Tor Project successes

Related: Users of Tor

2015

2015-Sep | Free Software Foundation: Tor relay reinstated in the Kilton Library: a win for free software-based anonymity

2015-Jun | GlobalVoices: Tor Use in Russia Spiking in Response to Kremlin’s Censorship Efforts

2015-Apr | Committee to Protect Journalists: Journalists overcome obstacles through crowdfunding and determination

2015-Mar | GlobalVoices: Netizen Report: Macedonian Leak Scandal Reveals Mass Surveillance, Corruption

2015-Mar | Motherboard: Iran Is Trying to Block Tor

2014

2014-Nov | Committee to Protect Journalists: How Facebook’s Tor hidden service improves safety for journalists

2014-Sep | Comcast: Setting the Record Straight on Tor

2014-Aug | GlobalVoices: Iran’s Internet Users Outsmart Government in Cat-and-Mouse Censorship Game

2014-Jul | Dailydot: Iran blacklists Tor network, knocking 75 percent of users offline

2014-May | Transition House As domestic abuse goes digital, shelters turn to counter-surveillance with Tor

2014-Apr | Reporters Without Borders: Reporters Without Borders and Torservers.net, partners against online surveillance and censorship

2013

2013-Jul | GlobalVoices: Another Journalist Arrested in Zambia

2012

2012-Jun | Reporters Without Borders: Government steps up control of news and information

2012-Feb | Ars Technica: Tor’s latest project helps Iran get back online despite new Internet censorship regime

2011

2011-Apr | GlobalVoices: Over the Firewall and into the Fire

2011-Apr | Freedom House: Leaping Over the Firewall: A Review of Censorship Circumvention Tools

2011-Jan | GlobalVoices: Iran: Blocking activity, email interception, and renewed pressure on the Green Movement

2011-Jan | Tor Project: New Blocking Activity from Iran

2010

2010-Jan | GlobalVoices: Poland: Discussions of TOR and Internet Filtering

2009

2009-Sep | GlobalVoices: التدوين باسم مجهول مع ووردبرس و تور

2009-Mar | GlobalVoices: Anonymous Blogging with WordPress & Tor Updated!

[tor-talk] Corporate policy and procedure

Dear Tor Talk,

As part of my internship work with the ACLU of Washington, I’m looking for practical examples of corporate policies and procedures for:

  • Deploying Tor relays and management
  • Deploying Tor Browser on client computers and management

I will be preparing templates, and related Tor education/marketing materials, for organizations within Washington State that we want to see supporting Tor. We will also publish these materials using a public domain license for anyone to use.

For example, if a library or law office, etc, wanted to support Tor by one or both of the above examples, they might want to develop internal policies detailing how to deploy it and how to manage it. This might be important material to have in advance when advocating to managers or a board of directors.

A policy to manage a Tor relay might include:

  • Statement of purpose
  • Device access policy
  • Abuse complaints policy
  • Admin management policy
  • Isolated network zone exception policy
  • Links to any related standard operating procedures

A standard operating procedure for Tor relay management might include:

  • List of maintainers, contact information, and escalation procedures
  • Maintenance schedule
  • Management commands and expected outcomes
  • Troubleshooting steps. Reference to internal governing policy

Regarding policies and procedures for managing Tor Browser, should it be managed any differently than Firefox or Chrome? Clearly the network traffic is different from standard HTTP/HTTPS but more like HTTPS. QoS might not work at all. If companies replace client-side SSL/TLS certs for monitoring, would that affect Tor Browser? Exception policies might be prudent. Updating procedures might be different.

If your work place has any of the above documents or you have prepared similar documents in your own advocacy, please email me a copy or a redacted copy, and thank you!

ACLU-WA encryption evangelism internship proposal

Goal

Further the use of FOSS encryption technologies within Washington legal and journalism circles.

Tor

Tor relay and Tor exit relay adoption by organizations because of resources and stability. EFF “Tor Challenge” is unsuccessful at gaining long-term relays because they are focused on individuals that are largely not focused or lack stable resources. ACLU-WA support could happen in three ways: write to local organizations who are likely to
deploy a Tor relay, provide written education or in-person training, and create public reports on successes and failures. Supporting Tor supports human rights work 24/7/365, globally.

HTTPS and StartTLS

Many organizations who require privacy lack website/service transport security. Focusing on specific types of organizations, such as law firms and news agencies, would benefit the public and overall Internet health. HTTPS is critical for keeping private specific pages and forms visited in addition to any transmitted information. StartTLS is critical for keeping entire emails confidential. In light of recent developments in Texas [1], it would be timely to push Washington state legal policy organizations to adopt similar rules. The “Let’s Encrypt” project has been pushed out to November 16th, 2015 [2] — it would be great to have 2 months to start an ACLU-WA parallel initiative (focused on law firms and news agencies, for example) when it launches in order to benefit and enhance the initial press.

TextSecure, RedPhone, & Signal

While HTTPS and StartTLS are important for public and private communication, mobile apps can greatly strengthen inter-org privacy. Classic telephony and SMS communications are insecure. The Open Whisper Systems ecosystem uses state of the art encryption, is scalable, and is free and open source software. Purchasing 5th gen iPod Touch devices is a small cost for law firms and allows lawyers to register their work phone number with Signal. Doing so would let anyone with their regular work phone number to leverage end-to-end encryption instead. No wiretaps, no SS7 tracking, no IMSI catcher tracking, and no baseband or SIM card vulnerabilities that are inherent with any cellular device.

SecureDrop

Whistleblowing is a critical part in a democracy by keeping the public informed and organizations accountable. SecureDrop, by Freedom Press Foundation, is a powerful tool that allows anyone to leak information to targeted organizations. SecureDrop has been around for 2 years and is largely used by news agencies. That being said, a very small fraction of news agencies support SecureDrop which creates two problems: overall diversity and market diversity. Overall, there are too few options in terms of trusted organizations for whistleblowers to choose from. If a specific person who has access to specific information is only comfortable providing information to a specific organization or person, but secure a whistleblowing platform does not exist, nothing will get leaked. Similarity, if only news agencies support secure
whistleblowing platforms, other NGOs who might be better equipped to handle response will not get leaks. ACLU-WA could work with Freedom Press Foundation to focus on evangelizing SecureDrop to NGOs.

Conclusion

It is ethics and education apathy that is preventing people from adopting FOSS security systems that provide privacy. It is one thing to be apathetic in our personal lives, but it is not acceptable in professions that demand privacy in order to keep people safe.

1 http://ridethelightning.senseient.com/2015/07/when-must-lawyers-ethically-encrypt-data-texas-answers.html

2 https://letsencrypt.org/2015/08/07/updated-lets-encrypt-launch-schedule.html

Infosec masters capstone ideas: supporting the closeted whistleblower

I’m a long way from having to choose a capstone but I want it to be meaningful. Focusing on an end goal is ideal so I can actively apply the concepts of my coursework to my capstone. Since learning about global surveillance systems (thank you Edward Snowden), I’ve been impassioned about learning about these systems and teaching people about them. Abused populations like journalists and whistleblowers are the groups that I identify with the most because of their importance for a democratic society.

Tor and Tor hidden services, in general, are intriguing, and there is a lot of existing academic work on them. However, there are four equally interesting software projects that are dependent on Tor’s success. We have Ricochet, an instant messaging client and soon to be file sharing client. There’s OnionShare, a file sharing client. There’s Pond, an email-like messaging client. Add there’s SecureDrop, a fire sharing and email-like messaging system.

Simply put, anonymity tools are required for information and metadata control; be it maximal deniability or maximal influence, whistleblowers need to control what is and is not exposed. Journalists are a tool of whistleblowers, not the other way around.

I am not a software developer or a cryptographer. I never want to be because my brain is not developed for those types of information manipulation. However, educators (technology trainers), which I have been valued for since I started using and understanding general purpose computers, are an important part of the information security ecosystem. As a surveillance self defense instructor for Seattle Privacy Coalition, it is clear that educators are a required part of trusted crypto tool adoption.

There is a societal need for people that understand information infrastructures, the operations of journalists, the threats of surveillance, crypto and software specialists, and how to boil all of that down into consumable information for the lay person. Not to mention be a valuable feedback loop for crypto and software developers.

Problems

Nothing in information security can ever be perfect because information security tools are always targeted at specific problems. Problems will always shift. Crypto and software developers need to solve many unique problems, and sources and journalists need to solve many unique problems. How do they work together?

As it stands, the problem that I want to tackle is helping bridge the gap between sources and journalists. Edward Snowden was largely successful as a whistleblower because his skill set is technical in nature. Knowledge of various systems allowed him to reap maximal control, albeit he was not alone. Snowden had a native advantage in the process of whistleblowing. Most people that are exposed to information presumed to have public interest are not technical and therefore do not have a native advantage. To leak something to a reporter they respect requires comfortability with their own crypto tool knowledge, if any, and they have to commit to a journalist they think they can trust. Closeted whistleblowers are not going to pick a journalist just because they publish a PGP key or because their organization hosts a SecureDrop site.

The “closeted” whistleblower

‘Closeted’ and ‘in the closet’ are adjectives for lesbian, gay, bisexual, transgender etc. (LGBT) people who have not disclosed their sexual orientation or gender identity and aspects thereof, including sexual identity and sexual behavior.

This is applicable to a person who is conscious of organized wrong-doing, has information or access to information that is presumed to be in the public interest, and needs to leak said material to a publication organization.

The solution then must be education and awareness. Something structured yet easily adaptive. Should we develop source curriculum?

Semantic information–be it verbal or written, without hands-on workshops–probably transitions best into tacit knowledge if it is formed into scenarios. Source curriculum must avoid explicit information (regurgitation) wherever possible.

Questions

Can whistleblower threat modeling training be accomplished without in-person education?

SecureDrop landing pages are very specific. They do not offer hypotheticals, they focus purely on the “best” way to use a specific system. Is that enough to help turn a closeted whistleblower into a whistleblower?

Does SecureDrop support all forms of direct-to-journalist whistleblowing? If not, what’s missing?

Can web-based curriculum be designed well enough to turn computer users into secure whistleblowers?

Trust is always a required foundation in security. How do we teach “how to trust”?

I’ll think of more and better questions.

My Microsoft Bing Proposal: Support The Tor Project

This proposal represents my personal views and not those of Microsoft.

The better technology can adapt to you, the more you can be yourself.

Tor (TorProject.org), the open source privacy tool, is as important to some people as public education, grocery stores, and 24/7 emergency services. Microsoft is a global technology company that should aim to maximize the privacy of its users. This proposal consists of four parts:

1) Deploy site-wide, always on Bing.com HTTPS

Just like Outlook.com, people’s ordinary Bing searches deserve the same respect and privacy as personal and workplace emails.

2) Deploy Tor relays (non-exits) in Bing datacenters

Microsoft should contribute to the Tor network by deploying at least 10 Gbps of Tor relay throughput, distributed globally.

3) Deploy a Bing.com Onion address

Many people are not able to reach various parts of the Internet because of government censorship. Giving Bing users direct access through Tor maximizes search accessibility and privacy.

4) Dedicate $100,000 a year for the next 5 years to Tor Project

In an effort to minimize US government donations, Tor Project is asking for the public’s help. Help The Tor Project directly by supporting their not-for-profit organization.

How will Microsoft help?

Since 2013, DuckDuckGo, a popular privacy-focused search engine, has had an Onion address for some time. Popular news outlets such as The New Yorker, Forbes, The Washington Post, and The Guardian have all deployed Tor-based “SecureDrop” instances in order to privately and securely collect information from concerned citizens. In 2014, Facebook deployed their own Onion address for its users. This year, Reddit users voted to donate $82,000 to Tor Project.

Brochures
https://blog.torproject.org/blog/spread-word-about-tor

There are three different versions of the brochure, all with the same front and different backs:

– Law Enforcement & The Tor Project: Geared as a quick reference for law enforcement audiences (not just investigators, but also support services).

– The Benefits of Anonymity Online: This is meant for journalists, domestic violence organizations, and others focused on protecting their identity online.

– Freedom & Privacy Online: The target audience here is the general public – helping educate people about the reasons that protecting their privacy is important.

Developing an Open Educational Resource on Encryption

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

— Edward Snowden, answering questions live on the Guardian’s website

Society needs an educational resource, covering the complex topics involved with information encryption, that is modular, openly accessible, and freely remixable. This is my proposal to create such a resource.

Open Educational Resources (OER) are freely accessible, openly licensed documents and media that are useful for teaching, learning, educational, assessment and research purposes. The development and promotion of open educational resources is often motivated by a desire to curb the commodification of knowledge[1] and provide an alternate or enhanced educational paradigm.

Utilizing Creative Commons licensing, an OER can be created on oercommons.org, where it will be maintained by a single authority, yet anyone in the world will be able to adapt and create their own work from ours. Oercommons.org provides a long-term support platform for maintaining these resources.

I started publicly asking for help in June of 2013–and I received a very warm welcome. You don’t have to look far to see why.

2013-06-24

August 2013:

2013-08-23 2013-08-23-2

October 2013: KEYNOTE: Journalism in the Age of Surveillance, Threat Modeling: Determining Digital Security for You, [For Journalism] Keeping Under the Security Radar, Improving Your Digital Hygiene

December 2013: United We Stand — and Encrypt by Josh Sterns2013-12-21

December 2013: Arab journalists need training for civil unrest and wars — referencing the CPJ’s Journalist Security Guide

January 2014: A Modest Proposal for Encrypting the Work of Activists by Kate Krauss

2014-01-20

It is clear that a diversity of educational resources are needed. While my original proposal was going to be supported by the United States Open Knowledge Foundation, OKFNUS has since back peddled due to lack of support from central-OKF. I am hoping that the many people behind Crypto.is are interested in spearheading the development of this OER. If they are not, and no other organization is, I will shortly be registering my own domain name to create a project launch page.

The initial launch of the OER can be created using Micah Lee‘s work, of the Freedom of the Press Foundation, Encryption Works: How to Protect Your Privacy (And Your Sources) in the Age of NSA Surveillance. Micah and the Freedom of the Press Foundation graciously licensed this work as CC-BY, allowing us, and even Wikipedia to reuse the work with attribution. I am hoping that Micah, himself, will want to be included in this project.

The target audience, initially, will be journalists, whistle blowers, activists, and dissidents. While these groups are the extreme, their example proves useful for the rest of society.

Please comment on this post, or tweet me, or email me your feedback.

Encryption for journalists #TA3M

Techno activism

Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and software users who are interested in learning or teaching about censorship, surveillance, and various open source technologies for personal computing devices of all kinds. The New York based OpenITP nonprofit is the organization behind starting TA3M in December 2012, with New York, San Francisco and Berlin hosting their first TA3M events in January of 2013. Currently, TA3M events are held in at least 20 cities throughout the world, with many more launching every month.

Seattle hosted its first TA3M event in August 2013. In our November event, 35 people were in attendance to partake in presentations about Geeks Without Bounds involvement, Tor software development, and Tor use on personal computing devices.

Seattle journalists

For December’s TA3M in Seattle, I’ll be presenting on the use of specific open source encrypted communications applications for mobile and personal computing devices. The target audience for my presentation will be for people brand new to using these encryption-optional chat tools, but for people generally familiar with instant messaging platforms.

  • ChatSecure for Android and iOS, by The Guardian Project
  • Orbot for Android, by The Guardian Project
  • Pidgin for Windows, OSX, and Linux

The rough draft of my presentation can be found here.

Tentative event schedule here.

If you are planning to attend this free and open-to-the-public event, and have any questions that technical people such as me can help answer for you, please post questions in the comment section of this post.

 

State institutions should not restrict learning disabled students from education

This post was written in response to the University of Washington not even looking at my application to a graduate program because it was not “complete”. The University of Washington did not look at my application because a GRE test score, a score they verbally explained over the phone did not matter but was simply a requirement of admission, was not provided.

Washington State Governor, Chris Gregoire, on March 30, 2012, passed House Bill 2483 aimed at expanding the Student Achievement Council. [1]

“The legislature finds that increasing educational attainment is essential for maintaining the health of a democratic society and the competitiveness of the state in the global economy. It is necessary to have educational opportunities that meet both the educational and economic requirements of the state. Increasing educational attainment means Washington needs more students with high school diplomas, postsecondary certificates, [associate] degrees, bachelor’s degrees, and graduate degrees. According to a fall 2010 study by the Georgetown University center on education and the workforce, Washington will rank sixth in the nation in jobs that will require postsecondary education or special training.”

While in primary school and at university, I was tested and diagnosed as being gifted and learning disabled. I have two specific learning-disabilities that are documented in my medical records and are supported by the Americans with Disabilities Act. There has been a considerable amount of research that has concluded that students with my “twice-exceptional” condition are continually misunderstood by schools and even personal mentors.

“Intellectually gifted individuals with specific learning disabilities are the most misjudged, misunderstood and neglected segment of the student population and the community. Teachers, counselors, and other are inclined to overlook signs of intellectual giftedness and to focus attention on such deficits as poor spelling, reading, and writing. Expectations for academic achievement generally are inaccurate—either too high and unrealistically positive or too low and discouraging of high aspirations. It is not uncommon for gifted students with learning disabilities to be told that college study is inappropriate for them, that professional careers will be unattainable, and that jobs requiring only mechanical or physical abilities are more fitting to their abilities. Without equal opportunity to try, these individuals may be denied access to appropriate educational and professional career opportunities.” [2]

With much support and thanks to the Bill and Melinda Gates Foundation, I was accepted as an Achievers Scholar and successfully graduated, this year, with an undergraduate degree in Information Technology and Administrative Management from Central Washington University. An undergraduate degree is not a stopping point. I have applied to the University of Washington’s Master of Infrastructure Planning and Management (MIPM) online degree program with an explicit interest in communications and cyber infrastructure systems. Upon applying to the University of Washington degree program, I requested a Graduate Record Examinations exam waiver. My request to submit a waiver was denied. Retrospectively, I have been denied the opportunity for graduate-level education from a state-sponsored institution. The Graduate Record Examinations exam has no bearing on critical thought or creativity. Generalized examinations are dramatically more stressful for learning-disabled students, especially when accommodations are not provided.

“Many educators and psychometricians agree that using a single test score to make a high stakes determination represents an ethical abuse.” [3] writes Dr. Peter McLaren, professor, UCLA Graduate School of Education, in his book Life in schools: an introduction to critical pedagogy in the foundations of education.

Disability Rights Advocates, a non-profit public interest law center, has written an applicable paper titled, “Do No Harm–High Stakes Testing and Students with Learning Disabilities”. Highlights include:

“Learning disabilities stem from neurological and sometimes heritable differences in brain structure, and can dramatically impact the manner and duration in which persons with learning disabilities read, write, learn and take tests. They cannot be cured.” [4]

This is a direct contradiction to the expectations of Educational Testing Services:

“For LD, testing must generally have been completed within the past five years.” [5]

My “LD” medical records were created in 2003 and thus not valid for accommodation. I have not grown out of my disability and do not have the funds or the time to retake a stressful psychological examination. The University of Washington, who has chosen to support this discrimination by requiring my participation of the Graduate Record Examinations exam, an intellectual monopoly, should be liable for discrimination because they offer no alternative.

“Federal civil rights statutes protect students with learning disabilities in the educational context. The Individuals with Disabilities Education Act, 20 U.S.C. § 1400 et seq. (“IDEA”), Section 504 of the Rehabilitation Act of 1973 (“Section 504”), and the Americans with Disabilities Act of 1990 (“ADA”) all prohibit schools from discriminating against students on the basis of their disabilities. These laws, and the regulations under them contain specific prohibitions relevant to the high-stakes standardized testing and its impact on students with learning disabilities. …. There is no educational or legal basis for limiting the availability of alternate assessments.” [4]

“As noted in a recent report by The National Research Council of the National Academy of Sciences, “[t]ests that are valid for influencing classroom practice, “leading” the curriculum, or holding schools accountable are not appropriate for making high-stakes decisions about individual student mastery unless the curriculum, the teaching, and the tests are aligned.”” [4]

It was clearly stated on May 15, 2012, in the online information meeting about the MIPM degree program, that prospective students should take the Graduate Record Examinations exam as a matter of procedure, and that the score itself does not matter.

Dr. Sir Ken Robinson, in his TED talk in 2006 states:

“We have a huge vested interest in [education], partly because it’s education that’s meant to take us into this future that we can’t grasp. …. My contention is that creativity now is as important in education as literacy, and we should treat it with the same status. …. [A]cademic ability, which has really come to dominate our view of intelligence because the universities designed the system in their image. If you think of it, the whole system of public education around the world is a protracted process of university entrance. And the consequence is that many highly talented, brilliant, creative people think they’re not, because the thing they were good at at school wasn’t valued, or was actually stigmatized. And I think we can’t afford to go on that way.” [6]

Dr. Barbara Endicott-Popovsky, Director for the Center for Information Assurance and Cybersecurity at the University of Washington included this information in her recommendation for me to the MIPM program:

I have known Christopher since AY2009 when he became a student in my Information Security and Risk Management certificate. During this time he worked on a variety of projects in class that demonstrated to me that he had exceptional abilities for research and graduate studies. He distinguished himself with his questions and the kinds of connections he discovered in the materials he read. He developed several models for describing organizational approaches to information assurance that reflected a sophistication of thinking unusual for someone working on their bachelor’s degree. He was well received by students and other faculty alike.

The critical infrastructure of Washington State requires a diversity of intellectual strengths to support its function and longevity. Leaders in the White House, Congress, and Senate have repeatedly stated that there is a shortage of cyber-security talent in this nation [7]. I deserve the right to participate in education, including the responsibility to take on the tremendous financial dept to better our state.

Thank you for your time.

[1] HB 2483 – 2011-12: Creating the office of the student achievement council. Revised for 2nd Substitute: Regarding higher education coordination. http://apps.leg.wa.gov/billinfo/summary.aspx?bill=2483

[2] Whitmore, J. & Maker, J. Intellectual giftedness among disabled persons. Rockville, MD: Aspen Press., 1985.

[3] McLaren, Peter. Life in schools : an introduction to critical pedagogy in the foundations of education. New York: Longman, 1989.

[4] Disability Rights Advocates. Do No Harm–High Stakes Testing and Students with Learning Disabilities. 2011. http://www.dralegal.org/downloads/pubs/do_no_harm.pdf

[5] Educational Testing Services. Policy Statement for Documentation of a Learning Disability In Adolescents and Adults, Second Edition. 2007. https://www.ets.org/disabilities/documentation/documenting_learning_disabilities

[6] Ken Robinson says schools kill creativity. 2006. https://www.ted.com/talks/ken_robinson_says_schools_kill_creativity.html

[7] Homeland Security Secretary Discusses Cybersecurity in Oversight Hearing. http://www.c-span.org/Events/Homeland-Security-Secretary-Discusses-Cybersecurity-in-Oversight-Hearing/10737430136/

Statement of Purpose

Thank you for allowing me the opportunity to share my ambitions and goals regarding the University of Washington (UW) master’s degree program in Infrastructure Planning and Management (MIPM).

Earlier this year, I passed the interview portion for a network administration position within the Seattle Police Department (SPD). Following the extensive background-check process, I was denied the position due to a lack of work-related experience compared to another candidate. I consider the SPD application experience a success for three reasons. First, it was an honor to simply spend time with SPD information technology managers and being challenged with technical and non-technical questions. Working for the City of Seattle has been a long-time desire, especially concerning the security of critical infrastructure. Second, at the end of my interview, I was praised for my ability to be articulate when providing answers. For nearly two years, I have been employed by Big Fish Games in their network operations center (NOC). Having made it a specific point of mine to further develop appropriately-verbose communication skills, it was wonderful feedback to hear. Finally, during the SPD’s interview process, I was asked if there was anything I would like to add to bolster my prospect of being hired. I specifically mentioned the MIPM program with the intention of working directly with the SPD for any and all related projects. Two of my three interviewers were clearly interested in the UW’s MIPM program. One responded by explaining the SPD’s desire to work closer with the University of Washington. I hope that I will be presented with a future opportunity to work for the SPD on some form of city-level information assurance development.

For over two years, I have been maintaining high standards for information technology (IT) infrastructure incident response and problem management in two separate NOCs. My first NOC position was with Microsoft supporting online business communications technologies across 19 internationally-spread datacenter co-locations. The majority of my professional NOC experience has been with Big Fish Games where I help support their entire IT infrastructure, encompassing 4 internationally-spread datacenter co-locations.

IT professionals, who are fortunate enough to be able to rely on a NOC for all initial triage and communications support, differ in terms of knowledge specialization and development. Unlike network or database administrators, NOC personnel must holistically understand all operational aspects of their entire business infrastructure. Contrast to Microsoft, an extremely large company, Big Fish Games is a medium-sized company with 99% revenue dependency on IT infrastructure and uptime. I feel very fortunate to be valued as a peer in a company like Big Fish Games where one is able to clearly understand where professional specializations and business drivers merge.

Prior to my NOC experiences, I had a successful internship at Microsoft as a Support Analyst on a datacenter deployment operations team. Although I feel that this internship was too short (three months), I helped perform a diverse set of large-scale hardware and software deployments, including some in Microsoft’s famous 470,000 square foot facility in Quincy, WA. I believe that these experiences with large-scale IT systems are setting the stage for even greater work in support of critical infrastructure.

Working as an information systems problem manager has allowed me to gain a unique understanding and appreciation for the IT field. I am looking forward to shifting gears from a response-oriented (reactive) career to a forward-thinking (pro-active) career in IT.

My future plans involve working in a security-focused role in Seattle while maintaining high academic performance in the MIPM program. Professional IT security experience is a requirement for Certified Information Systems Security Professional (CISSP) certification. Additionally, in 2013, I would like to attend the Oxford Scenarios Programme, hosted by the Saïd Business School, University of Oxford. This futures-development coursework would dramatically increase my contributions to the MIPM program. The Oxford Scenarios Programme would also fit in with my long-term objectives of executive-level information assurance development.

The MIPM program is a clear next-step. Being a critical and strategic thinker, I have outlined two primary objective-oriented paths with many levels of goals—one path academic, one career-oriented. I have taught myself the concept of how to pursue what I can when I can, and to merge these two paths whenever possible. The MIPM program would undoubtedly be one of those rare events where I can merge both paths. My long-term career objectives include the executive management of information assurance processes. Furthermore, I hope to advance my company, Sagawa LLC., which will build a network security appliance that utilizes Suricata, an intrusion detection and prevention system (IDPS) developed by the Open Information Security Foundation (OISF). OISF is funded by the Department of Homeland Security (DHS) and the Navy’s Space and Naval Warfare Systems Command (SPAWAR). I originally became interested in developing my skills in security information and event management (SIEM) using Suricata because of the DHS and Navy’s direct support for its development—supporting federal information assurance initiatives greatly appeals to me.

I have many hobbies. For entertainment (please keep in mind that I am an introvert), I study information philosophy and information systems theory, and have a general interest in complex systems theory and intelligence analysis. Also, I read a great deal of information-security related media. I contribute to the Crypto.is project (https://crypto.is/) by developing public-domain licensed standard operating procedures for installing and using open-source cryptographic communication tools. Additionally, I maintain two Tor (https://torproject.org/) exit routers. I have a keen interest in supporting international freedom of expression and the right to read (anti-censorship).

Every single year of my formal education has been an outstanding challenge. The one exception was a single quarter spent with Dr. Barbara Endicott-Popovsky in the UW’s IMT 551. I was undoubtedly on the edge of my seat during every class because of my excitement concerning the course material. As a young child, I was diagnosed as both gifted and learning-disabled. Like many students with this “twice-exceptional” condition, I have dealt with an unnecessary amount of frustration coming from teachers and mentors. Elementary and middle school teachers repeatedly called me lazy. High school administrators told me not to pursue higher education. Toward the end of my undergraduate degree, my disabilities-support adviser declared me a failure and that I would only succeed in life as an entrepreneur. These once-frustrating set-backs have not overcome my tenacity.

Due to my academic history, you may not view me as an ideal candidate for a respected tier-one research institution. My twice-exceptional condition is rooted to a physical re-conditioning of my brain, and it forces me to assimilate and process information differently. For example, my team-lead at Big Fish Games told me that he values my feedback when problem-solving because I present unique, useful information. There is no doubt that I have academic weaknesses; however, my cognitive differences also give me uncharacteristic academic strengths. I passionately believe that my differences will aid the MIPM program for which I clearly see myself graduating successfully.

An “Edupunk” System

This is another work in progress. I have a lot to add to this, so I will do so when I find the time.

The focal point is to provide choice in education as a stem from my previously stated notion, “what obligation do I have to information?” I presume that it’s feasible to design an edupunk system; a system that is open source, Internet-community designed and Internet-community maintained. This system could be used in addition to higher education institutions, and all other preceding education systems. This system would not be limited by how or from where information is obtained, as long as it satisfies the community-derived requirements. An edupunk system should also be completely anti-discriminatory. This includes placement based on age, experience, intelligence, and all of the other common attributes of a society—gender, sex, race, whatever. Information does not discriminate until we use information to discriminate.

What are the ways that people learn?

Direction

  • Completely directed
  • Partially directed
  • Self directed

Orientation

  • Completely base oriented
  • Partially base oriented
  • Not base oriented
  • Completely objective oriented
  • Partially objective oriented
  • Not objective oriented

Immersion

  • Completely integrated
  • Partially integrated
  • Not integrated

Information sharing

  • By a master all of the time
  • By a master some of the time
  • By a master none of the time
  • By a specific group of masters all of the time
  • By a specific group of masters some of the time
  • By a specific group of masters none of the time
  • By a master collective all of the time
  • By a master collective some of the time
  • By a master collective none of the time
  • By a student all of the time
  • By a student some of the time
  • By a student none of the time
  • By a specific group of students all of the time
  • By a specific group of students some of the time
  • By a specific group of students none of the time
  • By a student collective all of the time
  • By a student collective some of the time
  • By a student collective none of the time

(The text in red identifies how current mainstream education institutions predominantly operate. They can be, however rarely, “partially integrated” (into a specific community or environment). Internships and the like are “completely integrated.” Research degree programs would be “partially base oriented” and “partially objective oriented.”)

“Direction” entails a linear process of constructive knowledge gain. Completely linear systems with predefined objectives limit creativity, even when compounding such linearity with complexity.

A base-orientation entails a body of knowledge or an idea that can be explored with no limiting objective. This form of orientation entails the generation of a scope as you add more knowledge to that base, and that you will eventually conclude on a desired objective.

An objective-orientation entails using a predefined scope with a predefined objective that is based on expectations.

Do you have an objective? Are you objective-less? We cannot use one system that has to work for everyone without losing the minority and steering the majority. Everybody has different goals, and that diversity requires diverse education systems.

Curriculum requirements can either be static (predetermined) or dynamic (real-time). Both base-oriented curriculum and objective-oriented curriculum can be static or dynamic in their design.

Why should people use my edupunk system?

The dynamism of the evolution of information and behavior is increasing, and uncertainty of futures is indeterminately complex. Knowledge oriented education systems no longer support the needs of our present day problem solving systems with the advent of this information-integrated stage in our evolution. The Internet—the distributed, instant-information systems that span and connect the entire world—can help alleviate our education woes. Irrespective of laws on intellectual property, restriction of information slows the progress of the human race. And while modern day, mainstream education institutions take money in exchange for un-integrated, structured knowledge, the values that drive this inertia (linear, non-changing) need to be updated and expanded to become adaptive to real-world, current and future knowledge gaps.

Progress of the human race—using what objectives?

Why do we even have education systems? No educator has ever asked me. How can we continue to use a system that has no predefined goal? Do we simply expect that growth equates to happiness and happiness to satisfaction? Is this some perverted, collective super-position that is simply expected of every living human being?

I stand by the notion that things don’t happen for a reason until we give it reason. Sharing information appears to be an innate feature of a naturally-social group of organisms. From an evolutionary standpoint, sharing information allows you to gain information that you once did not have, possibly and probably increasing your chances for survival in the environment in which you live. This problem of needing information to thrive has not gone away. In fact, it would appear that education systems have been developed in order to both solve complex problems and to anticipate future problems. This is why we need progress—for the survival, and often times the vanity of the human race.

But why do we have to constantly be “updating” our knowledge if our goal were simply to survive? Is there a point where we can just stop learning about our shared world? In short, no. The human race still has problems that have evidently existed since the beginning of Earth’s history. And as our species evolves while in parallel we develop better and more complicated technologies, there will never be a time, as long as life exists, where problems will not exist as well.

There are some problems that are undeniable. Sustainability of resources is critical, in addition to maintaining the resources we have. Maintaining resources includes the avoidance, minimization or mitigation of disasters, both human caused and of natural consequences. Every bit of human knowledge can be given “reason” to amount to some portion of any notion that precludes to the avoidance, minimization or mitigation of disaster in some form or another.

How should my edupunk system work?

By capitalizing on the various ways that people learn. While all people have dominant learning styles, people must find balance with their non-dominant learning styles in order to maximize the reception of information in diverse ways. As I mentioned above, people learn by established direction, orientation, immersion, and with whom information is being shared.

[To be continued…]