What is most important to state is that the vast majority of what I have been able to accomplish in my efforts to apply technology solutions to social change needs, was due to relationships built, trust earned, support requested and problems presented, by real people in need of help to solve real problems. While some might see my work with the Guardian Project as the realm of myopic, open-source hackers locked away in a room trying to realize a crypto-anarchic nirvana, the truth is far from it. In truth, we have spent as much time talking with people, working through problems, proposing and testing solutions and  dealing with the true drudgery of real progress, over the last two years, as we have in front of our keyboards and screens.

standing on the roof of the world, with a mobile gadget in hand

For now, back to our previously mentioned partners. The first partner, after working on a variety of projects and proposals with them for the last year, clearly enunciated back to me, the exact view I hold on how the relationship between a non-profit and a software tool developer, should work. They said, and I paraphrase, “You see what we are doing here, together, is a process, trying to understand what it is that should be done, and for who, before we do it, and we need to communicate that to our larger community.” In this context, driven mostly by our partner, we were trying to understand the type of mobile technology available to their target community, and the existing interests people had in using mobile technology. It should be noted that this community is spread around the planet, separated by various cultural issues and dialects.

The other partner, an admittedly much newer acquaintance, was extremely confused when my team and I proposed a “phase 0″ that would help us begin the collaborative process that we saw the entire partnership engagement becoming. Instead, we were told that this would not work, and that we were the experts, and should provide a full specification of what we proposed to build, and they would review and hopefully approve that, and then we would build it. As long as the spec was approved, and we built to it, the partnership would be determined to be a success.

I share these two extremes because they will help demonstrate to me a few points about the difference between developing software in a non-profit, social change context, versus a corporate, commercial or traditional software consultancy.

To some, especially those used to working in a typical client-consultant environment, the example of the first partner sounds like a disaster waiting to happen. Unclear goals, extended periods of open-ended discussions, too many stakeholders, and what is essentially a long “spec” phase. Even for those used to working in a non-profit environment, where budgets are traditionally tight, there is rarely the luxury to spend too much time engaging in this way. Still others might see the first partner as an easy gig, someone to milk money out of, while not really delivering anything substantial.

The second situation, might alternatively seem like an ideal one, where you have full reign to implement a nearly turn-key solution, based on existing components, and drive the process to maximum advantage and benefit. The less you are told by them, the better, because this is an opportunity to fund your vision for what you think they need. If the partner, truly just a client in this manner, has any issues, they should have raised them at the beginning, and it will cost dearly for any change to the plan down the road.

It may surprise you then, or it might already be obvious, that from my perspective, the first partner is the ideal one to work with in a social change context, while the latter is a much greater challenge. This is because our goal is to actual make change happen, and not just complete the client engagement successfully. Our duty is to determine if technology can plan a role in addressing a need, and if not, to walk away. The best way to work is to constantly revise what you are building, based on the latest information, feedback from the ground, and to constantantly iterate and tweak what you are supposed to be building. The second partner mostly just wants you to deliver on a contract, and when that is done, perhaps there will be an additional support contract for bug fixes, or another RFP to respond to.

Even more importantly, the partner, the people in need, should feel like they have a share in ownership of the process, and that the resulting product is as much theirs as yours. Rarely will the first version of what you develop be the big breakout hit or complete solution you expect it to be. All must be prepared to continue on a road map that includes multiple releases over a decent amount of time, that takes in account time it will take for users to adopt and share the tool. This could be a few months, or a couple of years. To support this, the partner should engage in the effort with the willingness to commit to ongoing support of not just the financial commitment, but the spirit of the project. If the effort is a core part of their plan, their campaigns and their process, the likelihood of adoption and overall success will be much higher.

Underlying all of this, is that, when you are doing this work as freely licensed, open-source software, the solutions you implement need to be more than just opaque, black-box products. To be truly open, and not just a dump of source code, they must be designed in a modular way that promotes re-use, be well documented, properly licensed, and shared in an easy to access public site. They should, when at all possible, make use of existing code from other projects, such that you work more efficiently, and support efforts of other tool developers and non-profits who support them. There should be some attempt to engage a community of developers and users around the code base, such that sustaining the work extends further than just the amount of money you can pay someone to bug fix it. Again, this is all perhaps counter-intuitive to a traditional consultant model, where investing time and energy into code you are going to give away for free, while also re-using other peoples code to reduce the amount you have to charge, does not always compute financially.

I will wrap this up by making a request to all of those eager hackers, developers, designers, consultants, companies and corporations out there, who have in the last few years begun to realize that doing work that does some good, can be a good thing for their businesses and reputation. Even if you come to this world of social change with the best of intentions, the process you may engage in may not be compatible or mutual beneficial to those you are trying to help. Please take a step back, and think about your goals, commitments, and the ability for the work to be sustained beyond this one hackathon, camp, event, or pro-bono engagement, before you promise to change the world.

Many thanks to the Pizzigati family for their support of my own personal attempt to change the world, slowly, one mobile phone at a time.

I began by breaking down the areas of possible concerns into three groups: User Identity (including location), Network Connectivity, and Data Storage & Access. These represent, collectively, who and where you are, how and when you are connecting and what you are accessing or sharing. I came up with a brief description of the positive and negative impact an app or service could have in each area. I then designed a basic icon for each, came up with a color scheme and a matching positive or negative charge indicator.

The goal of the icon design below is to indicate whether an app or service deals with these three areas of possible concern in a positive (go green!) or negative (warning yellow!) way. Very rarely will an app address all three, though sometimes used in combination a
solution can be made to do so. In some cases, an app might provide a benefit in one area,
while proving detrimental in another. We might also include one or two more icons to indicate how the security of the app was verified, a + meaning open-source, fully commercially audited, and a – meaning it only has a “trust us” model for security.

I hope to begin using these to label the apps and libraries provided by the Guardian Project to help better educate our users. If there are similar existing ways to label apps out there, we would be happy to consider them. Otherwise, please provide feedback below, or steal our cc-licensed SVG file, and make your own variations.

Mobile App Audit Icons SVG

Nathan Freitas will be on a panel at the 2nd annual Open Video Conference in New York this Friday and Saturday. He will be on the panel entitled “Cameras Everywhere” led by our partners at Witness, on Saturday at 3pm.

Summary: Cameras Everywhere: Human Rights and Web Video - (2:45 PM – 3:30 PM)

Description: Once upon a time, video cameras were rare. Now they are ubiquitous—as are the opportunities to share, use, and re-use video. What are the limits and possibilities of an ethics of openness when it comes to human rights footage?

Videos (particularly mobile and online video) make it possible to document and publicize human rights struggles – from monks marching for freedom in Rangoon and Lhasa, and the election protestors in Tehran, to individual voices speaking out against injustice on YouTube and other online spaces. But despite the growing circulation of images of human rights violations, of victims and survivors, there is limited discussion of crucial safety, consent and ethical concerns – particularly for people who are filmed.

Issues around consent, representation and re-victimization and retaliation have emerged even more clearly in an open and networked online environment, as have concerns about intentionality and authenticity. Video is being reworked, remixed and recirculated by many more people. New possibilities for action by a global citizenry have arisen, but these carry with them substantial challenges, opportunities and dangers.

Presenters:
Sam Gregory — WITNESS
Gabriella Coleman — NYU
Nathan Freitas — The Guardian Project
Steve Grove – News and Politics, YouTube

Following the panel, there will be an open workshop, to continue the discussion and brainstorm new approaches and tools to address the issues raised. This feedback will be gathered and fed into the OVC Hackday, held at NYU ITP on Sunday. Team Guardian will join in with whoever shows up at the hackday, take the ideas from the previous day, and build prototyped mobile video solutions in response to them.

You can get more information and register for the hackday here: http://www.openvideoconference.org/hacklabs/

OVC hack labs: Sunday, October 3

Join us at NYU’s Interactive Telecommunications Program for an all-day open space gathering for innovators of all stripes. Meet and collaborate with conference attendees, HTML5 developers, transmedia storytelling experts, and more. Among the planned activities:

Make interactive HTML5 video using WebMadeMovies technology like popcorn.js
Map out a transmedia strategy for your content
Build a custom HTML5 player for your site
Create robust video sites using the free+open source Kaltura CE 2.0 self-hosted software stack
or just grab a room and hack on your project!

OVC hack labs are free and open to the public.

Here’s the collection of tips and ideas I came up with on short notice. It is by no means complete, but I felt it would be useful to publish these to a wider audience here on my blog. Finally, before you say “well couldn’t criminals and terrorists use these techniques too?”, I will refer you to an excellent Abuse FAQ page from the Tor Project which covers this very topic (“Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides”).

Now, on to the topic at hand…

Changing Your SIM Card
Often the first thing that comes to mind when people think about reducing tracking of their mobile phone is to change their SIM card. Unfortunately, changing SIM cards isn’t a reliable solution to stop centralized tracking because each phone also has an IMEI (http://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) that uniquely identifies the underlying phone hardware itself. This means that even if you change your SIM card, the phone’s unique identifier can still be tracked. Still a new SIM card would change the phone number that is displayed or logged on the receivers phone, which could buy someone time or throw off a lazy investigator.

You can check your IMEI by typing in: *#06# or something similar depending upon carrier or phone. There are a number of cheap Chinese phones on the market in some countries that have an IMEI of 000000000000, which can come in handy if they are those types of things available. It is illegal in most countries to change the IMEI or to use a phone with an invalid IMEI.

Airplane Mode Ain’t Just for Airplanes
If their phone has “Airplane Mode” or a way to disconnect from a network or manually choose a network, that usually works as well as taking the battery out. This is useful if they still want to take pictures, notes, record message, queue up SMS messages to be sent once they reconnect in a different location from where the data was captured.

To step back a bit, it is important to understand, that mobile phones are always in constant contact with the cellular towers in the area. As you move about, your phone is in constant negotiation with different towers to connect to the best single, check for incoming calls, SMS message and so on. In addition, the server provider is checking your identifiers to make sure your phone is valid to work on the network, that you have an activated account, that your hardware isn’t blacklisted (aka stolen, etc), and so on. In summary, even if you aren’t using your phone, your phone is being tracked for operational and billing purposes, not necessarily malicious. However, it must be understand that this same data can be used by authorities for whatever purpose they like and is legal in the current country or context.

In theory, if you put your phone into “Airplane Mode” all signals emanating from your phone are stopped.

Complicating Monitoring by Turning Text into Pictures
If picture messages or MMS is available, write a message/code on paper and take a picture of it instead of sending it as text. Harder to automatically filter/monitor, and that the small resolution on the screen harder to read… if they can get the message on a PC on the receiving end, it can be zoomed up, but if the sender is stopped by local authorities, they may not see it.

In addition, picture messages of colors can also be a code:

• Blue Sky = “okay”
• Red Sign = “problem”
• Brown Dirt = “Ballot Stuffing”

Your Very Own Secret Code
Come with a very basic text code that say involves ten digits, with each different representing 0-9 of possible states.

• 0-9: how long is the wait (in hours)
• 0-9: how bad is intimidation from militia (scale)
• 0-9: how good is the turnout (scale)
• 0-9: general code (0 = no problems, 1 = polling place closed, 2 = armed men outside, 3 = riot, 4 = no ballots available)

could then result in a code:

• 2190 <— this would be a pretty good polling place
• 9912 <—- this would be a report of trouble

You could easily write this on piece of paper and take a picture of it as well.

Again, this type of code would just look like gibberish at the local level, and perhaps buy some time at a state surveillance level until they got their own copy of the code. At the least you would be making them work some more to figure it out, and make them less able to filter by keywords.

Mobile Pyramid Scheme aka Improved Autonomy
Local groups can send to one local person, and then that person can forward each message to another level up the tree and so on. This would enable a bit more protection than all field election monitors texting to a centralized number. It introduces some other issues around reliability of the data and complexity of the process, but in exchange you help foster autonomy and decentralization, two great tools to improve safety and privacy in your overall network.

Managing What Gets Logged
By default, phones tend to log and track everything you do, in the name of convenience. This includes all the text messages you send. The problem is that if a person is detained, it can be difficult to quickly delete those messages before the detainers take away the phone to see what they can learn from it.

Most phones offer a way to NOT save outgoing SMS messages and also to potentially delete inbound after they are read. This feature should be utilized. In addition, numbers should be memorized and manually entered, instead of stored in an address book.

More Ideas?
If you are reading this post and have your own thoughts or firsthand experience to contribute to the discussion, please add them using the comment section below. I will make sure the right people see this information. Your insight and creativity can make a difference!

Our goal is to build all of these applications using a mobile web-based approach. This means instead of building apps in Java for Android, or Objective-C/Cocoa for iPhone, we use HTML5, CSS and Javascript. However, this does mean we have to spend some extra effort to make these web apps feel like actual, native mobile applications.

Fortunately, projects like JQTouch, a library that provides automatic formatting and interactivity tuned for the iPhone, make our lives much easier. However, with the release of the iPad this weekend, it has begun to hit us that that same old lists, menus and forms that make sense on the iPhone, may not be the best metaphor for the larger iPad screen. With that in mind, I’ve begun some basic prototyping focused on building a more tactile interface where the user can drag, pinch and swipe their way through all the legislative data they might want. Through using JQTouch, along with the JQuery Touch plugin, I was able to pull something together fairly quickly.

Here’s a video below of my first crack at this. You can also point your iPad or iPad Simulator device at http://m.nysenate.gov/ipad to play with it live. I’ll release some of this code shortly, but you can also view source on that same URL with any web browser.