What Good Are Secure Communications Tools if No One Uses Them?

Cross-posted from my piece on Medium

It was the second day of digital security training, and I was losing the room. The journalists, documentarians, and media activists around the table were more intent on following their friends and colleagues via Facebook chat than dealing with the fidgety, hard to install, but super-secure communications tools I was trying to promote.
They had good reason — it was winter 2014, during the tense final days of Ukraine’s EuroMaidan protests, going on just across town from our training. The urgency of communication was just too much. Overnight, most of the trainees had chosen to uninstall the app we’d burnt the better part of the previous day getting to install on a mix of Windows XP, 7, Macs, and even Linux systems.

But then again, I had good reason to urge security. Protesters were being arrested because of insecure communications. People were worried about their own government, but also about the small number of companies controlling their telecommunications.

I thought I had understood their need — they wanted a way to have trusted, private communications that spanned from mobile to desktop, chat to voice.
But I had failed. I was pushing a collection of tools I knew to be the best in its class for security, developed transparently as open source, with constant attention to not only bugs but the nuances of cryptography and careful, responsible implementation and monitoring of new possible flaws. The tools were also the only ones that combined these security features, with both text and voice capabilities that could bridge desktop and mobile.

These activists required a tool that they could show to others and start using in minutes; not one that took a day of training and debugging just to install. Tools that aren’t used aren’t providing security.

Encryption saves lives

There are many great arguments to protect truly private communications from a human rights perspective, and specifically through a Constitutional lens -- restoring the privacy of having a conversation in your living room and having your personal records stay personal are core first and fourth amendment rights which have suffered greatly in the digital age.

My work takes me around the world to support journalists, human rights activists, and a wide variety of amazing people working to improve the world. They are all facing incredible threats posed by powerful actors. These adversaries use malware, hacking, and all forms of digital attacks to compromise the networks of activists.

Open source, trusted, strong cryptographic tools -- and increasingly, trusted commercial systems such as Google's -- are their only available defense, in situations where failure can include targeted harassment, indefinite imprisonment, torture, and even death.

Encryption saves lives.

A shallow alcove on the left.

"The telescreen received and transmitted simultaneously. Any sound [...] would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard.[...] [T]hey could plug in your wire whenever they wanted to. You had to live--did live, from habit that became instinct--in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized. [The] promising technology in a set-top box that can, “can distinguish who is watching, potentially allowing Intel to target advertising”. The technology could potentially identify if the viewer is an adult or a child, male or female, and so on, through interactive features and face recognition technology.

The product description on the left is from George Orwell's 1984's telescreen. On the right, we have Intel's ad-targeting, face-recognizing TV.

Speculative fiction nailed reality, but missed the target on who was doing the spying.

The title here is, of course, from a later passage:


Privacy, Trust, NymWars, and Social Change

Social change takes trust. You trust the thought leaders of the movement, you trust some set of information around the issue, you trust those who work with you to support you and not to expose anyone to undue risk.

Social change also takes privacy. If you are really pushing boundaries, you are at risk - of physical violence, imprisonment, or worse. There's value in being very public in this space as well, but that doesn't mean there's not a stage where protecting yourself through some layer of privacy is a better plan.

Social change also takes voice - citizen media platforms, and use of existing social networking sites which already have global scale and the ability to amplify a message.

Unfortunately, there's a lot of bickering around privacy, pseudonymity, and social networks - Facebook naturally, but even Google Plus is blocking pseudonyms from using the site reliably. I got tired of re-hashing the very valuable differences between using one's own name, being completely anonymous, and using a pen name - a well-storied way of getting an idea out while saving one's own neck:

Packets, Please: Government monitoring and #IranElection

Wired reminds us that we can rail against and complain about the intrusive, privacy-destroying and free-speech-threatening monitoring that Iran has been employing against the protestors over the past few months, but we have to remember two things. First, US and European companies provided the hardware and software to Iran for them to do this. Second - our own government does the same thing, and we should stop it.

Regarding the first problem, bipartisan Senators are proposing a ban on government contracts to companies caught selling such technology to Iran, and it's technically illegal for US companies anyhow (which might not be stopping everyone, and appears to be using Secure Computing's (now McAfee) SmartFilter according to the Open Net Initiative's testing.

Academic view on secure communication in repressive regimes Jon Mon, 06/15/2009 - 15:54

iRevolution has a good, academic-style breakdown of challenges and communication technologies for use to communicate securely within repressive regimes:

It covers a lot of ground, balancing ease of use against level of security, and is looking for input!

ICT and the Iran Election Jon Sun, 06/14/2009 - 11:01

The Daily Dish reposts a call to action from Twitter: ALL internet & mobile networks are cut. We ask everyone in Tehran to go onto their rooftops and shout ALAHO AKBAR in protest #IranElection, and comments:

That a new information technology could be improvised for this purpose so swiftly is a sign of the times. It reveals in Iran what the Obama campaign revealed in the United States. You cannot stop people any longer. You cannot control them any longer. They can bypass your established media; they can broadcast to one another; they can organize as never before.

Other coverage at Global Voices and Daily Kos present videos and links to photos of protests coming from Tehran.