[Originally published in The Boston Globe Ideas section.]
BEIRUT — Alex, a Swiss bicyclist and Internet geek, thought he’d get a welcome break from his work as a computer engineer and a teacher when he moved to Damascus for a year to study Arabic. It was January 2011, a few months before the Arab uprisings spread to Syria.
But once he was there, Alex noticed with irritation that he couldn’t access Facebook and a seemingly random assortment of websites. Some Google search results were blocked, especially if they turned up pages containing forbidden terms like “Israel.”
He developed tricks to navigate the Internet freely, and sharpened his online evasion skills. If the government was so heavily monitoring and censoring Web surfing, he reasoned, it was surely spying on Internet users in other ways as well. He beefed up ways to encrypt his e-mail and Skype, and learned how to scour his own computer for remote eavesdropping software.
These skills ended up being more than just a personal hobby. When Syrians began to demonstrate against the regime of Bashar Assad, Alex found that his techniques were of urgent use to the friends he had made in the cafes of Damascus. Syrians were turning to activism, and they needed help.
“What was before a nuisance for me was now a danger to my friends,” said Alex, who didn’t want his last name published so as not to endanger any of his Syrian contacts.
Alex ended up spending two years in Beirut training Syrian antiregime activists on how to encrypt their data and protect their phones and laptops from the secret police, in what turned into a full-time job. Alex had become one of a small and secretive group of Internet security experts who work not with governments or companies but with individuals, teaching dissidents the skills they need to evade regime surveillance. Internet activists estimate there are about a hundred technical experts worldwide who work directly with dissidents.
As surveillance steps up and activists get more wired, the practical challenges for these digital security experts offer a unique glimpse of the frontline struggle between free speech and government control, or, as many of them put it, between freedom and authoritarianism. And with surveillance more than ever a concern for Americans at home, the knowledge of these security activists casts a revealing light on the peculiar role of the United States, home of both a powerful tech sector that has generated some of the most skillful evaders of surveillance and a government with an unparalleled ability to peer into our activities.
Indeed, even the people who know how to keep e-mail secret from the Syrians or Iranians say that it would be difficult to make sure the American government cannot eavesdrop on you. “It’s hard to find a service that it isn’t vulnerable to the CIA or NSA,” Alex said in an interview in Beirut. “It’s easier if you’re here, or in Syria.”
ACTIVISTS IN AUTHORITARIAN states face a range of basic problems when they sit down at a computer. They need to communicate privately in an environment where the regime likely runs the local Internet service. They may want to send news about domestic problems to international audiences; they may want to mobilize their fellow citizens for a cause the regime is trying to suppress. Whatever they do, they need to keep themselves out of trouble, and also avoid endangering their collaborators by unwittingly revealing their identities to the government
Tech experts like Alex offer them a mix of standard security protocols and tools designed specifically with lone activists in mind. The first step is “threat modeling.” Where does the danger come from and what are you trying to hide? A well-known dissident might not be worried about revealing her identity, but might want to protect the content of her phone conversations or e-mails. A relatively unknown activist might be more concerned with hiding her online identity, so that the government won’t connect her real-life identity to her blog posts.
Users new to the world of surveillance and evasion must master a new set of tools. There are proxy servers that allow access to blocked websites without tracking users’ browsing history or revealing their IP address. Security trainers teach activists how to encrypt all their data and communications. And because circumstances change, Web security advocates emphasize the importance of multiple, redundant channels—different e-mails, messaging programs and social media platforms—so that when one is compromised, there are other alternatives.
A repressive regime like Bashar Assad’s can effectively stymie dissent with crude old-fashioned ruses. On one occasion, the government arrested a rebel doctor while he was logged in to his Skype account. Agents posed as the doctor, sending all his contacts a file that supposedly contained a list of field hospitals. Instead, it installed program called a keylogger that allowed the Syrians to monitor everything the doctor’s contacts did on their computers.
Alex warns all the activists he trains that all their encryption measures could come to naught if they are caught, like the doctor was, while their computer is running—or if they give up their encryption password under interrogation. “They can always torture you for your password, and then all your data is compromised,” he said. There’s no foolproof protection against that.
Though these security measures can go a long way, consultants also find themselves needing to balance the effort it takes with the unique urgency of some of the dissidents’ lives. In the heat of violent conflict, encryption doesn’t always take priority. “Many of them are just too busy to care, to follow all the disciplined procedures,” Alex said. “It got to the point where it felt useless to teach them how to encrypt Skype when thousands of tons of TNT were falling from the sky.”
AS ACTIVISTS have tapped online resources in their struggles, a range of security specialists have sprung up to assist them. Some, like Alex, are independent operators; many of them arose loosely around a single crisis and then expanded their efforts.
In response to Tehran’s Web censorship in 2009, a group of Iranian-Americans established an organization called Access Now to train human rights groups and other organizations on more secure communications. In the four years since it has expanded worldwide and now sends technical specialists to work with activists in the former Soviet Union, the Middle East, and Africa. It also acts as a lobbying group, pressing for uncensored access to the Internet. “Access to an unfiltered and unsurveilled Internet is a human right,” says Katherine Maher, the group’s spokeswoman. “We should have the rights to free speech and assembly online as we have offline in the real world.”
A few years later, when the Arab uprisings began, activists again faced crucial concerns about technology and surveillance. Activists throughout the Arab world planned demonstrations online, and used social media as a major artery of communication. In Egypt, the government was so desperate to thwart the protest movement that in January 2011 it briefly cut off the entire nation’s Internet. Telecomix, a freewheeling collective that began in response to privacy concerns in Europe, was one of many groups that helped build workarounds so that Egyptians could communicate with one another and with the outside world in the early days of the uprising.
In Egypt, Alix Dunn cofounded a sort of nerd-wonk research group called The Engine Room in early 2011 to study and improve the ways that activists get tech support from the small community of available experts. “There are people who got really excited because all of a sudden IT infrastructure suddenly became part of something so political,” Dunn said. “They could be geeky and politically supportive at the same time.”
The advice is not always technical. For instance, in Egypt, Alaa Abdel Fattah, one of the country’s first bloggers and later a strategist for the 2011 uprising, championed a strategy of complete “radical openness.” He convinced other activists that they should assume that any meetings or communications could probably be monitored by the secret police, so activists should assume they’re always being overheard. Secret planning for protests should take place person to person, off the grid; in all other matters, activists should be completely open and swamp the secret police with more information than they could process. In the early stages of Egypt’s revolution, that strategy arguably worked; activists were able to outwit the authorities, starting marches in out-of-the-way locations before police could get there.
GIVEN THE RECENTrevelations about the US government’s online surveillance programs, it’s striking to note that much of the effort to improve international digital security for dissidents has been spurred by aid from the US government. The month after the Arab uprisings began, the US Department of State pledged $30 million in “Internet Freedom” grants; most of them have gone, directly or indirectly, to the sort of activist training that Alex was doing in Damascus.
In some ways, the latest American surveillance revelations haven’t changed the calculus for activists on the ground. Maher notes that almost all the State Department-funded training instructs activists around the world to assume that their communications are being intercepted. (Her organization doesn’t take any US government funding.)
“It’s broadly known that almost every third-party tool that you can take is fundamentally compromised, or could be compromised with enough time and computing power,” Maher said.
But there are new wrinkles. Some of the safest channels for dissidents have been Skype and Gmail—two services to which the US government has apparently unfettered access. It’s virtually impossible for a government like Iran’s to break the powerful encryption used by these companies. Alex, the trainer who worked with Syrians, says that a doctor in Aleppo doesn’t need to worry about the NSA listening to Skype calls, but an activist doing battle with a US corporation might.
Officially, American policy promotes a surveillance-free Internet around the world, although Washington’s actual practices have undercut the credibility of the US government on this issue. How will Washington continue to insist, for example, that Iranian activists should be able to plan protests and have political discussions online without government surveillance, when Americans cannot be sure that they are free to do the same?
For activists grappling with real-time emergencies in places like Syria or long-term repression in China, Russia, and elsewhere, the latest news doesn’t change their basic strategy—but it may make the outlook for Internet freedom darker.
“These revelations set a terrible precedent that could be used to justify pervasive surveillance elsewhere,” Maher said. “Americans can go to the courts or their legislators to try and challenge these programs, but individuals in authoritarian states won’t have these options.”
Tunisia’s popular uprising began in December when a man set himself on fire in protest against a repressive, US-allied government. Quickly, one man’s gesture sparked a national movement that within a month toppled a dictator, a first-time event for the Arab world.
Even before the fleeing autocrat had found refuge in another country, internet boosters were calling Tunisia a “Twitter Revolution” and a “Social Networking Revolution.” Chroniclers of the revolt – mostly bloggers and journalists – traced the revolt to disclosures from Wikileaks that quickly spread among Tunisians through Facebook and Twitter. In this telling the social networking sites were pivotal to organizing the street protest that toppled the regime.
Luke Allnut on Tangled Web writes that our Western eagerness for an easy, quick explanation for a distant revolution blinds us to truer but less jazzy narratives – like the one about people in Tunisia rising up because of chronic unemployment and violent government repression. “Twitter revolution narratives are popular because rather than being about Tunisia, they are often really about ourselves,” Allnut writes. “When we glorify the role of social media we are partly glorifying ourselves.”
The enthusiasm of social media evangelizers echoed their breathless reaction to Iran’s massive anti-regime protests in 2009. Jared Cohen, a whizz kid at the State Department who put social networking at the center of democracy promotion, intervened to keep Twitter online during the protests. He made a much-ballyhooed trip to Syria promoting the idea that better web access would lead to more freedom. Last fall he left government to found a “think/do tank” for the web monolith called Google Ideas.
Clay Shirky, an NYU professor who is one of the most eminent theoreticians of the internet, argues that the tools of social network have forever altered the geography of power in the world. His view is a more staid and academic version of Julian Assange’s radical claims about the power of Wikileaks to counter American power. (He is best known for his gospel of crowd sourcing, “Here Comes Everybody,” and his latest book is “Cognitive Surplus: Creativity and Generosity in a Connected Age.”)
A backlash has taken root though, with some serious scholars and analysts calling into question the information innovation bubble. Their counter-narrative tells a deflating story.
Malcolm Gladwell argued in a very influential New Yorker essay that the “weak ties” of Facebook and Twitter could effectively mobilize people to donate a few cents for Darfur, but only “strong ties” created by face-to-face life could inspire people to make the kind of physically risky sacrifices necessary for real protest, like the American civil rights movement.
Even less kindly, Evgeny Morozov – a scholar who has spent his career studying the effects of the internet on political life and comes across as an ornery skeptic – mocks what he derisively calls the American government’s “internet freedom agenda” as a chimera “that can boast of precious few real accomplishments.” He has just published a book called “The Net Delusion: The Dark Side of Internet Freedom.”
* * *
I have always been slightly puzzled by the certainty of the internet-freedom-utopians, who for a decade have been blogging their revolutionary ideas about how the world wide web has created a new taxonomy of power, tilting the balance away from central venues of control and toward the little man, the anarchic hacker, the crowd.
They seem always to be posting over comfortable connections in the United States; I sensed in their vertiginous web euphoria that they were surfing at warp speed on fiberoptic networks, streaming video or music over their ample bandwidth.
In contrast, I’ve spent much of the last seven years accessing the internet from places like Bahrain, Saudi Arabia, Egypt, Gaza, Iraq and Lebanon. As a matter of course connections there are balky and heavily censored; watching YouTube or listening to Pandora was out of the question. Entertainment articles often fell astray of sloppy filters that target political content or un-Islamic porn. My own coverage of political events in American newspapers has been at times inaccessible to me online from the country in which I was reporting. This past summer as I covered a government crackdown on dissidents, I could follow the Bahrain Centre for Human Rights postings on alleged torture and detentions. Suddenly, the next day, their site was blocked.
Secret police loiter in the hotel lobbies; they listen in on phone calls and show up at interviews with dissidents that were scheduled by text message (this happened to me in Cairo this summer, when I met a Muslim Brotherhood webmaster). They’re carefully monitoring online activity too, and if it better suits the police state’s interests, they can sever access in an instant. Friends in Iran, Lebanon and elsewhere assumed that secret police were reading their email. Often enough the monitors would leave traces in my friends’ webmail, either out of carelessness or to send an intimidating message.
The people of Tunisia, or China for that matter, aren’t surfing our American internet. Information might want to be free, as the tech bubble generational saw has it, but many governments around the world still don’t want their people to be. Twitter and Google Chat are no match for a well-funded authoritarian ministry of the interior.
American thinkers have a tendency to project their own theories and tastes on political waves elsewhere; perhaps that explains the Twittermania and Facebook faddism over Tunisia today and Iran in 2009.
* * *
One danger that Morozov often highlights is that the more the United States interferes with an internet it doesn’t really understand, the more unintended harm it might cause.
“The Internet is far too valuable to become an agent of Washington’s digital diplomats,” he wrote in a recent Foreign Policy essay.
Secretary of State Hilary Clinton in a speech just over a year ago at the Newseum in Washington acknowledged that the same technologies that help dissidents promote accountability also empower Al Qaeda and human rights transgressors. But she contrasted the divisive symbolism of the Cold War Berlin War with the open internet, which she called “the new iconic infrastructure of our age.”
“On their own, new technologies do not take sides in the struggle for freedom and progress, but the United States does,” Clinton said. “We stand for a single internet where all of humanity has equal access to knowledge and ideas.”
The implications are stark. At best, the contrarians suggest that the web in all its incarnations and with all its tools and hype-fueled pseudo-philosophy – social media, crowd-sourcing, citizen reporting, web 2.0, the long tail, flattening the world, Skype and all the rest – are potent communication tools like the telephone and the television. What naïve boosters often ignore is that these tools and the multiplier effects they create are just as available to a repressive government looking to extend its control as they are to activists looking to overthrow it.
At worst, the internet skeptics point out, the world of web activism has disproportionately empowered despots. It gives frustrated citizens a harmless outlet to blow off steam, channeling their rage at a nasty regime into ribald blog posts rather than into underground organizing, street protests, or violent attacks that might truly threaten a police state. Even more importantly, the web concentrates opposition and other activists in forums that feel private and unified but which in fact are easily monitored and penetrated by state security. As a result, more than ever before in the wired age police states know exactly what their opponents are thinking, debating and planning.
Recent events illustrate the silliness of believing that new communications platforms have erased the advantages of old-fashioned coercive sources of power – secret police and surveillance for governments, and massive demonstrations and crowd violence for anti-government activists. Dictators in history haven’t been shamed out of office; they’re overthrown. Today, police states won’t be Tweeted, Facebooked or Wikileaked out of power either.