Bassel Khartabil was a freedom fighter. This post is about freedom fighters. The kind we need more of. I’ll get to back to that in a little while. First, I’ve got a piece of hot, subversive, anti-establishment, national-security threat information for you. Are you ready for it? Knowing it could put you on the wrong side of your local authorities. It’s really quite radical information. It may bring down a government. Still reading? Okay, you’ve been warned, here it is:
When you’re trying to pair a Feitian FIDO MultiPass 2FA device with an Android Mobile, you may need to go into settings and change Location mode from “High accuracy” to “Device only,” so Bluetooth doesn’t have conflicts.
Yikes! Now that you know this juicy intel, you may be a bonafide threat to national interests, or community cohesion, or puppies. Can you still board a plane? I don’t know. No one can know. Here’s why: 2FA (2-factor authentication) can thwart a goodly amount of hacking attempts — state sponsored or otherwise — against your online accounts. Someone wanting access would either need to invest far more resources on breaking into your accounts or -gasp- be more transparent, and do things like request court orders or seek some sort of authorisation to do so.
I just found this weird bug today, but it’s one of those odd quirks that may eventually find its way into a digital security training session sometime, when someone’s fumbling around with devices and wondering what happened to that “It Just Works” ethos supposedly revolutionising technology.
As it turns out, passing on this kind of information can get you arrested. Showing people how the internet works can get you killed. Teaching someone how to protect themselves on an insecure network can make you an enemy of the state. Helping marginalised groups in a society avoid being targeted online can bring the cops. Sending a private message to a friend that you know won’t be read by others can mark you as a subversive.
Here’s what makes digital security awareness a threat: It’s knowledge about how things work. It’s information that helps you better understand and control what you’re doing. It’s a set of practices that allows you to choose what to shout at the world, or whisper to a single person. And, sure, it’s a set of tools ostensibly aimed at helping you do all that… on a good day.
Not everything in a digital training is about security. Sometimes it’s access. How to still get online and find information regardless of whatever censorship regime prevails. How to publish news or share videos during an attempted internet shutdown. How write, publish and socialise your content across the web. How to verify, report and prove. All of this knowledge is increasingly making their way into various governments’ threat models.
Digital security and open access are fast becoming disciplines of Forbidden Knowledge in many parts of the world, very likely some of them are at least problematic in parts near you. Digital rights (whether it’s to say what you want, read, hear or view what you want or be as private as you want) is under attack. This is symptomatic of larger issues, not a thing in and of itself. Before getting into that…
Let’s take a tour.
Family of open source software developer and Creative Commons activist Bassel Khartabil learned yesterday that he had been executed by the Syrian regime.
Khartabil was but one of 17,723 Syrians to have died in Syrian government custody, and before that was known, he was among the 65,000 people who have disappeared since the 2011 uprising against the Assad regime began. Before being picked up, he had set up hacker spaces, supported projects on using open data and how to cope with heavily censored and monitored Syrian internet.
One main reason I became interested in the topic of information security is that it’s inherently empowering to people. It can possibly the most powerful form of nonviolent resistance that exists while also being a regular part of doing anything over any kind of network. This scares regimes that have fragile relationships with their own citizens.
Turkey is among these. Ten human rights activists were arrested one morning earlier this month in Istanbul, at the start of a workshop on digital security. Ali Gharavi and Peter Steudtner were the digital security trainers at this event, and are people I know and respect. They are friends and comrades. The false charges they face, “aiding an armed terrorist organisation” can be illuminating if you read between the lines. Knowledge of digital security practices is the arms. Terrorists are anyone who wants to hold a government accountable.
“Ali and Peter are described as orchestrators of an ‘uprising’, with training on ‘mobile equipment security, secure apps and secure communications’ cited as evidence” wrote Amnesty International technologist Tanya O´Carroll. “These allegations are ludicrous. Ali is a friend and colleague of mine, and over the years I have been lucky enough to join some of his workshops. Far from the “high-tech underground trainings” of the Turkish government’s imagination, these workshops cover the basics of staying safe online: simple best practices like installing two-factor authentication on social media and creating strong passwords.”
These are paranoid times. States’ ability to control or predict events is rapidly diminishing. Huge numbers of migrants are on the move. The system of Westphalian sovereignty is on the back foot with Arab springs, increasingly unpredictable voting tendencies, market instability, a changing climate, and financial meltdowns happening with shorter intervals in between. In times like these, authoritarian governments really find their feet.
Russia is among these. This is why there is now a law on the books in the country outlawing the use of VPNs, proxies or the Tor Network. China is among these, which is why it maintains a firewall blocking thousands of websites and recently convinced Apple to remove all VPN software from its own App Store available in China. Apple agreeing to do so is a stunning example of needs-must capitalism in the digital age.
There’s a certain orthodoxy in deciding which demons can be invoked when issuing decrees against information security. It doesn’t matter if it’s being said by the home secretary of the United Kingdom or the leader of North Korea. When you don’t like the existence of internet access or privacy, you tell scary stories about the terrorists. You say only terrorists use encryption. You lie. Because when you’re making desperate grasps at control the last you want is a set of applied mathematical principles — once the reserve of a few military agencies and academics — being installed into ordinary smartphone apps on an engineer’s whim. More governments are toying with the notion that the state should have the right to issue or withhold an imprimatur on maths.
This kind of magical, outside-the-box thinking can cause political leaders to say strange things. In Australia, the Prime Minister has said encryption can be outlawed, and that “the laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia.” As if an act of parliament cancels out the laws of physics. Entropy won’t happen on our watch.
In UK, Amber Rudd has taken up the tradition employed by nearly every Home Secretary in the last ten years to call for either encryption backdoors. But she’s taken a more bizarre line: “Real people often prefer ease of use and a multitude of features to perfect, unbreakable security. Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family?” To copy-paste Ed Johnson-Williams, a campaigner at Open Rights Group: “This is a little like saying: ‘Who uses a car because it has airbags and seatbelts, rather than because it’s a convenient way to get around?'”
Whether it’s using a strong VPN to access the web or sending an encrypted message through an app, or being able to bypass a firewall to publish what’s happening near you, the use of encryption and the ability to keep yourself from being monitored or attacked online is inherent to democracy. Not coincidentally, democracy is being reconsidered by various governments, including, not surprisingly, the United States, where the State Department and USAID are busy revising their mission statements by find-and-replacing “democracy” with “prosperity,” as if these are interchangeable words.
One of the most interesting aspects of listening to people talk about The Handmaid’s Tale is that it was considered to be some near-future sci-fi story. But the present day world has examples of everything taking place in the Republic of Gilead. The same can be said of the fight for digital rights. Look at places where people are already being persecuted for sending a private message, or accessing a banned web page, or using a private network. In these places you almost always find a lot of other persecution as well. This is where those policies lead.
We’re always just a couple of laws away from dystopia.