Introduction: Why Digital Security?
In the summer of 2013, Edward Snowden shook the world with a trove of disclosed documents from the National Security Agency (NSA), Central Intelligence Agency (CIA), and a host of other global three-letter agencies. For more than a year, there were weekly (if not daily) revelations of just how extensive these agencies’ digital information-gathering capabilities were, particularly those of the United States. It felt as though the NSA was able to get any information that went through internet or phone networks that wasn’t encrypted plus some information that was weakly encrypted and some more information that wasn’t encrypted on corporate servers. That feeling is close to the truth.
At the time, I had been engaged in environmental activism and was aware of how social movements had historically suffered from state repression that was made possible through spying. The sheer extent of the information that the NSA and CIA were able to gather meant that suppression efforts by the State could be that much easier and more effective. The more information the State knows about your activities, the easier it is for it to interfere with your goals.
So I was worried. Could we combat climate change when the odds were stacked against all the groups working to do so? What about systemic racism? Did we have any hope?
Not long after the Snowden revelations, I partnered with the Civil Liberties Defense Center (CLDC), a nonprofit that provides legal support to social movements that “seek to dismantle the political and economic structures at the root of social inequality and environmental destruction.” The CLDC gives know-your-(legal)-rights trainings to social movement participants, emphasizing how to protect and invoke one’s First and Fourth Amendment rights: the right to free speech and the right to no illegal searches and seizures. These rights are eroded with mass surveillance. This is quite clear with Fourth Amendment rights, but for First Amendment rights, legal scholars often point to this chilling effect: citizens restrict their speech if they know they are being surveilled. To complement the CLDC’s legal trainings, I started regularly holding digital security trainings for activists centered on the premise that encryption is the only way to protect your First and Fourth Amendment rights in the modern world of mass surveillance. This book has grown out of these educational efforts.
Downloading a “Secure” App Isn’t Enough
It isn’t enough to download a “secure” app. First, what does “secure” even mean? Security is a complex, subjective, and multifaceted concept. While perfect freedom from risk is usually out of reach, especially when digital technologies are involved, strong relative protections are possible. In order to evaluate or at least explain (and convince a group of people to take advantage of) the relative protections of an app requires some understanding about cryptography and what information is at risk (and with what likelihood) when using a given app or digital service.
Our trainings scratch the surface of the information that I would like to impart. Social movement participants tend to be busy people and often want a set of simple and doable digital security recommendations from people they trust. My goal with this book (and the companion course at Oregon State University, CS175: Communications Security and Social Movements) is to increase the number of people who know enough to make those recommendations (or at least know how and where to learn more).
Political Scope of This Book
As might be gathered from the references to the First and Fourth Amendments, this book is rooted in the political arena of the United States. While much of the book will be relevant outside of the US, we recommend that anyone applying this knowledge in other countries seek additional advice.
Overview of This Book
This book is not intended to be comprehensive for three reasons:
- I want this book to be accessible to any curious person. Going into further details in cryptography would require some college-level mathematics. I also believe that one doesn’t need to understand specific cryptographic protocols to make reasoned digital security recommendations—one can lean on cybersecurity experts for that.
- The state of mass surveillance and the apps that are available to counter surveillance are constantly changing. As I put the finishing touches on this book, I am resisting the urge to include the latest news on State surveillance capabilities.
- I want the book to be short enough to read in a weekend.
The book has three parts as follows.
Part 1: An Introduction to Cryptography
This is a basic introduction to cryptography: enough to understand the basics of what information is protected and what is not and why. Some interesting concepts (such as forward secrecy and blockchains) are left out because I felt that these advanced topics might overwhelm my intended audience. However, the curious reader, after reading part 1, should be able to appreciate, say, the Wikipedia articles on more advanced topics like forward secrecy and blockchains.
When describing cryptographic protocols, most people refer to a cast of characters: Alice sends a message to Bob, and Eve might be eavesdropping on their communications. The companion course for this book focuses on civil rights–era social movements—particularly Black liberation movements—and the State suppression of those movements. To that end, rather than Alice, Bob, and Eve, we use the running example of Assata communicating with Bobby, with Edgar eavesdropping:
- Assata Shakur was a member of the Black Liberation Army and the Black Panther Party (in the early 1970s), was targeted by the FBI (as described in the chapter “Mechanisms of Social Movement Suppression”), and is still a political refugee in Cuba.
- Bobby Seale is a cofounder of the civil rights–era Black Panther Party and was also subject to surveillance and harassment by the FBI.
- J. Edgar Hoover founded the FBI and has been deemed responsible for the surveillance and repressive efforts of the FBI. We occasionally refer to Edgar as “the Man” where appropriate (i.e., in the chapter “The Man in the Middle,” where a man-in-the-middle attack is standard cryptographic terminology).
While the remainder of the book is likely to require significant updates in the coming years, part 1 is likely to stand the test of time.
Part 2: Digital Suppression of Social Movements (in the US)
This part is rather depressing, as it overviews the following:
- How social movements have historically been suppressed in the US (and where surveillance plays a role) in the chapter “Mechanisms of Social Movement Suppression”
- What surveillance and other digital threats are in use in the US in the chapter “Digital Threats to Social Movements” In this part, we use “the State” to refer to any constellation of governmental and nongovernmental organizations that represents established power structures with the resources and motivation to deploy a wide range of suppressive strategies and sophisticated technical measures against social movements.
We keep this part deliberately short so that we can move onto the last part, which is more empowering. In part 2, we pick illustrative examples to give an overview of how mechanisms of social movement suppression are used and what types of surveillance and other digital threats are in play. The chapter “Digital Threats to Social Movements,” in particular, will never be up to date, as new threats and capabilities are constantly being developed and deployed. We hope that anyone who reads this part quickly follows up with the last part.
Part 3: Defending Social Movements (in the US)
Part 3 is intended to be empowering. Starting with threat analysis (which is country and context dependent), we quickly move into classes of tools to protect your information. I say classes of tools rather than specific tools because specific tools can come and go as the projects supporting those tools or apps fail or appear, and it will not be feasible to update this book multiple times a year. This section is country dependent, as the availability of or associated risk of using certain tools can depend on your political context. For example, it can be more challenging to use Tor (an anonymity-providing internet browser, which we will discuss in the chapters “Anonymous Routing” and “Protecting Your Identity”) in certain countries that engage in widespread censorship (such as China).
- Civil Liberties Defense Center. “About.”