What I learned at Net for change: reflections on security and privacy

Last October I participated in Net for Change, an event on  the Internet and net activism as related to democratic movements. It was organised by SIDA  and Julia Gruppen (especially Marcin De Kaminski, @dekaminski) and gave participants a much appreciated opportunity to discuss experiences, challenges and opportunities, with a special focus on the developments in the Middle East and North Africa. It was an intense day, and what follows is one of two long posts on the discussions and reflections that took place during the event…

The accounts of Salma Said (@salmasaid), Sultan Al Qassemi (@sultanAlQassemi), Maryam Al Khawaja (@MARYAMALKHAWAJA), Dima Khatib (@dima_khatib),  Sarrah Abdelrahman (@sarrahsworld) and Hamza Fakhr, Jacob Appelbaum (@ioerror) and many others are a reminder to appreciate how fortunate I am to be able to work on affecting change without having to put life or limbs on the line, and that this exception is a delicate and fragile one worth fighting to keep and afford to others. Because the “others” could be you or me, good people just trying to get on with our lives and fix what’s broken in our world. It is increasingly clear how intimately our ability, or inability,  to do so is linked to technology.

“Well we have a dictator and we need him away, we need your help” – Phonecall to Telecomix- Stephan Urbach,
From Jacob Appelbaum I learned that “Security” and “privacy” are simplifications of complex interactions between people and technologies- and the underlying expectations are seldom expressed more than in abstract. If the underlying expectations are unrealistic or based on false information, it follows that we end up with bad laws. Like Jacob and many others, I am concerned that the laws and policies regarding surveillance are undermining not only the integrity of the decisions we make online as consumers; they are undermining our ability to be active and engaged citizens without fear of threats and harassment as individuals.  Jacob states that a lot of people tend to associate the discussion about surveillance with censorship in dictatorships, and engage in othering it; falsely assuming that unlike in dictatorships elsewhere in the world, in our (western) democracies we have nothing to fear from surveillance ;

“For example, Sweden is trying right now to jail Peter Sunde . He’s a friend of mine and it’s funny because I feel sort of aligned with him. He’s kind of a dissident in Sweden in kind of the same way that I have become accidentally in the United States. The united States says hey everybody, we care about democracy and freedom. We care about activists having an emergency button to destroy the contents of their cell phone. And then we get met by military people at the airports. Or they try to jail us for speaking. Or for helping people in these other countries.

So it’s important to remember that while we want to help people abroad, we should look to the local communities and contexts that we have and figure that jailing Peter maybe, is exactly the wrong thing. And its wrong for exactly the same reasons as it’s wrong when someone tries to jail Sarah in Egypt.”

Because of the ways our communications infrastructure is built, it is not feasible to expect technology users to have knowledge in order to be able to do the right and safe thing. The Internet is a massive surveillance system, as are mobile phones- the more we use them the more they surveil us- and often without our knowledge or permission . The Web browser is no longer just a tool to access the web,  it is now a means by which our online behavior is packeted and sold as a product to entities that collect massive amounts of data about what we do on the web. This allows things like shops selling you a product at a higher price than your neighbor because they think they know you earn more, or a bank refusing to lend you money to buy a house because you visited online poker sites – without you being aware it is happening or being able to control it. Copyriot reasons that this also applies to Browsers built with open source software, since they too adapt to current web standards and are riddled with scripts that compromise security.
“Do you know why vendors don’t make good privacy decisions for users? It’s because you are their product.”- Jacob Appelbaum
Through methods such as Backdoors and DNS filtering, a variety of stakeholders can change the contents of our actions online and attribute things we have not done or said to us or at least skew them out of context with potentially devastating consequences for us: remember a little white lie you might have told to avoid hurting someone’s feelings or to avoid causing trouble for them- what if that were presented as proof of your dishonesty say by an insurance company trying to get out of compensating you ten years down the line? Or an an ironic remark sent in a private message to a friend who understood the context then and there, being revealed to others in an entirely different context by someone wanting to write you off as a bigot?  Entities that maintain and build our infrastructures, especially private actors that sell surveillance, cannot be trusted to protect our privacy because  the information we would like to keep to ourselves is their most valuable product.
“If we don’t want to do everything, we need to transfer technological knowledge & tools to non-geeks.” Stephan Urbach, Telecomix
Our institutions and laws are too slow to adopt and evolve to protect us against unscrupulous behavior by actors that put profits or political agendas before people; any attempts at regulation that require us to trust some or another entity to voluntarily sacrifice potential profits in order to protect our privacy are bound to fail. By extension any policy that is based on the premises that a user is knowledgeable of, and can be held accountable for what goes on in the networks she uses, is one that puts the individual at risk from those who might wish to silence her from exercising her democratic rights. Both in Europe and beyond.

SO, What can we you or I do about it ?

Jacob suggests a combination of changes in policy and in how we behave online. On the policy side he suggests that our policymakers demand data from vendors on how how network monitoring/CALEA systems are compromised and to reject lawful interception. His advice to users is to contextualise our security arrangements [how? got links?] our  OTR, Privacy by design  (as opposed to Privacy enhancing technologies) and widespread adoption of TOR.

Stephan Urbach (@herrurbach) stresses the need for disseminating knowledge about technology to non-geeks. Know of any initatives, maybe your own maybe someone you know, that are active in this?


I originally posted most of the above mission report as a blogpost on the Edgeryders blog in November…

This is so true -

“If we don’t want to do everything, we need to transfer technological knowledge & tools to non-geeks.” Stephan Urbach, Telecomix

I have few ideas about Internet Safety&Freedom Open Forum. For a start a university or a school based one. So that non-geeks can have a broader idea.

When it comes down to democracy and internet security:

What I meant in my post by Internet Safety, I meant Safety for the actors of Freedom as well, not some sort of “Evil Forces Of Internet Security”.

It is such a huge topic to explore, and it overlaps with the topic on commons and participatory communication too.

It is, isn’t it

A tiny part of it comes down to a healthy dose of scepticism and what I consider healthy paranoia. The tricky bit is where data mining, weird algorithms and other stuff that lies beyond our control come into the picture.

Where would you start with the school? What questions would you like answered for yourself by the time you were done with the school?

Some ideas

Hi k, Nadia

This is something we’ve been looking at as part of the ChokePoint Project and I think there are two key points here:

1: Internet and computers are basic “literacies” of the 21st Century and should be taught as such.  There is amazing resistance to this in the teaching profession and it is clearer than ever that teachers (generally) are not preparing kids for the world they are living in.

2: Critical thinking - again students are taught “things” to pass exams, they are not encouraged to think critically. If Internet and computer literacy were combined with critical thinking some of these issues would be addressed

thanks, this is good

Thanks for the comment.

Choke Point makes sense.

Comprehensibilisation of Geekery as a Social Innovation.

If there is a Soc Innov addressing coding http://coderdojo.com/

there should be something addressing e-Identity and Community.

Did you come across anything in real space on these two?

Rysiek or others at #lotemight know…maybe bring it up?

Maybe this is something to bring up at the We, the people session? http://edgeryders.ppa.coe.int/we-people-session

What would the question we want to address be?

Agree about critical thinking.

Pretty sure this wasn’t on the curriculum when i was at school, but a couple of our teachers built it into lessons anyway. One of the problems the Internet creates is the problem of who do you trust. What information sources are actually correct, and how do we make up our own minds about this, are increasingly important questions.

I’m not so worried about 1) - the teachers can resist if they want (and i think a lot of it is just time and energy, it’s non-trivial to support computers in schools, and they often don’t get decent budgets for IT and support etc.) - but the parents know its important for kids to have computers, the kids know its important, its happening. It’s just a matter of time now.

Yep, It’s the most important part

Hi jacky,

yep I agree - the critical thinking is the most important part.

There are some interesting things going on with reference to teaching, the ony problem is that for the moment it’ll only reach kids of geeks like me :wink:

check out http://michellethorne.cc/2012/05/a-learning-network-for-berlin/