Revolutionary Code

Standing in the crowd of Tahrir Square, Gigi Ibrahim quickly typed and posted to Twitter: “Pro-Mubarak march now coming into Tahrir in ‘a big number’ and it will get ugly.”

Like thousands of others, Ibrahim used social media to share the police brutality and human rights abuses of the 2011 Egyptian Revolution with the world. In response, the Egyptian government shut down the internet and SMS for nearly a week. In the years since, organizations have stepped in with new technologies promising to help activists like Ibrahim avoid this type of backlash, creating tools that enable users to circumvent internet shutdowns and surveillance. These developers have designed mesh networks, self-healing networks that enable smartphones or wireless routers to connect to one another via Bluetooth or WiFi without an internet connection, and apps that encrypt end-to-end internet traffic, creating additional security strongholds that enable protesters to anonymously communicate.

But there’s a problem with these technologies: many of them still have significant cybersecurity vulnerabilities or are so difficult to use appropriately that they put the lives of dissidents at risk. It’s more important than ever to address them, and to build better systems, in part because internet shutdowns, or intentional disruptions of the internet or electronic communications through blocking, throttling, or other barriers, are on the rise globally across both developing and developed countries. In 2015, there were 15 documented government-initiated internet shutdowns worldwide; In the first six months of 2016 alone, there have been 20. This has not been without response from the international community: on July 1, 2016, the UN passed a landmark resolution condemning internet shutdowns, reaffirming that human rights exist off and online.

And there has been a response from developers, too. After increased government-initiated shutdowns, the use of mesh network and encryption technologies are growing globally. During the 2014 pro-democracy protests in Hong Kong, FireChat, a platform that forms a mesh network through smartphones, was used to enable peer-to-peer communication among nearly half a million protesters. The Open Technology Institute (which, in the interest of full disclosure, is a program at New America) has developed Commotion, a free, open-source tool that creates mesh networks from wireless devices. The technology has been deployed in Sayada, Tunisia, providing a free community WiFi network that can be used for dissident communication as well as social and economic endeavors. The Tor Project offers “Orbot” a free proxy app that encrypts internet traffic, enabling protesters to remain anonymous. WhatsApp, a free instant messaging service popular in developing regions and used by billions, recently implemented end-to-end encryption in light of its use for dissident communication and retaliation by repressive governments.

And while information and communication technologies (ICTs) have altered protest dynamics, providing activists with an unprecedented mechanism for real-time mobilization and documentation, security vulnerabilities still put users at risk. In late July 2016, Iranian hackers revealed over a dozen accounts belonging to opposition journalists and activists on the instant messaging app, Telegram, and exposed the telephone numbers of over 15 million users. Telegram was also found to record text-based communications distributed through its end-to-end encrypted “secret” mode on the sender’s device, creating the potential vulnerability that apps downloaded to their device could collect what were supposed to be encrypted, secret messages. Telegram reports that this bug has since been fixed.

Telegram, and other developers, can avoid some of these problems in a few key ways. First, by being aware that their tools may be used as social movement technologies, and then responding with implementation of end-to-end encryption and regular testing for security weaknesses. Those that implement end-to-end encryption and pass the tests can be identified with a standard “seal of social movement approval.” At the same time, there are no guarantees in the security world. That’s why these technologies should also include a warning that security vulnerabilities could still exist.

Even the most secure social movement technologies will not be used or will be used inappropriately if they are not user friendly. Developers should consult with end users to ensure a balance between technical solutions and user needs. Internews is leading in this domain with their recent launch of the USABLE project, an initiative to connect communities facing digital security risks with digital security trainers, usability experts, and security developers to co-design tools that are both secure and usable.

The greatest impact of social movement technologies is found in its ability to utilize data analytics to quickly identify and communicate emerging trends. Developers should enable the aggregation and communication of data insights to end users. For example, multiple data points can be aggregated and analyzed to communicate the likelihood that a particular area is or is likely to become violent and provide insights on the changing dynamics and mission of a social movement. Caution should be taken to present data insights in aggregate form in order to not identify individual protesters.

Nevertheless, as use of ICTs as social movement technologies increases, so, too, will the need to ensure that these platforms are resilient, secure, and pragmatic. In order to make certain that they do, developers must consistently identify and mitigate cybersecurity vulnerabilities by closely collaborating with end users to create technically secure and usable technologies. A future in which we do otherwise will, to borrow Ibrahim’s parlance, get ugly.

Brandie Nonnecke is a postdoctoral fellow at CITRIS and the Banatao Institute at UC Berkeley. More info on her research is available at https://nonnecke.com/.