How Haystack Risked Exposing Iranian Dissidents


In 2009, Iran was in turmoil, and the Islamic Republic was blocking and monitoring sites used by opposition groups—until a team led by American IT specialist Austin Heap built a program, Haystack, and touted it as a secure and anonymous Web portal for Iranians. The Guardian lauded it, and U.S. Secretary of State Hillary Clinton personally praised Heap. The US government even gave him rare permission to export his cryptological software to Iran. Among an elite group of beta testers—and many more unauthorized users—Haystack was a godsend.

Then in Sept. 2010, security experts discovered a problem: Iranian authorities, the very ones Haystack was supposed to circumvent and shield against, were exploiting massive holes in the encryption scheme to snoop on dissidents.

Jacob Appelbaum, a security expert affiliated with WikiLeaks and the Tor Project, Danny O’Brien of the Committee to Protect Journalists and Evgeny Morozov of Foreign Policy sounded the initial alarms. The Censorship Research Center, the non-profit created by Heap and former partner Daniel Colascione to release Haystack, did not submit copies of their software for independent cryptological analysis before release—a startling move for a heavily promoted project that was already undergoing official preliminary testing by Iranian computer users. Appelbaum, O’Brien, and Morozov obtained copies of the software and found its gaps to be gaping. “If there is a human being assigned to the task of hunting for dissidents and performing in-depth analysis, they’ve (Iranian dissidents) got a problem,” Morozov noted.

In early September, Appelbaum and a small team cracked Haystack’s encryption scheme within six hours.

Haystack was withdrawn from public distribution on September 10th; the project’s homepage currently has warnings in English, French, and Farsi warning that, “We have halted ongoing testing of Haystack in Iran pending a security review. If you have a copy of the test program, please refrain from using it.”


Colascione announced his resignation from the Censorship Research Center shortly thereafter and announced in a September 14th tweet that he was “winding down the CRC.” Heap’s blog has a password-protected conversation with Morozov proceeded by a post (still publicly accessible at press time) decrying him for “brain dead journalism” and “his tabloid bullshit.” As of press time, Haystack’s homepage still has a banner link soliciting donations and the CRC’s Haystack page contains no reference to the software’s troubles.

Although a small community of Iranian beta testers were the only officially noted Haystack users, O’Brien asserts that unauthorized copies of the Haystack binary floated around Iran during the beta period. The exact number of unauthorized users is, of course, unknown. This was one of the main factors tipping off outside critics to security flaws in Haystack; the software was supposed to use a centralized, server-based model as part of its censorship circumvention that would block unauthorized users as a side effect. Appelbaum, who obtained a non-official copy of the software, was easily able to use Haystack’s server for Internet use.

Neither Morozov, Appelbaum, nor O’Brien have published the exact results of their Haystack analysis, citing concerns to the safety of Iranian users. However, the broad criticisms indicate Haystack has massive security holes in its current form. O’Brien noted that Haystack has “very little protection from a high number of potential attacks—including attacks that do not need Haystack server availability.” Appelbaum summed it up as software that “effectively alerts authorities that you are trying to use it.” Morozov was stunned by Haystack’s claim of effective steganography—an incredibly difficult task.

The Haystack project is in shambles. Although it has not officially shut down, parent organization the CRC is winding down operations. Haystack, which is reliant on private donations, will face an uphill challenge in soliciting funding after releasing a beta with massive security holes.

Blame for the collapse cannot solely be placed on Heap. Though he has engaged in hucksterish behavior on behalf of his product at some times, nearly every technological developer—especially in the non-profit realm—has been guilty of this sin at one point or another. Rather, the underlying issue is why politicians, government agencies and the press jumped on Haystack so quickly without a serious appraisal of its creator’s claims.

Secretary of State Hillary Clinton praised Haystack and called the software “in the interests of American values and American strategic concerns” in terms of giving Iranians access to unfiltered news from the outside world. The Guardian named Heap their 2010 “Innovator of the Year” for “(making) it possible for people on the ground in Iran to reach blocked sites safely and securely, to organize inside the country and communicate with the world.” The CRC’s website has an archive of positive news stories on Haystack from luminaries like The New York Times, NPR, and the BBC.


For Iranian dissidents, this news is troubling but not catastrophic. An informal network of workarounds for governmental Internet censorship and snooping has been in place in years—it is not the fastest or reliable, but it exists. No reports from the bustling Iranian social media community indicate that any arrests, questionings, or detentions have taken place as a result of Haystack. But Haystack’s failure is a massive challenge for proponents of free Internet access in unfree societies and for the non-profits and foreign governments with an interest in promoting it. The question remains: Can someone make a Haystack that works?

[Image: Flickr user Hamed Saber]