

Students invent system to thwart police kettling - DennisP
http://www.thestar.com/news/world/article/933428--students-invent-system-to-thwart-police-kettling?bn=1

======
mwg66
Whilst I commend any attempt to avoid the police kettling we have seen in the
UK at recent demonstrations, I have a number of concerns about Sukey which I
made to them at launch - and never received a response. I will try and
reiterate here:

* I urge nobody to trust a protest tool that is closed. Where is the source? Where is the documentation on its architecture? The official line is:

"It has always been our plan to make the code open source. Security is
paramount and we feel it would benefit from being released to the public after
each protest."

I'm sorry but retrospective release of source code is simply not good enough.
Security software (which this is, essentially) needs to be out in the open
from the start. Not after a protest has happened and all data collected. The
wider community must be able to audit this software before it can be trusted.
No exceptions.

* If the security depends on secrecy _before_ a protest, is it dependant on a random seed? Can this seed be extracted from a binary (IPA, for example)?

* Sukey has one of the worst pages on "security" I have ever read (see <http://sukey.org/security>). To paraphrase:

"The team members involved on the security side are a mix of commercial
information security experts and computer nerd under/post graduates who love
nothing better than a complex algorithm."

That scares me. Complex algorithms are not normally conducive to secure
applications. I want to hear about cryptographers - not computer nerds. I want
to know what crypto implementations you are using.

Continuing:

"One of our key team members has technical commercial data security patents in
his name and has provided information security consultancy to IBM, Lockheed
Martin, and to the NHS."

Let's have a citation then please. Who is this expert and what (where?) are
the granted patents?

"Your data is safe with Sukey."

Okay, prove it.

* How can we prove the application distributed on the App Store matches that which we (hopefully, in future) have the source for? Is there a mechanism for which we could compare checksums - if the provisioning certificates were also published? This needs to be considered. There is more to trust than merely publishing a source tree.

Let me finally restate my original point: I commend the effort (and I was once
involved in a similar application). However, these are serious concerns that
need to be addressed.

~~~
mayank
Not to mention that their name (at least in the US) is phonetically synonymous
with "doesn't work".

~~~
JshWright
I would pronounce it "Sue-key" not "Suck-y"

~~~
mwg66
I don't think I have actually ever said it verbally - but in my head I've
always read suk-EY. I would imagine you are correct, though.

------
s_jambo
This may thwart kettling but I think it also thwarts protesting.

The whole idea of the kinds of protests which get kettled is to show that a
large number of people care about an issue. If the software advises people to
disperse if the police show up where is the protesting?

I'd have thought the best response to kettling would be distributed civil
disobedience. It could easily be far more economically costly which would
hopefully persuade the politicians and police that mass gatherings of people
don't require impromptu imprisonment.

~~~
TimHardy
Kettling also discourages protest. We have had many emails from elderly
individuals, people with disabilities, families with young children who have
been scared to march. There is a massive demonstration being planned in the UK
by the TUC on 26 March against the savage cuts being imposed in the UK and a
whole raft of ideological reforms that are being pushed through by a minority
government and which have nothing to do with the state of the nations
finances.

We have just had an election in which MPs courted votes with a signed pledge
to scrap tuition fees - then slashed funding to the universities by up to 100%
in many subjects and tripled the fees. When a mockery is made of the ballot
and the voting system by such duplicitous behaviour, then people have a moral
and legal right to take to the streets in mass, peaceful demonstrations.

When aggressive police tactics are used to dissuade people from doing so you
have a serious failure of the democratic process.

We see our role as one of increasing transparency and accountability and
reducing tensions in the street and we hope that we can help people legally
and peacefully demonstrate and by doing so put pressure on the government to
change their policies.

That is something all people, I hope, would want to see in a healthy,
democratic society.

------
gruseom
The name, at least, is brilliant!

 _An English nursery rhyme inspired the name: "Polly puts the kettle on, Sukey
takes it off again."_

(As for people debating the pronounciation, there's obviously no debate,
because nursery rhymes are oral texts. If it's a nursery rhyme then everyone
who knows it knows how to pronounce it. But even apart from that, x-ukey isn't
an ambiguous form in English. Say you disliked a movie so much that it made
you want to vomit. Would you describe it as "pucky"?)

~~~
pavel_lishin
What do you call a piece of meat with blood coming out of it?

Bloody.

What do you call a piece of fruit with a lot of juice in it?

Juicy.

What do you call a wound that's extruding pus?

Uh-oh.

------
motters
You can call me a paranoid, tin foil hat wearing purveyor of bulldada if you
like, but unless this is open source it could just be an efficient way for
undercover police of the kind recently highlighted amongst environmental
campaigners to obtain the IP addresses or mobile phone numbers of anyone
involved in public protests.

~~~
mwg66
The point is, we do not know. See
<http://news.ycombinator.com/item?id=2183182>

~~~
TimHardy
You're right, there are many dangers here and we are taking them extremely
seriously. As I said above, I apologise for any confusion and lack of clarity
caused by the rush to have it ready in time. All this will be fixed!

------
geekfactor
I don't think I got this. Are police in the UK really on twitter and tweeting
about their operations??

~~~
mwg66
Yes and they were monitoring twitter to find out of the direction of protests
in order to "kettle".

------
TimHardy
Hi, I'm Tim from the Sukey team and editor of beyondclicktivism.com. I'd like
to address each of your questions.

Please bear with me a moment - it's nearly 1am here and I've just got in so
I'm going to take off my coat and grab a drink first then I'll come right
back.

------
TimHardy
First up, yes, we are going to OS all the code and have been talking with
Richard Stallman himself about which is the right licence (yes, really - you
should have seen the response when he emailed us. I stopped dead in the street
and shouted "Oh my god!" to the bemusement of passers by when the email popped
up on my phone).

This project has come about at great speed, none of us has slept much in
weeks, there are many, many things we need to do - we're not hiding the source
because we're evil, we just haven't had a minute to put it up on git or
whatever public svn system we decide to go with. Please be patient with us :)

More answers to follow as I read through the comments below.

~~~
mwg66
Do you not have it in source control already?

"git push origin" doesn't seem like it will take too long.

What's the difficulty with license? (other than the App Store's
incompatibility with the GPL).

------
lenni
Impressive, but they aren't really thwarting kettling, are they? They inform
twitter users of where the police is gathering so protesters can leave/avoid
that particular spot.

~~~
steveklabnik
... which thwarts kettling.

------
dexen
When processing messages, why would the software put trust in information from
data soure(s) that were credible up till now? It seems easy to be fooled by a
well-informed source that keeps posting accurate information from beginning
right until the `trap' (police kettle) springs -- and kelping the kettle by
posting a false piece of information at the right time.

Kettle planers would have both means and incentives in doing just that.

------
Gausie
Boy oh boy - have you guys missed the point!

There's a sensible discussion about how safe Sukey users are over here:
<http://visionon.tv/forum/-/message_boards/view_message/45043>

------
duncanj
“What we’re doing in a king of reputation management,”

How do these sorts of typos occur in a newspaper? What input device are they
using? OCR?

~~~
Tycho
The Star enjoys the lowest reputation among widely distributed UK newspapers.

~~~
ojbyrne
Which might be explained by the fact that this is the Toronto Star.

~~~
Tycho
D'oh. I avoided clicking the link because I didn't want the Daily Star in my
browser history. I had a feeling this would happen... haha

------
nika
I apologize for being off topic, but the last national convention I went to
(many years ago), the cops rounded up the protestors, blocked off cross
streets and then forced them into a line of cops with billy clubs who beat the
hell out of them. Fortunately, I was elsewhere so I didn't get my "fair share
of abuse" as the stones(?) put it. But a lot of friends did, and I decided
that if this is what "democracy" was like in the USA, I was not interested in
it. (Attempting to educate people about the political reality of their
government is more effective than massing large number of people in one
location to protest... just my choice.)

Is this what kettling is? The article was vague.

~~~
danohuiginn
<http://en.wikipedia.org/wiki/Kettling>

It's become common in the UK over the past decade or so. I believe they
borrowed the name, and the tactic, from the German police, who have been doing
it much longer: <http://de.wikipedia.org/wiki/Polizeikessel>

The main objection is not so much about police violence (though that certainly
happens), but that the kettle is used to discourage legitimate protests. you
have a right to protest -- but if you do, the police will probably keep you
pressed together on the street for 10 hours or so, in freezing temperatures,
without access to food or water or toilets.

