Tag Archives: digital resistance

Transitions 2.0: Internet, Political Culture and Autocracy in Central Asia

I recently presented my dissertation research at the American Political Science Association (APSA) convention and attended a related panel entitled: “Internet: Collective Action, Social Mobilization, and Civic Engagement.” Eric McGlinchey, one of the professors on the panel, presented his research paper (PDF) on “Transitions 2.0: Internet, Political Culture and Autocracy in Central Asia.”

Eric notes that the theories and prescriptions of the transitions literature have not borne fruit in Central Asia. Indeed, “the region today is more autocratic than it was eighteen years ago at the time of the Soviet collapse.”

Eric thus seeks to understand why “Transitions 1.0” failed and to “investigate the potential for a Transitions 2.0” by exploring three autocracies Kazakhstan, Kyrgyzstan and Uzbekistan.

As Eric notes, “new information communication technologies (ICTs) are emerging in Central Asia and, as survey research demonstrates, these new ICTs hold the potential to transform the region’s political culture from one that abides authoritarian rule to a culture that embraces political reform.”

I very much appreciate Eric’s balanced approach to technology and demographic change. As he writes,

[T]he current class of political elites is graying while the youth population of Central Asian society is growing larger.  And whereas the hierarchical Communist Party carefully controlled the political milieu in which the current political elite was acculturated, today new ICTs have broken the government’s information monopoly, laid bare the inequities of patronage politics and are in the process of changing the mental maps with which this growing younger generation views national governance.

Institutional path dependency, as Paul Pierson explains, is sustained by—learning effects‖ and—adaptive expectations. New ICTs have simultaneously transformed what youth in Central Asia learn and what they expect—and it is this transformation […] that may ultimately undermine the cost calculations that have thus far sustained autocratic patronage in the region.

Whether access to ICTs can be shown to have a successful track record in promoting liberalization and democratization is still an open debate which requires more empirical research to shed compelling insights on the question.

Eric cites the work by David Hill and Khrishna Sen (2000) who “illustrate how the Internet enabled Indonesian oppositionists not only to break Suharto’s media monopoly, but to break this monopoly using conversational, dialogic, (and) non-hierarchical” forms of communication.”

That said, Hill, Krishna and several other scholars emphasize that the “political environment within which oppositionists marshal technologies like the Internet, can dampen the transformative effects of new ICTs.” To be sure,

Just as autocracies can control printing presses, radio and television, so too can savvy authoritarian governments monitor and exert control over new telecoms and Internet service providers.  Moreover, even absent such control, new ICTs need not be liberalizing.

Peter Chroust, for example, demonstrates how illiberal groups—neo-Nazis in Germany and the Taliban in Afghanistan—can equally use new ICTs to facilitate communication and mobilization.

Benjamin Barber suggests that fears that new ICTs force people—into one commercially homogeneous global network: one McWorld tied together by technology motivate actors to fight for the opposite, for the construction of even more differentiated local identities. As such, Barber predicts, new ICTs will result in more, not less ethnic, racial, tribal, or religious violence.

Eric’s research is informative because there is still very little research on the impact of ICTs on populations in Central Asia. The results of his empirical survey suggests that “although the causal effects of new ICTs are mixed and highly dependent on structural context, the use of new ICTs nevertheless does appear to have a liberalizing effect on political culture.”

More specifically, where state filtering of the Internet is less pronounced—in Kyrgyzstan and Kazakhstan—survey results suggest that Internet users do exhibit greater inclinations toward political reform and civic engagement.  Conversely, where state filtering of the Internet is extensive, as it is in Uzbekistan, inclinations toward political reform and civic engagement differ little between Internet users non-users.

Eric concludes as follows:

Will Transitions 2.0 succeed where Transitions 1.0 failed?  To a large degree the answer to this question rests in the ability of Central Asian governments to continue effective filtering of the Internet and of global communications broadly, something that may get progressively more difficult as Internet access shifts from what now are readily controlled public areas (work, Internet cafes and libraries) to the comparative privacy of smart phones and home computers.

No less consequential is whether ICT-induced changes in political culture translate to societal changes in political engagement.  This study suggests that the retreat of Soviet institutions of political acculturation and the arrival of new ICTs will likely produce a political culture that is less trusting of autocratic rule and more open to outsiders and civic engagement.

Whether Central Asians will assume the daunting risks that undoubtedly are required to transform their governments so as to more closely reflect these changed political values, however, remains an open question.

Patrick Philippe Meier

Nonviolent Resistance in Post-Communist Countries

Introduction

I recently presented my dissertation research at the American Political Science Association (APSA) convention and had the good fortune of sharing the panel with Olena Nikolayenko from Stanford University. Nikolayenko presented an excellent paper (PDF) entitled: “Youth Movements in Post-Communist Societies: A Model for Nonviolent Resistance.”

Olena seeks to explain the variation in social movement outcomes in non-democracies by “investigating the dynamics of tactical interaction between challenger organizations and the ruling elite.” She argues that “both civic activists and autocratic incumbents engaged in processes of political learning. Hence, tactical innovation was vital to the success of youth movements, especially late risers in the protest cycle.”

I think she’s spot on with the tactical learning argument. In fact, I use the same hypothesis for my dissertation as well, referring to the cyber game of cat-and-mouse between resistance movements and repressive regimes.  By tactical innovation, Olena means “experimentation with the choice of frames, protest strategies and interaction styles with allies.”

This dynamic approach to the study of social movements to post-communist countries is particularly interesting since the notion of tactical innovation has only been applied to mature democracies.  As Olena notes, however, tactical innovation may very well be of “greater importance to the challenger organizations in the repressive political regimes.”

This is because “the stakes of the political struggle—regime change or the survival of the autocratic incumbent—have wide-ranging implications for the ruling elite and the society at large.”

Olena’s decision to focus on post-communist countries is also important because of the focus on unsuccessful cases. As she rightly notes, there is a notable bias in social movement literature on cases of success. And yet, there is much to gain from analyzing movements that are defeated by repressive regimes.

Explaining Social Movements

What is particularly neat about Olena’s dynamic approach is that she draws on Doug McAdam’s work (1983) and thus distinguishes between “tactical innovation of movement participants and tactical adaptation of the ruling elite.” McAdam’s piece is entitled: “Tactical Innovation and the Pace of Insurgency.”

Tactical innovation involves a shift from conventional forms of collective action and the application of novel confrontational tactics. Tactical adaptation refers to tactics of the incumbent government to neutralize unorthodox mobilization efforts of challenger organizations and introduce new barriers for contentious collective action.

In terms of tactical innovation, Olena explains that to gain leverage in the political arena, “a social movement needs to articulate persuasive messages, employ effective protest strategies, and forge ties with influential allies. Each of these choices can involve tactical innovation.”

I’m especially interested in the protest strategies piece given the focus of my dissertation. Olena draws on some of Charles Tilly‘s research that I had actually not come across before but which is incredibly relevant to my own doctoral research. Tilly’s relevant piece published in 1978 is entitled: “From Mobilization to Institutionalization.”

Though a range of protest tactics seems to be limitless, protesters tend to resort to a recurrent toolkit of contentious collective action. Tilly conceptualizes a repertoire of contention as “a limited set of routines that are learned, shared, acted out through a relatively deliberate process of choice.” In his influential work, Tilly (1978) demonstrates how it takes such macrohistorical factors as the rise of the nation-state and the emergence of new communication technologies to engender novel forms of protest. A central advantage of novel protest strategies is that they can catch the authorities off guard and produce a stronger political impact than familiar protest tactics.

As for tactical adaptation, Olena examines how repressive incumbent governments respond to the “rise of reform-oriented and technologically savvy youth movements by setting up state-sponsored youth organizations and intensifying the use of modern technology to subvert youth mobilization.” This an important part of the cyber game of cat-and-mouse that is all too often drowned by the media hype around new technologies.

Social movement literature has documented a toolkit of strategies that the ruling elite deploys to suppress mass mobilization. Repression is a common policy instrument used in non-democracies. In the so-called hybrid regimes, the ruling elite systematically manipulate democratic procedures to the extent the turnover of power is hardly possible, but refrain from the conspicuous use of violence.

It is critical to understand the underlying tactics employed by repressive regimes to suppress and/or manipulate political change.

Methodology

Olena focuses on nonviolent youth resistance movements in the following five countries: Azerbaijan, Belarus, Georgia, Serbia, and Ukraine. These movements share several important characteristics:

  1. The formation of youth movements during the election year, with the exception of Serbia’s Otpor;
  2. Anticipation of electoral fraud;
  3. Demand for free and fair elections;
  4. Mass mobilization in the repressive political regime,
  5. Use of nonviolent methods of resistance.

Despite these similarities, however, some of the movements were “more successful than others in expanding the base of popular support for political change in non-democracies.”

Olena carried out 46 semi-structured interviews with key informants to get an in-depth description of social movements. To estimate the the level of youth movements, Olena relied on three indicators: (1) size of movement; (2) size of post-election protests; and (3) duration of post-election protests.

Findings

While the Otpor movement in Serbia was responsible for demonstrating a series of important tactical innovations, subsequent youth resistance movements in post-communist countries were unsuccessful. This is largely due to the fact that these movements simply “copied” these tactics without adding much in terms of innovative thinking. Otpor also trained these movements and perhaps should have emphasized the importance on endogenous innovation a lot more.

In terms of political learning by elites in repressive regimes, Olena’s findings show that:

[I]n light of electoral revolutions in Serbia, Georgia, and Ukraine, the governments in Azerbaijan and Belarus have significantly raised costs of political participation. Specifically, the coercive apparatus applied violence to prevent the permanent occupation of the public space in the wake of fraudulent elections.

Moreover, the authorities deployed coercive measures against youth movements before they could develop into powerful agents of political change. In addition, the governments in Azerbaijan and Belarus have invested considerable resources into the creation of state-sponsored youth organizations.

The analysis demonstrates that both civic activists and the ruling elite are able to draw lessons from prior episodes of nonviolent resistance during a protest cycle. As a result, late risers in the protest cycle need to apply a series of innovative strategies to overcome increasing constraints on political participation and introduce an element of surprise.

Patrick Philippe Meier

Content for Digital Activism and Civil Resistance

I’ve been advising a large scale digital activism and civil resistance project and am concerned by the lack of importance placed on content. The project’s donor (not implementer) literally thinks that flooding the country in question with mobile phones, for example, will catalyze an effective digital and civil resistance movement. Clearly, they know very little about civil resistance.

Content Matters

Here’s a personal story I often relate during conversations that tend toward technological determinism. I was in the Western Sahara in 2003 doing investigative research on the Polisario guerrilla movement. I made contact with a high ranking guerrilla fighter who had trained in Cuba and Libya and who just defected from the camp’s headquarters in Algeria. He was a wealth of information and we quickly became friends.

Click for credit/source

One of my most memorable moments was when he recounted what ultimately made him decide to leave the Polisario. “I got a Spanish copy of Animal Farm by George Orwell, and I couldn’t believe it, he described in detail the political nature of the Polisario movement. I did not want this life for my children and my wife. So I left.”

Click for credit/source

Now, don’t get me wrong, I’m absolutely pro self-determination for the Western Sahara which, like many others, I consider to be the oldest colony in Africa. The point of my story, however, is that a simply but brilliant book was enough to make my friend take a huge risk in defecting. Content is key, technology is secondary. (I’m actually reading a neat book, Wasp by Eric Russell, that gets exactly at this disproportionate, asymmetric dynamic vis-a-vis civil resistance).

Identifying Content

This brings me to my next point. I have been surprised to find little material that specifically lists the kind of content one would want to smuggle into a country under authoritarian rule. This is not to say we should restrict certain types of information, absolutely not, the first step is to provide full and secure access to all content on the web, for example.

At the same time, it behooves us to place some deliberate “sign posts” to specific content that can educate a closed society about digital activism and civil resistance. This means providing access to international and alternative news, such as mainstream media and GlobalVoices. Providing access to Wikipedia is also a good idea. But there’s a lot more content out there if the goal is to foster a peaceful transition to democracy.

As the Western Sahara story suggests, we would want to provide all of George Orwell’s books in print and/or electronic form. In addition, books on democracy and especially nonviolent revolutions and social movements. History books on civil resistance as well as video documentaries and even audio-books. I would also include multimedia material on nonviolent tactics and strategy.

afmp

Finally, I’m interested in computer games, like A Force More Powerful (AFMP); see screenshot above. I’ve also been toying around with the idea of multi-player games on mobile phones that replicate swarm or smartmob-like behavior. Like a treasure hunt of sorts via SMS or beeping.

How You Can Help

The identification of content should be one of the very first steps in this kind of digital activism and civil resistance project. Only after the content is identified, acquired and translated into the appropriate language(s) should one turn to technology as a vehicle for safe and secure transmission using encryption, steganography, etc.

In the meantime, here’s what I  have so far:

  • A Force More Powerful (book, DVD and game)
  • Nonviolent Conflict: 50 Crucial Points (>)
  • Waging Nonviolent Struggle in the 20th Century Practice and 21st Century Potential (>)
  • Strategic Nonviolent Conflict: The Dynamics of People Power in the 20th Century (>)
  • Unarmed Insurrections: People Power in Non-Democracies (>)
  • On Strategic Nonviolent Conflict: Thinking About the Fundamentals (>)
  • Introduction to Nonviolent Conflict (>)
  • Bringing Down a Dictator (DVD)
  • Revolution in Orange (Book and DVD)
  • There Are Realistic Alternatives (>)
  • The Right to Rise Up: The Virtues of Civic Disruption (>)
  • Gene Sharp’s Theory of Power (>)
  • Civil Disobedience by Hannah Arendt (>)
  • War without Weapons (>)
  • Nonviolent Social Movements: A Geographic Perspective (>)
  • Nonviolence and the Case of the Extremely Ruthless Opponent (>)
  • Power and Persuasion: Nonviolent Strategies to Influence State Security Forces (>)
  • Strategic Nonviolent Conflict: Lessons from Past, Ideas for Future (>)
  • How Freedom is Won: From Civic Resistance to Durable Democracy (>)

There is more great content listed on the Albert Einstein Institution website, PeaceMakers, Civil Resistance Info, Nonviolent Conflict, DigiActive and David Cortright’s website.

I’m looking for free or paid content. This content can be text, audio and/or video. I’d also be interested in putting a list together of entertaining movies with an underlying message of democracy and nonviolent resistance. The same goes for computer games and games on mobile phones. In sum, any material you think could educate and empower a society closed from the world would be welcome.

Feel free to forward this call for feedback as widely as you’d like. Thank you.

Patrick Philippe Meier

An Analytical Framework to Understand Twitter’s use in Iran?

The digital activism and resistance witnessed in Iran go to the heart of my dissertation research, which asks whether the information revolution empowers coercive regimes at the expense of resistance movements or vice versa? Iran is one of my case studies for my upcoming field research in addition to Burma, Tunisia and Ukraine.

Introduction

There have been a number of excellent blog posts on the intersection between technology and resistance in Iran, and especially on the use of Twitter. The mainstream press is also awash with references to Twitter’s role. For example, Agence France Presse (AFP) recently cited my research in this piece entitled “Twitter Streams Break Iran News Dam.”

However, what I haven’t seen in the blogosphere and mainstream press is the application of an analytical and theoretical framework to place Twitter’s use in Iran into context.

For example, just how important is/was Twitter’s role vis-a-vis the mobilization and organization of anti-government protests in Iran? We can draw on anecdotes here and there but this process is devoid of any applied social science methodology.

This post seeks to shed light on how, when and why information and communication technologies (ICTs) are used by resistance movements in repressive environments. The framework I draw on (summarized below) is informed by Kelly Garrett’s excellent publication on “Protest in an Information Society: A Review of the Literature on Social Movements and New ICTs” (2006).

Framework

The framework seeks to “explain the emergence, development and outcomes of social movements by addressing three interrelated factors: mobilizing structures, opportunity structures and framing processes”  within the context of ICTs. (The figure below is excerpted from my dissertation, hence the figure 4 reference).

PhDFramework

  • Mobilizing Structures are the mechanisms that facilitate organization and collective action. These include social structures and tactical repertoires.
  • Opportunity Structures are conditions that favor social movement activity. For example, these include factors such as the state’s capacity and propensity for repression.
  • Framing Processes are “strategic attempts to craft, disseminate, and contest the language and narratives used to describe a movement.”

These three factors should be further disaggregated to facilitate analysis. For example, mobilizing structures can be divided into categories susceptible to the impact of ICTs:

  • Participation levels (recruitment);
  • Contentious activity;
  • Organizational issues.

These sub-indicators are still to broad, however. Take, for example, participation levels; what is participation a function of? What underlying mechanisms are facilitated or constrained by the wider availability and use of ICTs? Participation levels may change as a function of three factors:

  • Reduction of participation costs;
  • Promotion of collective identity;
  • Creation of community.

These activities are of course not mutually exclusive but often interdependent. In any case, taking the analysis of ICTs in repressive environments to the tactical level facilitates the social science methodology of process tracing.

Application

We can apply the above framework to test a number of hypotheses regarding Twitter’s use in Iran. Take Mobilizing Structures, for example. The following hypothesis could be formulated.

  • Hypothesis 1: The availability of Twitter in Iran increased participation levels, contentious activity and organizational activity.

Using process tracing and the above framework, one could test hypothesis 1 as follows:

hypo1

These causal chains, or “micro theories,” are posited with the “⎥” marker to signify that the causal relationship is contended. The direction of the arrows above reflects the theoretical narratives extracted from the theoretical framework presented above. Note that the above “micro” theories are general and not necessarily reflective of Twitter’s use in Iran.

Iran Case Study

When the arrows are tallied, the results suggest the following general theory: there is a direct and positive relationship between the impact of Twitter and the incidents of protests and riots. The next step is to test these “micro theories” in the context of Iran by actually “weighting” the arrows. And of course, to do so comparatively by testing the use of Twitter relative to the use of mobile phones and the Internet. Furthermore, the results of this hypothesis testing should be compared to those for Opportunity Structures and Framing Processes.

I plan to carry out field research to qualitatively test these hypotheses once the first phase of my dissertation is completed. The first phase is a large-N quantitative study to determine whether increasing access to ICTs in repressive regimes is a statistically significant predictor of anti-government protests.

Patrick Philippe Meier

How To Communicate Securely in Repressive Environments

Update: The information below is now out of date, please do not blindly rely on the strategies and technologies listed!

Important: Please check the excellent comments provided by iRevolution readers below for additional tactics/technologies and corrections. The purpose of this blog post was to inform and elicit feedback so thank you very much for improving on what I’ve written!

FYI – I tried keep an up-to-date guide based on the comments below but was too busy to continue. Please see this link (Doc).

I’m preparing to give a presentation at The Fletcher Summer Institute for the Advanced Study of Nonviolent Conflict (FSI 2009). The focus of my presentation will be on digital security, i.e., how to communicate safely and securely in repressive, non-permissive environments. I’d be very grateful for feedback on the information below.

Introduction

Core to effective strategic nonviolent action is the need to remain proactive and on the offensive; the rationale being that both the resistance movement and repressive regime have an equal amount of time allocated when the show-down begins. If the movement becomes idle at any point, this may give the regime the opportunity to regain the upper hand, or vice versa. The same principle is found in Clausewitz’s writings on war.

Nonviolent resistance movements are typically driven by students, i.e., young people, who are increasingly born digital natives. With expanding access to mobile phones, social networking software and online platforms for user-generated content such as blogs, the immediate financial cost of speaking out against repressive regimes is virtually nil. So resistance movements are likely to make even more use of new communication technology and digital media in the future. In fact, they already are.

At the same time, however, the likelihood and consequences of getting caught are high, especially for those political activists without any background or training in digital security. Indeed, recent research by Digital Democracy research suggests that organizational hierarchies are being broken down as youth adopt new technologies. While this empowers them they are also put at risk since they don’t tend to be as consequence-conscious as their adult counterparts.

Empire Strikes Back

It is no myth that repressive regimes are becoming increasingly more savvy in their ability to effectively employ sophisticated filtering, censoring, monitoring technologies (often courtesy of American companies like Cisco) to crack down on resistance movements. In other words, political activists need to realize that their regimes are becoming smarter and more effective, not dumber and hardly clueless.

That said, there are notable—at times surprising—loopholes. During the recent election violence in Iran, for example, facebook.com was blocked but not facebook.com/home.php. In any case, repressive regimes will continue to block more sites impose information blockades because they tend to view new media and digital technologies as a threat.

Perhaps technologies of liberation are a force more powerful?

In order to remain on the offensive against repressive regimes, nonviolent civil resistance movements need to ensure they are up to speed on digital security, if only for defense purposes. Indeed, I am particularly struck by the number of political activists in repressive regimes who aren’t aware of the serious risks they take when they use their mobile phones or the Internet to communicate with other activists.

Adaptive Learning

One way to stay ahead is to make the learning curve less steep for political activists and to continually update them with the latest tested tactics and technologies. To be sure, one way to keep the upper hand in this cyber game of cat-and-mouse is to continue adapting and learning as quickly as possible. We need to ensure that feedback mechanisms are in place.

There are clearly trade-offs between security and convenience or usability, particularly in the context of technologies. As DigiActive notes in the graphic below, the most secure tactics and technologies may not be the most convenient or easy to deploy. Most political activists are not tech-savvy.

This means that digital activists need to design tactics and technologies that are easy to learn and deploy.

The tactics and technologies listed in the next sections fall into all four different quadrants to one extent or another. It is important that political activists at minimum master the easy and convenient digital security tactics and technologies identified in this blog post.

ACmatrix

Recall that both sides are allocated an equal amount of time to plan and execute their operations. Accelerating the learning process is one way for activist networks to remain pro-active and stay ahead of the curve. This is in part is the role that DigiActive seeks to play. Unlike the hierarchical, centralized structures of repressive regimes, networks have more flexibility and feedback loops, which make them more adaptable.

The normative motivation behind my research on digital resistance is based on the recognition by “many scholars and practitioners […] that the techniques associated with strategic nonviolent social movements are greatly enhanced by access to modern information communication technologies, such as mobile telephony, short message service (SMS), email and the World Wide Web, among others” (Walker 2007).

The potential to leverage those techniques is what makes Digital Security so important to integrate in the strategic and tactical repertoire of civil resistance movements.

Digital Security

I define digital security (DS) in the context of digital resistance as the art and science of staying safe when communicating in non-permissive environments. The reason I call it both an art and a science is to emphasize that both tactics and technology play an important role in staying safe when facing repression.

So the DS framework I want to propose is two-pronged: tactics vs. technology, and safety vs. security. I call it the 4-square approach for obvious reasons:

4square

  • DS tactics: these can be “technology free” tactics as well as tactics that apply communication technology.
  • DS technologies: these include both high-tech and low-tech technologies that are designed to improve safe and secure communication in repressive environments.
  • Personal safety: in this context refers to physical, personal safety when communicating in non-permissive environments.
  • Data Security: refers to the security of the data when communicated from one devise to another.

As the graphic above suggests, personal safety and data security are a function of both tactics and technologies. For example, data security is best ensured when combining tactics and technologies.

What follows is a list of tactics and technologies for communicating safely and securely in repressive environments. The list is divided into technology categories and the bullet points are listed in order of relative convenience and easy to more complicated but more secure.

Note that the information below is in no way meant to be exhaustive, so pleasedo send suggestions! (See also the conclusion for a list of reference and suggestions on further reading).

Digital Security Tactics

As mentioned above, DS tactics come as both technology-free tactics and tactics that relate to communication technology. For example, making sure to pay for a sim card in cash and out of sight of security cameras is a technology-free tactic  that increases the chances of staying safe. Removing the batteries from your mobile phone to prevent it from being geo-located is a tactic that relates to the technology and also increases your safety.

DS tactics can also improve data security when communicating information. “Sneakernet” is a technology-free tactic to share information. The term is used to describe tactics whereby the transfer of electronic information such computer files is done by physically carryingremovable media such as hard drives and disk drives. In contrast, using encryption software for mobile phones is a tactic that uses technology. The communication may be intercepted by eavesdroppers but they may be unable to decipher the message itself.

These tactics are listed below along with a number of other important ones. Please keep in mind that tactics are case- and context-specific. They need to be adapted to the local situation.

  • Mobile Phones
    • Purchase your mobile phone far from where you live. Buy lower-end, simple phones that do not allow third-party applications to be installed. Higher-end ones with more functionalities carry more risk. Use cash to purchase your phone and SIM card. Avoid town centers and find small or second-hand shops as these are unlikely to have security cameras. Do not give your real details if asked; many shops do not ask for proof of ID.
    • Use multiple SIM cards and multiple phones and only use pay-as-you go options; they are more expensive but required for anonymity.
    • Remove the batteries from your phone if you do not want to be geo-located and keep the SIM card out of the phone when not in use and store in separate places.Use your phone while in a moving vehicle to reduces probability of geo-location.
    • Never say anything that may incriminate you in any way.
    • Use code.
    • Use Beeping instead of SMS whenever possible. Standard text messages are visible to the network operator, including location, phone and SIM card identifiers. According to this recent paper, the Chinese government has established 2,800 SMS surveillance centers around the country to monitor and censor text messages. The Chinese firm Venus Info Tech Ltd sells real-time content monitoring and filtering for SMS.
    • Use fake names for your address book and memorize the more important numbers. Frequently delete your text messages and call history and replace them with random text messages and calls. The data on your phone is only deleted if it is written over with new data. This means that deleted SMS and contact numbers can sometimes be retrieved (with a free tool like unDeleteSMS. Check your phone’s settings to see whether it can be set to not store sent texts messages and calls.
    • Eavesdropping in mobile phone conversations is technically complicated although entirely possible using commercially available technology. Do not take mobile phones with you to meetings as they can be turned into potential listening/tracking devices. Network operators can remotely activate a phone as a recording device regardless of whether someone is using the phone or whether the phen is even switched on. This functionality is available on US networks.
    • Network operators can also access messages or contact information stored on the SIM card. If surveillance takes place with the co-operation of the operator, little can be done to prevent the spying.
    • Mobile viruses tend to spread easily via Bluetooth so the latter should be turned off when not in use.
    • Using open Bluetooth on phones in group situations, e.g., to share pictures, etc., can be dangerous. At the same time, it is difficult to incriminate any one person and a good way to share information when the cell phone network and Internet are down.
    • Discard phones that have been tracked and burn them; it is not sufficient to simply destroy the SIM card and re-use the phone.
  • Digital Cameras
    • Keep the number of sensitive pictures on your camera to a minimum.
    • Add plenty of random non-threatening pictures (not of individuals) and have these safe pictures locked so when you do a “delete all” these pictures stay on the card.
    • Keep the battery out of the camera when not in use so it can’t be turned on by others.
    • Practice taking pictures without having to look at the view screen.
  • Computers/Laptops
    • Use passphrases for all your sensitive data.
    • Keep your most sensitive files on flash disks and find safe places to hide them.
    • Have a contingency plan to physically destroy or get rid of your computer at short notice.
  • Flash disks
    • Purchase flash disks that don’t look like flash disks.
    • Keep flash disks hidden.
  • Email communication
    • Use code.
    • Use passphrases instead of passwords and change them regularly. Use letters, numbers and other characters to make them “c0mpLeX!”. Do not use personal information and changer your passphrases each month. Do not use the same password for multiple sites.
    • Never use real names for email addresses and use multiple addresses.
    • Discard older email accounts on a regular basis and create new ones.
    • Know the security, safety and privacy policies of providers and monitor any chances (see terms of service tracker).
  • Browsers and websites
    • Turn off java and other potentially malicious add-ons.
    • Learn IP addresses of visited websites so that history shows only numbers and not names.
    • When browsing on a public computer, delete your private data (search history, passwords, etc.) before you leave.
    • When signing up for an account where you will be publishing sensitive media, do not use your personal email address and don’t give personal information.
    • Don’t download any software from pop-ups,  they may be malicious and attack your computer or record your actions online.
    • Do not be logged in to any sensitive site while having another site open.
  • VoIP
    • Just because your talking online doesn’t mean you are not under surveillance.
    • As with a cell or landline, use code do not give salient details about your activities, and do not make incriminating statements.
    • Remember that your online activities can be surveilled using offline techniques.  It doesn’t matter if you are using encrypted VOIP at a cyber cafe if the person next to you is an under-cover police officer.
    • When possible, do not make sensitive VOIP calls in a cyber cafe.  It is simply too easy for someone to overhear you. If you must, use code that doesn’t stand out.
  • Blogs and social networking sites
    • Know the laws in your country pertaining to liability, libel, etc.
    • When signing up for a blog account where you will be publishing sensitive content, do not use you personal email address or information.
    • In your blog posts and profile page, do not post pictures of yourself or your friends, do not use your real name, and do not give personal details that could help identify you (town, school, employer, etc.).
    • Blog platforms like wordpress allow uses to automatically publish a post on a designated date and time. Use this functionality to auto-publish on a different day when you are away from the computer.
    • On social networks, create one account for activism under a false but real-sounding name (so your account won’t be deleted) but don’t tell your friends about it.  The last thing you want is a friend writing on your wall or tagging you in a photo and giving away your identity.
    • Even if you delete your account on a social networking site, your data will remain, so be very careful about taking part in political actions (i.e., joining sensitive groups) online.
    • Never join a sensitive group with your real account.  Use your fake account to join activism groups. (The fake account should not be linked to your fake email).
    • Don’t use paid services.  Your credit card can be linked back to you.
  • File sharing
    • Use a shared Gmail account with a common passphrase and simply save emails instead of sending. Change passphrase monthly.
    • For sharing offline, do not label storage devices (CDs, flash drives) with the true content.  If you burn a CD with an illegal video or piece of software on it, write an album label on it.
    • Don’t leave storage devices in places where they would be easily found if your office or home were searched (i.e., on a table, in a desk drawer).
    • Keep copies of your data on two flash drives and keep them hidden in separate locations.
    • When thinking of safe locations, consider who else has access. Heavily-traveled locations are less safe.
    • Don’t travel with sensitive data on you unless absolutely necessary.  If you need to, make sure to hide it on your person or “camouflage” it (label a data CD as a pop music CD). See Sneakernet.
  • Internet Cafes
    • Assume you are being watched.
    • Assume computers at cyber cafes are tracking key strokes and capturing screenshots.
    • Avoid cyber cafes without an easy exit and have a contingency plan if you need to leave rapidly.

Digital Security Technologies

When combine with the tactics described above, the following technologies can help you stay safe and keep your data relatively more secure.

  • Mobile phones
    • Use CryptoSMS, SMS 007 or Kryptext to text securely (this requires java-based phones).
    • Use Android Guardian as soon as it becomes available.
    • Access mobile versions of websites as they are usually not blocked. In addition, connecting to mobile websites provides for faster connections.
  • Digital cameras
    • Use scrubbing software such as: JPEG stripper to remove the metadata (Exif data) from your pictures before you upload/email.
    • Have a safe Secure Digital Card (SD) that you can swap in. Preferably, use a mini SD card with a mini SD-SD converter. Then place the mini SD into a compatible phone for safekeeping.
  • Computers/Laptops
    • Use a different file type to hide your sensitive files. For example, the .mov file extension will make a large file look like a movie.
    • Mac users can use Little Snitch to track all the data that goes into and out of your computer.
    • From a technical perspective, there’s no such thing as the delete function. Your deleted data is eventually written over with new data. There are two common ways to wipe sensitive data from your hard drive or storage device. You can wipe a single file or you can wipe all of the ‘unallocated’ space on the drive. Eraser is a free and open-source secure deletion tool that is extremely easy to use.
  • Email communication
    • Use https when using Gmail.
    • Use encrypted email platforms such as Hushmail and RiseUp.
  • Browsers and websites
    • Use Firefox and get certain plugins to follow website tracking such as ghostery and adblock, adart to remove ads/trackers.
    • User Tor software or Psiphon to browse privately and securely.
    • I shan’t list access points for secure browsers, Proxy servers and VPNs here. Please email me for a list.
    • Always use https in “Settings/General/Browser Connection.”
  • VoIP
    • Use Skype but not TOM Skype (Chinese version). Note that Skype is not necessarily 100% secure since no one has access to the source code to verify.
    • Off The Record (OTR) is a good encryption plugin. For example, use Pidgin with OTR (you need to add the plug-in yourself).
    • Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a mobile or landline telephone. However, because neither application is open-source, independent experts have been unable to test them fully and ensure that they are secure.
    • Adium is a free IM application for Macs with built-in OTR encryption that integrates most other IM applications.
  • Blogs and social networking platforms
    • There are no safe social networks.  The best way to be safe on a social network is fake account and a proxy server.
    • The anonymous blogging platform Invisiblog no longer exists, so the best bet now is WordPress + Proxy (preferably Tor) + anonymity of content.
    • Log out of facebook.com when not using the site.
  • File sharing
    • Use Drop.io to create a private, secure media sharing site.
    • Use BasecampHQ with secure/SSL option to create more specific usernames and passwords for each user or remote site.
  • Internet Cafe
    • Tor can be installed on flash disk and used at Internet cafe and also used from LiveCDs if flash drives are not allowed.
  • Other potential tech

Conclusion

The above material was collected in part from these sources:

As mentioned above, please send suggestions and/or corrections as well as updates. And again, please do check the comments below. Thanks! Patrick Philippe Meier

Steganography 2.0: Digital Resistance against Repressive Regimes

A team of Polish steganographers at the Institute of Telecommunications in Warsaw are doing some neat work that should be of interest to digital activists. Steganography is is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

Wojciech Mazurczyk, along with Krzysztof Szczypiorski and Milosz Smolarczyk are using the Internet’s transmission control protocol (TCP) to create fake web traffic that can mask the transmission of secret messages.

As the NewScientist explains,

“Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a “got it” message. If no such acknowledgement arrives (on average 1 in 1000 packets gets lost or corrupted), the sender’s computer sends the packet again. This scheme is known as TCP’s retransmission mechanism – and it can be bent to the steganographer’s whim, says Mazurczyk.”

The team’s project is called Retransmission Steganography, or RSTEG, proposes to use software that deliberately asks the receiver of information to prompt a retransmission from the sender even when the data was successfully received in the first place. As Mazurczyk explains, “the sender then retransmits the packet but with some secret data inserted in it,” which means, “the message is hidden among the teeming network traffic.”

The use of RSTEG as a tactic for digital resistance could be quite effective. While eavesdroppers could monitor the fact that a first sent package is different from a second retransmitted one containing the secret message, this would be somewhat useless since all retransmitted packages differ from original ones anyway. In other words, “Retransmissions in IP networks are a ‘natural phenomenon’, and so intentional retransmissions introduced by RSTEG are not easy to detect if they are kept at a reasonable level.”

Mazurczyk and Szczypiorski are also working on a parallel project that draws on steganographic techniques to creating covert channels for Voice over Internet Protocol (VOIP) streams. This approach, called Lost Audio Packets Steganography, or LACK, “provides hybrid storage-timing covert channel by utilizing delayed audio packets.”

For more information on the technical specifications of the RSTEG and LACK techniques, please see the authors’ papers here and here respectively.

The team plans to demonstrate their approach at a workshop on network steganography in China later this year. Yes, China.

Patrick Philippe Meier

iRevolution One Year On…

I started iRevolution exactly one year ago and it’s been great fun! I owe the Fletcher A/V Club sincere thanks for encouraging me to blog. Little did I know that blogging was so stimulating or that I’d be blogging from the Sudan.

Here are some stats from iRevolution Year One:

  • Total number of blog posts = 212
  • Total number of comments = 453
  • Busiest day ever = December 15, 2008

And the Top 10 posts:

  1. Crisis Mapping Kenya’s Election Violence
  2. The Past and Future of Crisis Mapping
  3. Mobile Banking for the Bottom Billion
  4. Impact of ICTs on Repressive Regimes
  5. Towards an Emergency News Agency
  6. Intellipedia for Humanitarian Warning/Response
  7. Crisis Mapping Africa’s Cross-border Conflicts
  8. 3D Crisis Mapping for Disaster Simulation
  9. Digital Resistance: Digital Activism and Civil Resistance
  10. Neogeography and Crisis Mapping Analytics

I do have a second blog that focuses specifically on Conflict Early Warning, which I started at the same time. I have authored a total of 48 blog posts.

That makes 260 posts in 12 months. Now I know where all the time went!

The Top 10 posts:

  1. Crimson Hexagon: Early Warning 2.0
  2. CSIS PCR: Review of Early Warning Systems
  3. Conflict Prevention: Theory, Police and Practice
  4. New OECD Report on Early Warning
  5. Crowdsourcing and Data Validation
  6. Sri Lanka: Citizen-based Early Warning/Response
  7. Online Searches as Early Warning Indicators
  8. Conflict Early Warning: Any Successes?
  9. Ushahidi and Conflict Early Response
  10. Detecting Rumors with Web-based Text Mining System

I look forward to a second year of blogging! Thanks to everyone for reading and commenting, I really appreciate it!

Patrick Philippe Meier