Fractures in the rebel alliance

It’s been an on-it week, so to speak, with regards to an oft returned to topic on the ol’e  blog. Friday through Sunday I was camped out at the Barbican Centre here in London for The Logan Symposium, organised by The Centre for Investigative Journalism with the subtitle/action point:  “Building an Alliance Against Secrecy Surveillance and Censorship.”

This would be a marvellous achievement, and really it is something that seems to be emerging to some extent, in part thanks to summits such as this one taking place last weekend. Still, there’s trouble on the line. Our alliance is a fractious one, riven with in-fighting, ego, varying degrees of technological literacy, paranoia, defeatism and the occasional bizarre leap in logic. Meanwhile, it’s benefited by driven people bringing in diverse talents like programming, design, psychology, education, activism, counter-intelligence, research, massage therapy and whatever anyone’s got to offer.

Attendees of  #LoganCIJ14 received a limited edition copy of this TCIJ guide. It's also online. (Photo by Silkie Carlo via twiter)
Attendees of #LoganCIJ14 received a limited edition copy of this TCIJ guide. It’s also online. (Photo by Silkie Carlo via twiter)

This blog isn’t going to be a blow-by-blow of the  whole programme. Get that here and here.  For notes, quotes and quips from the Logan Symposium, check out Oliver Smith’s post or the Online Journalism Blog post. The Guardian’s Live blog offers several sometimes heated turns of the screw, including some sucker punches aimed at itself.

First, this post is about why people fight for the issue. Second, it’s about why people fighting for the issue are fighting one another. We’ve got a trio of re-occurring examples to take a look at on that count. But do visit the Logan Symposium site. Look up the talks and the talkers. All of them are amazing, inspiring and worth following.

Why be concerned about data and its misuses? Why should you, likely with “nothing to hide” give a shit? I’ve got nothing to hide as well, so I’ll take a stab at it:

For now, put aside the twin beasties of the NSA and GCHQ. We worry about spooks not just for what they represent to society, but because of who they report to. Some points:

1) Overall:  Laws are shifting globally with a trend away from democracy, civil liberties and human rights. Freedom House’s annual “Freedom on the Net” survey “finds internet freedom around the world in decline for the fourth consecutive year” (and still gives the U.S. too high a ranking). That’s on par with it’s overarching “Freedom in the World” survey, finding for the eighth consecutive year “more declines in democracy worldwide than gains.” Too much democracy. Gotcha. Enough of that.

gchq-does-not2) Little Britain: The UK is protesting interference from Europe, mostly around laws that protect British citizens.  What amazes me about UKiP leaning voters is that they seem to want the UK to have the right to treat them more miserably.  And it’s working in the name of fighting the immigrants, or terrorists, which seem to be mentioned fairly interchangeably. So less freedom. People are voting to give it up.

The British government’s Section 7 of the Terrorism Act 2000 makes it particularly risky to be an investigative journalist here. And even if that one doesn’t apply, you may still end up on British police list of “Domestic Extremists” for simply acting like a journalist.

3) That place of the Arab Spring: Egypt, United Arab Emirates, Yemen and several other countries in the region are taking stronger stances against large sections of their own populations. This news is often reported in Western media with a shrug and a wink, so let’s be sure to notice that our special friend and “only democracy” Israel is on trend, working on changing its laws to be strictly identified as a Jewish Nation State. If you’re a Druze or a Palestinian Muslim or Christian, you’re country’s about to be a little less about you than it already was. What will that mean after the next election?

4) The empire: The U.S. continues the long wake-up to a nightmare, in which it realises how little the government is accountable to its citizens. The NSA is spying on you, but the CIA is physically torturing folks. Neither of them are actually stopping physical threats to the population, but remember, the NSA is telling the CIA where you are through your Whatsapp and your Uber. Maybe under old rules you weren’t a person of interest, but under new rules you could be.

Jeremy Scahill: "Specific individuals are being targeted, even though the United States doesn't know their identities."
Jeremy Scahill: “Specific individuals are being targeted, even though the United States doesn’t know their identities.”

The point is, even if you’ve somehow lucked into a happy land of equality and freedom (Hello, Icelandic reader), governments change, laws change, and yet everything you’ve done in the past that’s been recorded and categorised will remain fixed but subject to reinterpretation.

Jacob Appelbaum noted in his talk via video not using Skype that people equate privacy with liberty and free speech, and yet they’ll also be the first to admit that privacy is dead. Privacy is liberty: It’s the ability to choose who you speak with. Free speech includes being able to control who you want to listen to what you’re saying.

So things are complex, and people on the same side of the fence squabble about whether you should use Skype or not when talking to your sources on that news story, or whether having an encrypted email paints a big target on your back, or if you even need to worry about the Western big bads when you have more pressing local issues. Let’s take a look at some of the conflicts and sort them out.

Myth 1: Skype is easy to use and you’ll blend into the noise
First off: millions of people use Skype. I use Skype on a couple of machines. Skype has its uses. Most of those uses exist because people are asking to talk to you using Skype. It’s free and quick. But I’d never use Skype with a source on a news story, to conduct a meeting on direct action strategy, or to talk with or about someone targeted by this or that regime or various colourful non-state actors.

I maintain a wall on contacts I don’t want imported into Skype, use different Skype accounts, and use different operating systems without Skype for work I don’t want effected by Skype. That Skype is both quick and free makes it not easy. Actually, Skype is quite complex to use. It requires a whole risk assessment.

Skype's report card from EFF.
Skype’s report card from EFF.

At a Logan Symposium session on Friday,  Ross Anderson suggested that Skype could be better than using PGP to talk to sensitive sources. His argument in summary: You can both create a fake user name account to hide your identity and you’re one-off communication will blend into the noise of millions of Skype users. If you use PGP or security-specific tools, you may stand out, he said. A lot of people left that session repeating what Anderson had said on the topic, there and on Twitter. For the next two days, every time Appelbaum chimed in about anything, he made sure to include a mention of why he thought this was patently not true.

Both individuals are far more knowledgeable and intelligent on the topic than I am, and I still use Skype… sparingly. And that’s what makes it complicated, because Skype wants you to use it all the time.It’s designed to get you to use it all the time, and it’s technically insecure.

The way your unique data is collected is what makes you actually stand out of the crowd so long as your chats or contacts trigger any number of “selectors” that are being looked for. You can easily stand out based on your identity, where you’re communicating from or to, who you’re talking to, the kind and size of files you’re sharing, time stamps, IP addresses, the technology you’re using, and on and on.

Skype is not so easy to use if you apply it to any reasonable threat model around working in journalism, human rights, activism, or anything that is or could some day be of interest to authorities. Here’s a possible use: Agree to meet on Skype voice to instruct someone how to use a stronger tool for communication in the event you can’t meet in person. Use another more secure other tool for your text chats and file exchanges, or simply switch to more secure things like Ostel or Jitsi for privacy, and something like Cryptocat or the like for anonymity.

Using these more secure, open source peer-reviewed programs will simplify your life. You won’t “stand out” any more than you already do with Skype, really, and if you are selected you may be thankful that there’s less of a chance that a searchable record of what you were talking about or to whom remains available.

Share files through volatile means like onionshare or filetea. Mixing your channels of communications adds strength and these are easy, no password, disposable methods of communication with encryption and deniability. You’re source will be safer than they would be on Skype.

signal-redphone-eff

But this shouldn’t be about one app. It’s not whether Skype is safe, because you don’t want to repeat this process with every shiny new piece of tech that comes along. It’s about application’s functional and technical structure, the business model of the company that makes it and how it views its users. If you look at it this way, you’re answer about whether you should use Skype will be the same with regards to whether you should use Viber, but possibly different from whether you should use something like Signal or Red Phone.

Myth 2: Using encryption is difficult
This was uttered in a few corners around the Symposium, both on and off stage. Digression: Long ago, back in 1992, there was a media controversy about  a talking Barbie doll. One of its many pearls of wisdom was “math class is tough.” That’s a curious thing to say on the topic, instead of maybe: “maths class is fascinating,” or “prime numbers are what is left when you have taken all the patterns away. I think prime numbers are like life. They are very logical but you could never work out the rules, even if you spent all your time thinking about them.” (Okay, that’s Mark Haddon)

Relating the digression: Whenever someone sloughs off encryption as “too difficult” at one of these events, I uncontrollably see Barbie’s plastic head on their shoulders for a few seconds. Generally they’ll move on to say something smart and it goes away.

Feminist hacker Barbie in action.
Feminist hacker Barbie in action.

When you dismiss encryption as too difficult, you’re taking a person’s power away. You’re robbing them of the opportunity to see for themselves whether a potentially useful skill is actually too tough for them to pick up. In most cases, I’d argue it’s not, and you’re being a part of the problem. Encryption is complex, but that’s not the same as being difficult to use.

Sure, bashing out your own cipher or hashing algorithm from scratch that will stand up to AES requirements is a tall order. But that’s not what we’re talking about. And unless, you’ve got a special fetish for it, you don’t need to fire up the Unix terminal to secure your files, folders or emails. There’s software that makes it much easier. There’s Thunderbird+Enigmail. There’s GPGtools. There’s GPG4Win. There’s Portable PGP. There’s fucking Mailvelope.

And there are even quicker chat programs to use that don’t require messing about with the actual encryption keys at all, for complete off-the-record, forward security conversations.

Yes, there’s a learning curve to get over. There was also a learning curve to drive a car, swim, pick up a new language, spell words in your own language, mix a decent Tom Collins, and etc. There are habits and behaviours to pick up, and ways to suss out if you’re choosing the best app for the job. But that starts with curiosity and interest. You’re squishing the life out of those when you say “it’s too difficult.”

There’s enough senseless fear mongering about technology as it is, without adding to it with more nonsense.  Properly used, strong encryption works. Learning how to use it can be done in a relatively short time. A complete understanding of the math and theories underneath is like diving into prime numbers: Possibly interesting, but unending and not required.

Myth 3: You live in a liberal democracy, so you can relax
People in various sessions and side discussions were right to point out that there are more threats than the Big Bads in the U.S. and UK. There’s China, there’s Russia, there are Mexican cartels and Islamic terrorists. There are financially driven criminals, moneyed despots, corporations and so on. Some argued that because we’re where we are, we have less to worry about than others. This is dangerously inaccurate.

The NSA paid Sweden Denmark Spain to set listening Spy stations. (photo from the Logan Symposium by Ian Puddick)
The NSA paid Sweden Denmark Spain to set listening Spy stations. (photo from the Logan Symposium by Ian Puddick)

Your data moves along servers and through networks sitting under multiple jurisdictions around the globe. Some of these networks are weaker than others. Some of these governments are more invasive than others. It’s what Maria Xynou, a researcher at Tactical Tech dubbed, “The False Dichotomy of Better and Worse Spies.”

It goes like this: Some people may look at the U.S. and China on the Freedom House site (for example) and decide, “I’d rather be spied on by the Americans…than, say, the Chinese” (Maria’s example).  Thinking this way could put you or those you’re trading information with at risk. Maria writes: “intelligence agencies around the world collaborate and routinely share intelligence data. In some cases, such intelligence sharing has had major consequences and has resulted in extrajudicial killings. In these cases, the collectors of the data, the spies, have not been held accountable for collecting, aggregating and sharing this data.”

Thinking in terms of national identity makes things more complicated. You need to learn multiple legal systems and several other things, and sometimes guess which will apply to you. Thinking in terms of cross-border networks makes life easier: How many other parties (the quantity and variety of which you have no control over) do you want seeing what you’re talking about? Encrypt it.

One of Seymour’s soundbytes from the Logan Symposium, smacked on top of a Marjorie Lipan photo.
One of Seymour’s soundbytes from the Logan Symposium, smacked on top of a Marjorie Lipan photo.

Welcome back to the struggle, newly liberated Democrat voters

It’s been a tough eight or so years for progressive causes in the U.S. As soon as Obama moved into the White House, it suddenly became difficult to find Democratic voters who would rock the boat in significant numbers on actual progressive issues, I guess because it would be seen as criticizing their own guy. Well, that’s done now.

Obama’s on the way out, and the Republicans have taken over the House, Senate and majority of governorships. This is fantastic. Far too long, the majority of Democrats and their organising groups such as MoveOn have been weak in the knees on issues like the economy, climate, foreign policy, mass surveillance and everything else that’s continued to go to seed regardless of which party is running things. These were issues we heard from Democrat voters all the time about when Republicans were in control, and as they take over again, we’ll be getting our allies back. Fantastic news!

Digital protest

Now and again, I submit secret text in blog posts using different steganography software found around the web.

I’m a fan of steganography. It’s a really quick and often easy way to quickly share a private message without having to set up a lot of kit and learn how it works. You can use images to send all kinds of  notions that may or may not be worth a 1,000 words. If people acted as much as they talked about being irate over mass data collection, then they’d be communicating this way more often. Use anything. Use silly, stupid methods and really strong ones. Use them for important messages, but use them for inane ones as well.

There’s an ever increasing industry of privacy workshops, seminars, talks and miscellaneous shin-digs.  In one session put on by the New Yorker,  everyone’s favourite live-streaming attendee, Edward Snowden offered a reminder of his quick tips to get more privacy online. It’s good stuff, but the threat is that it all becomes a bit to niche.

Data privacy isn’t just a privacy advocate’s thing, it’s any activist’s concern. Most targeted spying isn’t aimed at people banging on about privacy, but at environmental activists, political activists, human rights activists and people stomping around for actual change. Good people, but I’ve noticed most of them practice awful security. It’s like handing over tactics without a battle. Even if you think your adversary will get it in the end, you at least should be making them earn it.

Some protests look like this:

(April 1, 2009 - Source: FlynetPictures.com)
(April 1, 2009 – Source: FlynetPictures.com)

The protest against governments scooping up your private messages looks like this, though:

pgp

Generally, I work with some of these tools as part of training and helping journalist and various nice NGO types use them to keep from being tracked, arrested and worse. Dissidents need to be using them as well. Some are. A lot aren’t. There’s this idea that “they’re going to watch me anyway.” This is, of course, why they should be taking the situation more seriously. The use of Firechat in Hong Kong was inspired. Firechat + encryption is more inspiring.

The same methods that can help that important work stay secure are also the main protest march routes.  What are we supposed to be protesting? Pop-up ad creator Ethan Zuckerman offers a good, recent explanation/admission:

“I have come to believe that advertising is the original sin of the web. The fallen state of our Internet is a direct, if unintentional, consequence of choosing advertising as the default model to support online content and services. Through successive rounds of innovation and investor storytime, we’ve trained Internet users to expect that everything they say and do online will be aggregated into profiles (which they cannot review, challenge, or change) that shape both what ads and what content they see. …  Users have been so well trained to expect surveillance that even when widespread, clandestine government surveillance was revealed by a whistleblower, there has been little organized, public demand for reform and change. ” — Ethan Zuckerman, The Atlantic

That effects you, even it it’s not your exact cause de jour.

On the street, protest routes look like this:

protest-route
Here’s a well documented route, approved by police and heavily monitored, but hey, you got your message across, right? Right?

On the internet, the protest route looks like this:

So randomized that the police, government and you don't know how you got from A to B, and (if used right), only you know what B you got to.
So randomized that the police, government and you don’t know how you got from A to B, and (if used right), only you know what B you got to (but I’m not sure what Jane’s up to in this chart, though. Tetris?).

There’s another crucial difference here. On the street, people are politely requesting change when demonstrating along a well-marked route. They’re demanding change when they protest and occupy spaces.

But when it comes to anonymity or privacy rights, you’re already living the change by simply using it. You don’t tell someone else to stop monitoring you, you actually make it more difficult for them to do so.

Top photo is from this Guardian story about how Turkish protesters combined protest and crypto.

Technical solution to political problems

“The Internet interprets censorship as damage and routes around it.” John Gilmore

Meanwhile, the internet interprets surveillance as something needing a big hug. The same quality that makes the internet difficult to block also renders it easy to tap. It was made for sharing. It’s difficult to imagine a lobbying effort that would incentivize  governments to ignore this when it comes to how much data they can get on their populations this way. Likewise it’s difficult to think of too many marketing companies who will ignore the opportunity of big data. What’s good about the most recent flavour of the month, Reset The Net, is that it focuses on what people can do that circumvents the dead-end of policy.

We know disruptive technologies are real because people have made charts about it.
We know disruptive technologies are real because people have made charts about it.

We stand a better chance of influencing governments by changing the reality, not by asking them nicely to stop eavesdropping.

This is where disruptive technology and development come in. It changes the playing field. Instead of requesting that mammoth data centres be mothballed, let’s either turn them into empty husks or bloat them with enough encrypted data that trying to crack one week’s worth of it takes the next century.

One thing that’s always bothered me about your typical petition drive or all those “email your senator” campaigns are that they put We the People on the back foot. E-petitions, by in large, don’t work. Mass-based interest groups have no influence in Washington, DC. The June 5th campaign sidesteps all this with practical measures that empower individuals to simply be more in control of who accesses something they’re putting online. Put more plainly: Even if it has no policy impact, you’ll still be better off for taking part.

Here’s how:

Privacy Tools: Encrypt What You Can

by Julia Angwin ProPublica, May 6, 2014, 3 p.m.

In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers.

Ever since Edward Snowden revealed the inner secrets of the NSA, he has been urging Americans to use encryption to protect themselves from rampant spying.

“Encryption does work,” Snowden said, via a remote connection at the SXSW tech conference. “It is a defense against the dark arts for the digital realm.”

ProPublica has written about the NSA’s attempts to break encryption, but we don’t know for sure how successful the spy agency has been, and security experts still recommend using these techniques.

And besides, who doesn’t want to defend against the dark arts? But getting started with encryption can be daunting. Here are a few techniques that most people can use.

Encrypt the data you store. This protects your data from being read by people with access to your computer.

  • Encrypt your hard drive so that if you lose your computer or you get hacked, your information will be safe. Most recent Apple Macintosh computers contain a built-in encryption system called FileVault that is simple to use. Some versions of Microsoft’s Windows 7 also contain a built-in encryption system called BitLocker. Another popular solution is the free, open-source program TrueCrypt, which can either encrypt individual files or entire partitions of your computer or an external hard drive.
  • Encrypt your smartphone’s hard drive. Yes 2014 your smartphone has a hard drive much like your computer has. In fact, your phone probably contains as much 2014 or more 2014 sensitive information about you as your computer does. Apple doesn’t let you encrypt your smart phone’s hard drive or the files on it, though it allows encryption of your phone’s backup files on iTunes or iCloud. You can also use Find my iPhone to remotely “wipe,” or delete the data on your iPhone or iPad if it is lost or stolen. Google’s Android operating system lets you encrypt your phone hard drive.
  • Encrypt the data you store in the cloud. I use the SpiderOak encrypted cloud service. If an encrypted cloud service were somehow forced to hand over their servers, your data would still be safe, because it’s encrypted using a key stored only on your computer. However, this also means that if you lose your password, they can’t help you. The encrypted data would be unrecoverable.

Encrypt the data you transmit. The Snowden revelations have revealed that U.S. and British spy agencies are grabbing as much unencrypted data as they can find as it passes over the Internet. Encrypting your data in transit can protect it against spy agencies, as well as commercial data gatherers.

  • Install HTTPS Everywhere on your Web browser. This encrypts your Web browsing sessions, protecting you from hackers and spy agencies that scoop up unencrypted traffic across the Internet. Not every site works properly with HTTPS Everywhere, though an increasing number do.
  • Use encrypted texting apps with friends who install the same apps on their phones. On the iPhone, Silent Circle and Wickr offer apps for encrypted texting. On Android, the TextSecure app encrypts texts in transit and when they are stored on your device.
  • Use the Off-the-Record Messaging protocol to encrypt your instant messaging conversations. You can still use your favorite instant-messaging service, such as Gchat or AIM, though you’ll need to use a software client that supports the Off-the-Record protocol. On Macs, free software called Adium can enable OTR chats, and on Windows, you can use Pidgin. Once you’ve set up OTR and gone through a simple verification step, you can IM as you usually do. Both parties have to use OTR for the encryption to work.
  • Use Gnu Privacy Guard to encrypt your email conversations. Like OTR, if you’re using GPG you’ll need the people you email with to use it as well in order to encrypt your conversations. I use free software called GPG Tools with Enigmail and Postbox. GPG Tools also works directly with Apple’s built-in Mail program.GPG has some shortcomings 2014 it’s difficult-to-impossible to use it with the mail program built into most smartphones, and you can’t use it easily with webmail like Gmail. (Although there are some new web-based mail programs that use GPG called Mailvelope and StartMail that I haven’t had a chance to try yet.)The most difficult part of GPG is that, unlike the encrypted texting and instant messaging programs, you have to generate a secret key and keep it somewhere secure (usually on your computer or on a USB stick). This often means you can only send GPG mail when you have your key with you. Even so, it is incredibly satisfying once you send your first message and watch it transform into a block of numbers and letters when you click “encrypt.”

Crops without plowing

“If there is no struggle there is no progress. Those who profess to favor freedom and yet deprecate agitation are men who want crops without plowing up the ground; they want rain without thunder and lightning. They want the ocean without the awful roar of its many waters. This struggle may be a moral one, or it may be a physical one, and it may be both moral and physical, but it must be a struggle.” Frederick Douglass

Robin Hood lives

There’s a former table tennis coach in Spain (though,possibly not now), Enric Duran, who managed to borrow €492,000 (£407,000 or $682,370) from 39 banks across the country, distributed the cash to various social causes and then vanished. We’ve got surplus of people (yours truly inclusive) who talk a lot about striking at the root but don’t actually accomplish much. Then there’s Enric Duran, who unapologetically picks up the slack for the rest of us. I don’t have too terribly much more to say about it except he’s done what more people probably ought to be doing: putting resources to better use. More of this.

Join #TheDayWeFightBack in London

keyshareOn 11th February, civil liberties groups and privacy rights folks are organising a global protest against mass surveillance.  I’m still more than a little put out that the EFF’s event page doesn’t include anything in London. Right here in the most surveiled city on the planet,  people are running a mass  ‘Cryptoparty’  at the Free Word Centre at 7 pm.  Find out how to re-privatise your privacy.

In the case of The People Vs. Weev, the people will ultimately get stomped for their own good

The Federal District Court of New Jersey convicted Andrew “Weev” Auernheimer of conspiracy to violate the Computer Fraud and Abuse Act  and identity theft for his part in exposing, via the Gawker website, a flaw in AT&T’s online security. The security hole allowed the e-mail addresses of iPad users to be revealed.

emails with names redacted
Emails that some people pointed out that AT&T exposed.

To the best of my knowledge, Gawker, AT&T and Apple have not been investigated or charged for their part in the data breach. Weev is one of the participants in Goatse Security, the group that informed Gawker of the issue. He has been sentenced to three years and five months in prison. His response:

“Yeah I expect I’m going to fucking prison. It’s a fucking travesty. But whatever, I am in a war. You don’t fucking get into a war and not expect to be a casualty. This is a fucking war-zone. I am a fucking scrapper. You fight, sometimes you die” – Andrew Auernheimer

via Asher Wolf

“Austerity is coming to the U.S.,” Asher Wolf points out in his blog post about Weev. “You can see it already in the crumbling infrastructure. … Weev and his ilk are not the enemy. The discord they surf – the chaos of a world of inconsistent values and hypocritical, corrupt governance – is within the fabric of everything we have grown up with. The abhorrent practice of locking up people who turn a mirror on corruption, insecurity and abuse is as useless as trying to stop the sun rising in the morning.”

National Day of Civic Hacking
From the ‘Why We Protest’ site

Are you really thinking people like this aren’t going to win? Time is on their side. They are in it for one reason: To beat the other side. Punishment is a level up.  The profiteers of the crumbling infrastructure need more events like 99% Spring and Earth Hour. It’s busy work for bored children. There’s activity and at the end people get that feel-good sensation and naughts been accomplished. These people are not going to bring your change. Why would they?

But then why would the United States military allow personnel to use something as fraught with security problems as an iPad? Multiple questions beg for attention in this case.

The judge in Weev’s case cited his lack of remorse in an especially harsh sentence for such an act. The Electronic Frontier Foundation said: “Weev is facing more than three years in prison because he pointed out that a company failed to protect its users’ data, even though his actions didn’t harm anyone.” I like the convicted man’s statement best: “I did this because I despised people I think are unjustly wealthy and wanted to embarrass them.” Remorse? What the hell for?

It’s the people who take an entire “fuck it all” attitude that get things done. At best, the rest of us are cheerleaders.

Weev raising the fist
The best part is, what this guy did, that wasn’t hacking, because the information wasn’t hidden.

America and Iraq: The 10 year lesson

The day before yesterday was the 10-year anniversary of Rachel Corrie’s death, and today we reach the decennial of the beginning of the Iraq war (the 2nd one). Time Magazine’s website has an impressive gallery of photojournalists’ own choices of best photos from the war in Iraq: A Decade of War in Iraq: The Images That Moved Them MostLightBox. I’ve always remembered this one (below) taken by Andrew Cutraro, because to me it summarized both how the world was increasingly view the U.S., and how many Americans, I suspect, longed to be viewed: So scary you don’t want to fuck with them. It didn’t work, and still doesn’t. Just like this photo shows: It’s all face paint and battery-operated hutzpah.

A Decade of War in Iraq: The Images That Moved Them MostLightBox - LightBox
Photo by Andrew Cutraro, April 8, 2003. See his story and the whole gallery at Time’s website by clicking the photo.

It’s a war that really hasn’t stopped in spite of what you may hear from the White House. While the U.S. conducted a comprehensive multi-decade hand-wringing over Vietnam, the Iraq war has largely been an event without introspection or remorse. That still only 53% of American recognize the Iraq war as the colossal failure it was is telling. It’s telling the world to look out.


Iran surrounded
How the map looks from Iran’s perspective
I don’t know how many websites I made or managed that included that little counter box, centered above, but for one reason or another, Iraq had to be somewhere occupying brain space from about 1991 on. Iraq was the factory floor of the military-industrial complex from the U.S. backed Iran-Iraq war up until the end of the the last U.S. Iraq war, and the purpose, as far as can be determined, was this.

“Why do traditional societies go to war?” Jared Diamond asked rhetorically in The World Until Yesterday. “We can try to answer this question in different ways. The most straightforward method is not to attempt to interpret people’s claimed or underlying motives, but to simply observe what sorts of benefits victorious societies gain from war.” Lowland tribes of Paupau, New Guinea, aside, this method scales up very nicely (see the image above, at left).

When the first President Bush started the first Iraq war I was a community college student just deciding on journalism and downloading a Freehand map of Iraq from the AP before a lot of people really understood they were already using the internet. When the second President Bush started his war, I’d since moved from the reporting line to the editing line in newspapers, and when the U.S. had made its occupation permanent by calling its base an embassy I’d long since left the news biz and the country. Iraq is America’s history for the last two and a half decades, and what a tiring, tedious and predictable one it was. It was the war of the supposedly digital native generation, and showed that awareness does not equal change. A TV war became an internet war. That’s not a huge shift: It’s still screens. What if people knew everything they needed to about an unjust situation, but couldn’t be bothered to do much anything about it? Screen staring — as a tactic — has yet to show it can produce substantial positive change; That’s what I’ve learned from the Iraq war, 10 years on.