Citizen Journalism

What Good Are Secure Communications Tools if No One Uses Them?

USABLE.tools

Cross-posted from my piece on Medium

It was the second day of digital security training, and I was losing the room. The journalists, documentarians, and media activists around the table were more intent on following their friends and colleagues via Facebook chat than dealing with the fidgety, hard to install, but super-secure communications tools I was trying to promote.
They had good reason — it was winter 2014, during the tense final days of Ukraine’s EuroMaidan protests, going on just across town from our training. The urgency of communication was just too much. Overnight, most of the trainees had chosen to uninstall the app we’d burnt the better part of the previous day getting to install on a mix of Windows XP, 7, Macs, and even Linux systems.

But then again, I had good reason to urge security. Protesters were being arrested because of insecure communications. People were worried about their own government, but also about the small number of companies controlling their telecommunications.

I thought I had understood their need — they wanted a way to have trusted, private communications that spanned from mobile to desktop, chat to voice.
But I had failed. I was pushing a collection of tools I knew to be the best in its class for security, developed transparently as open source, with constant attention to not only bugs but the nuances of cryptography and careful, responsible implementation and monitoring of new possible flaws. The tools were also the only ones that combined these security features, with both text and voice capabilities that could bridge desktop and mobile.

These activists required a tool that they could show to others and start using in minutes; not one that took a day of training and debugging just to install. Tools that aren’t used aren’t providing security.

Kiev on #Jan25
404: Human Rights Not found?
Jon Sat, 01/25/2014 - 04:51

I spent this past week in Kiev. You may have heard something about the protests, and possibly even about some of the policy changes and new laws that sparked them. I was working with colleagues, journalists and human rights activists, supporting and training them as quickly as possible on digital security basics, and making sure they had contacts to reach out to for timely support.

It was a trip that was scheduled many months ago, when Ukraine was on the cusp of joining the EU. Things, to put it mildly, changed. Obviously, the violent protests have been featured widely in the news, but those capture only the most visible challenges the country is facing. Legislation pushed through with no regard for legal proceedings last Thursday promise to have a chilling effect on free speech, tight limits on media, even citizen journalists, and will devastate the civil society organizations, labeling them as "foreign agents" and taxing them as for-profit corporations if they take any international aid funding.

In the few days I was there, we experienced a "test" of new censorship capabilities as twitter and facebook -- critical messaging and coordination channels for activists -- went dark in Kiev for almost half an hour. People near the protest areas received ominous SMS messages on their phones telling them that they had been registered as present at the (illegal, under the new law) protest.

One note of import - there are two main areas of the protest - EuroMaidan is the months-long, Occupy-on-steroids encampment in Maidan Square. Though well barricaded off, it is a peaceful protest, with daily concerts and speeches on a well-equipped stage, a huge jumbotron, laser-light projections and more. Businesses - from a Nike storefront to a local brewpub to a carousel - are going on with business as normal within the barricaded-off area. The scenes of burning tires, tear gas and molotov cocktails is from the nearby Grushevsky St, where protesters gathered to confront Parliament after their "passage" of this Black Thursday law.

It is inspiring to see the passion and focus of people working to protect and expand their rights, and it is humbling to be able to lend support in any form. However, the challenges aren't getting any easier. The digital tools which provide the most security are also difficult to use, and more difficult to use correctly. They still "stick out" as unusual, and face an uphill battle against popular systems with little if any security.

This has to change. Privacy is not some abstract concept in these situations, it is the economic well-being, and too often, the pure survival of activists, journalists, and their contacts. When we allow policies and practices that undermine security and privacy, we're not just revealing embarrassing factoids about our call history, or even the three felonies a day you're probably committing as a US citizen - we are undermining our global dream of a world of nations with democratic rule, where their citizens can enjoy basic human rights without fear.

The world is ready for this, but when the current Ukrainian government points at American domestic policies as models of their newly crafted censorship and surveillance laws, it's a sign that we as Americans are not drinking our own koolaid (with a hat-tip to the many dedicated civil servants who are working hard to further human rights).

So - What Next?

The events in London over the past few days have been deeply interesting in the wake of last month's conversation on mobile and online activism during and after #ArabSpring. In this case, the actors are different, but the response patterns are similar - the embattled government pushing on technology providers to share private data or turn off mobile messaging services. In this case, it's RIM/Blackberry in the middle, with calls from MPs to "curfew" Blackberry messaging, and RIM itself offering to help policy by sharing message contents. This promptly led to the Blackberry site being hacked, with the hacker posting:

"We have access to your database which includes your employees information; e.g - Addresses, Names, Phone Numbers etc. - now if u assist the police, we _WILL_ make this information public and pass it onto rioters ... do you really want a bunch of angry youths on your employees doorsteps?"

Obviously, that's not a very nice thing to do, particularly considering it's unlikely any of these employees had much to do with this decision in the first place.

The lines are not quite as clear as one would like, though. All protests are messy, and it's rarely clear who is in the right. Many countries claim to be representative democracies of one flavor or another. If youth were protesting a regime in yet another Middle East/North African country, we would be globally shaming RIM/Blackberry for cavorting with the government. Of course, in the case of London, it seems to be more a gang of thugs and looters than a political statement.

The challenge, of course, is that the technology vulnerabilities might be useful to authorities during a riot, but are also useful to authoritarian governments in squelching a revolution. Not unlike wikileaks, you don't get to pick and choose who benefits from the technology, or who is made vulnerable by it.

Ashoka Changemakers is hosting a competition supported by Google to source innovative ideas in the Citizen Media space solving some of this tension around privacy, speech, and trust. There's some amazing thoughtwork in the space getting recorded at the Ashoka News and Knowledge blog.

All of that is a long introduction to the better-late-than-never summary of the July ICT4D Meetup. You know that it's a good technology discussion when it turns into a people discussion, and so went our conversation around Online Activism after #ArabSpring : What's Next?.

Our panelists discussed the strange role of being an Egyptian following along from abroad via social media, the roles of traditional and new media in civic engagement, and examples of online activism around the world, from Azerbaijan to Spain.

The core topic we kept coming back to was that the excitement around new technologies was justified, social media is a tool, not a movement. So while a cat-and-mouse game around technology will likely continue, the core of any social change is the people involved, not whatever tools they are using. Check out the twitter stream here.

Remember to join us online for future ICT4D meetups and get on the email list for ICT4Drinks!

July 14: Citizen Media Day?

If May 3rd gets to be World Press Freedom Day, then after today's events, July 14 (in addition to already being Bastille Day) should be Citizen Media Day.

The "celebrations" really started yesterday, with Ashoka Changemakers (with the support of Google) launching a global competition (fully supported in nine languages, no less) to source innovative ideas in citizen media. I've got to say, I love how the timeline goes "backwards" in Right-to-Left languages like Arabic. Many thanks to our work with Ashoka Israel in launching Kikar (loosely, "Market square") in Hebrew.

Today, the Changemakers blog is buzzing with amazing citizen media stories from Ashoka fellows and others, leading up to a #SocEntChat today on Twitter at 2pm EDT.

Later in the day, at 5:30pm, I will be moderating a panel on "Online Activism after #ArabSpring : What's Next?" - there are a few seats still available, more information and RSVP at http://www.meetup.com/intlrel-76/events/23103221/ . Follow along on twitter with the hashtag #AAS, and there's a remote possibility we may be able to livestream the event.

Finally, we get to wind down at Circa Bistro with a happy hour co-hosted with ICTWorks - information and RSVP here: http://ict4drinks-july14.eventbrite.com/.

Online Activism after #ArabSpring : What's Next?

So, I've been beating this drum for a while - oppressive governments are increasingly quick and intelligent in responding to protests that use mobile and new media to organize and get the word out. So, join us in July (http://www.meetup.com/intlrel-76/events/23103221/) to hear from an amazing panel and discuss the next steps in this cat and mouse game:

The Twitter Revolution.  The Cellphone Revolution.  The Facebook Revolution.  While the "Arab Spring" uprisings succeed based on real-world organizing, protests and democracy-building, it's no secret that mobiles and social media provided tools to broadcast, coordinate and amplify these movements.  Oppressive governments are responding both faster and smarter to these digital tools.

Please join our panel of experts discussing the role of online activism going forward.  What are the next steps in information empowerment in a more hostile environment for online activism?  What is the role of mobile and new media in affecting change in government, and what are the risks?

We will begin with a discussion by the panelists, then move into an open question and answer session.  Afterwards, we'll transition to a happy hour at Circle Bistro.

This meet-up is co-hosted by IREX and Appropriate IT.

Online Activism after #ArabSpring : What's Next?

Celebrating World Press Freedom Day #wpfd with a linkdump

May 3 is World Press Freedom Day. To celebrate my ability to post things I find inspiring to the Internet (where as many as 10 people other than my mother might read it (Hi Mom - happy mother's day in advance!)), here is a collection of tangentially related links on freedom, privacy, and the role of ICT in press freedom and citizen voice.

Does Facebook have int'l development impact?
http://www.ictworks.org/news/2011/05/04/does-facebook-have-any-internat… (What about SMS? http://researchspace.csir.co.za/dspace/bitstream/10204/3419/1/Butgereit… )

Freedom of the press in India: http://www.nytimes.com/2011/04/28/technology/28internet.html

Finally, someone is building an SMS listserv: http://www.mobileactive.org/smsall-growth-sms-mailing-list-pakistan-1

How governments censor: http://www.cpj.org/reports/2011/05/the-10-tools-of-online-oppressors.php

Getting around government censorship: http://www.freedomhouse.org/template.cfm?page=383&report=97

Nearly half of NYT reports have sourced WikiLeaks so far in 2011: http://www.theatlanticwire.com/global/2011/04/over-half-2011s-new-york-…

The US government doesn't think it needs a warrant to search electronic communications: http://www.aclu.org/blog/free-speech-technology-and-liberty/does-govern…

Live from Uganda -- political unrest, strikes, and an attempt to block Facebook and Twitter traffic: http://globalvoicesonline.org/2011/04/19/uganda-government-attempts-to-… , One ISP stands its ground: https://twitter.com/#!/MTNUGANDACARE/status/58844526369976320

Rebuilding cell networks in Libya

Via MobileActive, I got to reading this article at the WSJ.

Unsurprisingly, the Libyan cell network is built to be Tripoli-centric, "giving him and his intelligence agents full control over phones and Internet" according to the WSJ. If that's not a stark reminder of the challenges of using SMS and mobiles in human rights work that I've been concerned about, I don't know what is.

The brilliant response here has been to wrest control over segments of the Libyan mobile network. This has taken some outside effort, external government support, and massive funding - it is, at least for now, successful at creating an independent domestic network with limited external access:

A team led by a Libyan-American telecom executive has helped rebels hijack Col. Moammar Gadhafi's cellphone network and re-establish their own communications.

The new network, first plotted on an airplane napkin and assembled with the help of oil-rich Arab nations, is giving more than two million Libyans their first connections to each other and the outside world after Col. Gadhafi cut off their telephone and Internet service about a month ago.

That March cutoff had rebels waving flags to communicate on the battlefield. The new cellphone network, opened on April 2, has become the opposition's main tool for communicating from the front lines in the east and up the chain of command to rebel brass hundreds of miles away.

Beyond Crowdsourcing

I am weary of the term "crowdsourcing." Now, I'm not against the concept. I think small, bite-sized acts of service and kindness can make huge differences in the right situations. Indeed, it's the social-benefits business model of The Extraordinaries, and is at the core of what Yochai Benkler means when he discusses the power of "peer production" in The Wealth of Networks:

People began to apply behaviors they practice in their living rooms or in the elevator — "Here, let me lend you a hand," or "What did you think of last night’s speech?" — to production problems that had, throughout the twentieth century, been solved on the model of Ford and General Motors. The rise of peer production is neither mysterious nor fickle when viewed through this lens. It is as rational and efficient given the objectives and material conditions of information production at the turn of the twenty-first century as the assembly line was for the conditions at the turn of the twentieth.

But the term "crowdsourcing" itself is outdated. It presumes that there's some central organization doing the sourcing (paralleling "outsourcing"), and it seems to get applied in all sorts of roles where that's not relevant.

Packets, Please: Government monitoring and #IranElection

Wired reminds us that we can rail against and complain about the intrusive, privacy-destroying and free-speech-threatening monitoring that Iran has been employing against the protestors over the past few months, but we have to remember two things. First, US and European companies provided the hardware and software to Iran for them to do this. Second - our own government does the same thing, and we should stop it.

Regarding the first problem, bipartisan Senators are proposing a ban on government contracts to companies caught selling such technology to Iran, and it's technically illegal for US companies anyhow (which might not be stopping everyone, and appears to be using Secure Computing's (now McAfee) SmartFilter according to the Open Net Initiative's testing.

Academic view on secure communication in repressive regimes

iRevolution has a good, academic-style breakdown of challenges and communication technologies for use to communicate securely within repressive regimes:

http://irevolution.wordpress.com/2009/06/15/digital-security/

It covers a lot of ground, balancing ease of use against level of security, and is looking for input!