? Guests: SSL/TLS security with members of Mayfirst/Primero de Mayo technical support staff, Enrique Rosas, Ross Glover and Kosa
- Privacy for your personal communications Learn to use encrypted e-mail with GPG plus a conversation about surveillance and human rights. Guests: EFF International Rights Director, Katitza Rodriguez and EFF Senior Staff Technologist, Seth Schoen
- Debian day Install Debian GNU/Linux as a more secure alternative to privatized operating systems. Guests: Members of the Debian México community including Gunnar Wolf, Jose Serralde, and the Hacklab Autónomo
- Surfing the internet anonymously Learn to use web proxies, VPN's, the Tor network, browser plugins, and techniques for eliminating metadata from media files before sharing them on the web. Guests: Representatives of Wikimedia México leading a workshop on editing and improving articles related to the theme of digital rights
- Encrypt all the things! Learn best practices for using GPG and encrypted chat with OTR and receive recommendations for mobile phones/tablets.
The CriptoRally
The CriptoRally was held on September 6, 2014. Participants received an official CriptoRally jersey and each team was given a CD that contained important data essential to the game that they were told not to misplace. (The CD contained articles about the importance of keeping secure backups.) All teams were given a map of 11 “nodes”—each located at different sites in and around the city center. The goal was to complete as many nodes as possible before the final time limit. Each node had two facilitators who assigned a creative, technical, or problem solving task to participants. The teams were awarded points for successfully completing the task—bonus points for exceptional performance or creativity. The facilitators were in communication with a central "traffic control" group staffed by three people who tracked the position of all teams and the availability of nodes.
The following is a description of each node:
- Node 1 - Secure Passwords Location: Plaza Regina. Task: Generate a secure password; facilitators will measure the strength of each password using How Secure is My Password and The Password Meter Remember your password.
- Node 2 - Encrypted e-mail Location: CENCOS. Task: Locate and download the public GPG key that corresponds to a made up Criptorally email address from a known PGP keyserver. On the keyserver they will find two keys that correspond to that address. One of the keys is a forgery. The "digital fingerprint" of the correct key was shared during the CriptoRally workshops. If team members are observant they may also realize that the full body of the correct key is silkscreened on the back of their jerseys. To receive the points for this node, at least one team member must successfully download the correct key and send an encrypted and signed e-mail to the indicated address.
- Node 3 - Encrypted Chat Location: Museo Casa de la Memoria Indómita. Task: Initiate an encrypted chat session with the node facilitators using OTR. In order to authenticate the OTR session, teams must use a pre-shared password. They are informed that the shared password can be found in a cryptogram printed in the classifieds section of the local newspaper.
- Node 4 - Surfing Anonymously Location: The Under Cabaret. Task: Use Tor software or a VPN to hide your real IP address when surfing the web.
- Node 5 - Secure Backups Location: El Moro. Task: Team members are greeted by a mysterious stranger who asks them to deliver the CD they were issued at the beginning of the rally. If team members relinquish the disk, the stranger immediately flees. The official facilitators then appear and ask for the CD again. If the team does not have a backup of the files contained on the original CD, they lose points for the node.
- Node 6 - Mural for the Web We Want Location: Rancho Electrónico. Task: Paint images and messages expressing your support for the Web We Want’s cause based on the themes including freedom of expression, freedom of access to knowledge and information, right to privacy, the dangers of corporate and political centralization of power over the Internet.
- Node 7 - Demonstration for the Web We Want Location: Telmex Central Offices and Televisa Television Studios. Task: With the provided materials, create posters with slogans expressing your support for the Web We Want’s cause. Then display your posters and chant slogans to passers-by. In addition to the following themes teams may choose to protest directly against the "Ley Telecom." Freedom of expression, freedom of access to knowledge and information, right to privacy, the dangers of corporate and political centralization of power over the Internet.
- Node 8 - Karaoke for the Web We Want Location: La Karakola. Tasks: Invent song lyrics expressing your desire for the Web We Want to the tune of traditional Mexican folk songs. Then, sing you song out loud for passers-by. The node facilitators accompany them with live instruments.
- Node 9 - Secure connections + Metadata Location: Burra Blanca. Task: Take a photo and use free software to eliminate the associated metadata from the file. Then upload the file to a popular social media site. The node facilitators have secretly doctored the local Wi-Fi router to execute a man in the middle attack. If team members are observant, they will notice that their browser is redirected to a false insecure “http” version of the intended site (instead of the official “https” version). If they use their login credentials with the non-secure site, they fail the node.
- Node 10 - Net neutrality Location: ECPM68. Task: Upon arrival, the teams participate in a simulation of the conditions of a network without net neutrality. The facilitator presents an application simulating a file download. Teams must wait until the download completes in order to advance to the next node, with the option to "pay" for a faster download by sacrificing some of the points they’ve accumulated in other nodes.
- Node 11 - Secure passwords revisited Location: Rancho Electrónico. Task: All teams return to Rancho Electrónico at 3:30pm to complete the final node. Here each team member must remember and type their unique, secure password they created at the beginning of the race. All members’ passwords must be correct in order for the team to win points for this node.
A closing ceremony was held at Rancho Electrónico after the CriptoRally where participants were given awards and encouraged to return to the Rancho Electrónico post-CriptoRally in order to improve their skills.
The event gave people alternative methods to fighting surveillance. The Rancho Electrónico members noted that while lobbying, protesting, and attempting to influence legislation are all necessary, they can be frustratingly ineffective in a country where political corruption, lack of accountability and media monopolies have weakened the democratic process. Using free software tools to protect personal communications is a form of direct action and participants were empowered by the experience.
The Rancho Electrónico continues to participate in organizing against digital surveillance by hosting a weekly workshop open to the public.
Lessons Learned:
- Creative and unique approaches to organizing against digital surveillance can be just as effective as traditional campaigns
- Encouraging a playful and festive atmosphere for action does not mean that underlying political goals will be diluted or neglected.
Resources: