• March 28, 2024

The Only Comprehensive Resource on U.S. Economic Sanctions

Follow Up on the Haystack Issue

Spread the love

I should have mentioned this in my post last night, but I was caught in thinking about the civil liability issues surrounding Haystack’s security flaws. Nevertheless, Haystack, the software designed to help users circumvent government censorship measures on the web, has been shut down for the time being. Austin Heap, the executive director of the US-based Censorship Research Center (CRC), announced this on Monday while also issuing a warning to Iranians using the Haystack software to stop.

CRC has claimed over the last year or so that users of Haystack were protected from the prying eyes of government officials in Iran. A claim that if false could spell grave danger for its users who undergo extreme risk from government backlash against participation in political activism, including that taking place on the web. Some of CRC’s claims relate to Haystack’s purported ability to make a user’s web traffic appear normal, innocuous, and unencrypted. Further there were claims that Haystack would be “exceptionally difficult to detect and block automatically”. This safety was to be ensured by “elliptic curve cryptology”; the same technology that United States National Security Agency trusts with its with “top-secret data”.

The United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) authorized the export of Haystack to Iran via a specific license in April of this year. However, the aura of invincibility surrounding Haystack was recently tested by Foreign Policy technology journalist, Evgeny Morozov. Mr. Morozov claims that there are serious security flaws with the software and such flaws could put its users’ lives at great risk.

I spoke with Mr. Morozov recently. He made some excellent points about the lackadaisical manner in which this software was authorized for export and the problems with Haystack’s claims. While I do support what Austin Heap is trying to do with this software, Mr. Morozov has a point. If these security flaws do exist, then Haystack could do more harm than good. It all goes back to that old saying, “You’ve got to do the right thing in the right way or its wrong.”

The author of this blog is Erich Ferrari, an attorney specializing in OFAC litigation. If you have any questions please contact him at 202-280-6370 at 202-351-6161 or ferrari@ferrari-legal.com.

Bookmark and Share

Erich Ferrari

As the Founder and Principal of Ferrari & Associates, P.C., Mr. Ferrari represents U.S. and foreign corporations, financial institutions, exporters, insurers, as well as private individuals in trade compliance, regulatory licensing matters, and federal investigations and prosecutions. He frequently represents clients before the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC), the United States Department of Commerce’s Bureau of Industry and Security (BIS), and in federal courts around the country. With over 12 years of experience in national security law, exports control, and U.S. economic sanctions, he counsels across industry sectors representing parties in a wide range of matters from ensuring compliance to defending against federal prosecutions and pursuing federal appeals.

Related post