Security for the real world

I’m kicking myself for missing Observe. Hack. Make. – it sounds like it was an amazing event that brought together geek and activist communities in a really interesting and valuable way. Coverage coming through on Twitter also suggested that #OHM2013 hosted political discussions that were informed by a more complex political analysis than the ones I often see surrounding issues about digital security and civil rights. There was a lot of excitement around Eleanor Saitta’s talk in particular, Ethics and Power in the Long War. I encourage you to read the full transcript, but there were a few stand-out points that are worth emphasising.

• Saitta talked about the need for those involved in developing digital security to stop harassing each other and have “a polite technical conversation like professionals do in the real world. (Sarah Sharp’s recent calls for civility on the Linux mailing list give good insight into some of the culture surrounding this.) This is especially important to me because poor communication and unwelcoming discussion are one of the barriers between better inter-community engagement I’ve noticed coming up over and over in my research and activism. Aggressive communication styles within a community are not only unproductive and tiring for those involved, they also makes it harder for those outside the community to consider joining, or coming in and saying, “hey, we need some help with this tool” or “can we link up on this issue”.
• She also argued that “the user model is the thing that needs to come first”. There are some really useful security tools out there that people I know would benefit from, but they’re not using them because they require investing too much time and energy to learn, and the benefits aren’t clear.
• Linked to this is her injunction to value the “incredibly complex and very powerful pattern matching CPU hooked-up to your system that you are not using … the user”. Many activists on the ground don’t have the skills (or the interest) to work through complicated tools that aren’t user-friendly, but they do have other important skills and knowledge, including an awareness of their own needs and an informed political analysis.
• Saitta argued that we need new tools to be informed by a theory of change, an understanding of the larger battles and overall landscape in which tools will be deployed. Although her example focused on the brittleness of security systems (once stuff breaks, it really breaks), I’d argue that we also need to think about this in terms of a political theory of change. The theory of change for a lot of digital rights activism at the moment is, ‘more information will necessarily change politics’. More information helps, but we also need to understand that the system is sustained by powerful interests, not just ignorance, and our theory of change needs to be informed by that. (Which I think is happening, increasingly.)
• She also calls out the tech community’s claims to being apolitical: “we don’t get to be apolitical anymore. Because If you’re doing security work, if you’re doing development work and you are apolitical, then you are aiding the existing centralizing structure. If you’re doing security work and you are apolitical, you are almost certainly working for an organization that exists in a great part to prop up existing companies and existing power structures.”

In response to this, Saitta lays out her own politics, noting that the increased surveillance we’re seeing these days is an inherent function of the state as it exists today:

if we want to have something that resembles democracy, given that the tactics of power and the tactics of the rich and the technology and the typological structures that we exist within, have made that impossible, then we have to deal with this centralizing function. As with the Internet, so the world. We have to take it all apart. We have to replace these structures. And this isn’t going to happen overnight, this is decades long project. We need to go build something else. We need to go build collective structures for discussion and decision making and governance, which don’t rely on centralized power anymore. If we want to have democracy, and I am not even talking about digital democracy, if we want to have democratic states that are actually meaningfully democratic, that is simply a requirement now.

Conversations which make this their starting point are incredibly important right now. It’s necessary, but not sufficient, to talk about decentralising political power. We need to also be talking about what that means in practice, how it will work, what kinds of tools and systems will support it.