this space intentionally left blank

January 22, 2009

Filed under: politics»the_new_protest

Protest and the Distribution Problem

Let's say you're part of a social movement in an authoritarian country. You're not even a leader--just a participant, albeit an empowered and adaptable example (perhaps your movement doesn't even really have leaders, per se, as many spontaneous protests don't). It's in your best interest, as well as the best interest of your organization, that you be able to communicate quickly and effectively with other members, probably using some kind of moderated broadcast network. Normally, you'd use one of many Internet services--Twitter, e-mail, blogging, etc. But of course, living in an authoritarian regime, it's not that simple.

It's not that you need to use a channel for confidential communication, since if you've read your Gene Sharp you know that excessive secrecy is as much a liability as an advantage. And you don't need it to be capable of high-bandwidth miracles: reliability and technical compatibility are more important than rich audio and video or message length. What you do need is complete decentralization. And that's the rub, because I can't find any software solution to that particular problem.

Decentralization is important because centralized resources are vulnerable. They can be censored (see: China), hacked, or hit with denial-of-service attacks (see: the takedown of Estonian and Georgian government sites). A dissident under authoritarian rule can't count on services vulnerable to these attacks--they can't even necessarily count on the infrastructure on which those services are based, since it's likely controlled by the authorities as well and could be targeted or cut off completely (see: Burma's disruption of all Internet access in 2007, or China's ability to censor SMS messages based on content).

Barring the total collapse of the underlying infrastructure (but not excluding scenarios in which it is heavily filtered or isolated), what's needed is effectively a peer-to-peer network. This is not, unfortunately, something on which web trailblazers have been concentrating. After all, the advantages of Web 2.0 have been fueled in part by centralization (at least from the point of view of the client). Google may be massively decentralized on its backend through the application of map/reduce programming, but the front end is useful to people because of the data shared across * Break the connection to that domain, and we don't just lose GMail: there goes all the remotely-invoked JavaScript, code mashups, and programs built on Google Apps. That's a lot riding on a relatively simple point of failure, which would be better served by moving to the edge and using lots of redundant mirrors. Indeed, this is exactly what Chinese dissent bloggers have been forced to do.

Take a less extreme example: e-mail and IM. E-mail is not what we would typically think of as "centralized." Anyone can set up a mail server, or rent one, instead of using the big webmail providers. And all of those servers can talk to each other. But in the end, they're a client-server relationship that usually has to remain stable over time if they're to be of any real use--i.e., people can't just change e-mail addresses constantly, leaving them vulnerable to attack on the hosting server. Even if they did change addresses regularly, perhaps using a mailing list to maintain connections, it only moves the vulnerability to the mailing list. There's an implicit assumption that something is going to act as the coordinating hub--an assumption shared by even the most decentralized IM network, Jabber (or its federated microblogging counterpart, It takes more effort to shut down or censor a multi-server network, as opposed to one sitting under a single domain. But it's not an impossible task by any stretch of the imagination.

What you, our anti-authoritarian dissident, might find really useful is a kind of ad-hoc mesh network--one that discovers nodes nearby and synchronizes to the latest data available. It doesn't have a central server. There's no addresses or domains that could be shut down. Some networks like this do, in fact, exist: Gnutella can be run as a strictly peer-to-peer setup, and BitTorrent has support for a trackerless system using distributed hash tables. We'd have to solve problems of reliability and speed, but at least it's a lot harder to shut this down.

But wait: haven't we just moved the problem around again? Now we have a peer-to-peer channel for transferring information without relying on vulnerable central transfer points, but now we have to make sure that the information itself isn't being altered or tampered with as it makes its way across the mesh. Maybe we could sign messages with an encryption key, so that their author can be verified. Better hope that the private key never falls into the wrong hands--and how do you get the public key out to people in the first place? Any given security solution is only as good as its weakest link--and the weakest link in social movements, I think, is never the communication channel itself, but the people who run it.

There are probably lots of other issues undermining the idea. I'm not a security expert, and already this is seems like an increasingly complex problem. When faced with a technological spiral like this, I sometimes find that the solution is to step back and rethink the problem itself--especially since this solution is probably way too complicated for typical users restricted by technical know-how and budget.

I'm reminded instead of a post at Perspective 2.0 that imagines the process of writing physical letters as an adjunct to information technology--another layer in the protocol, so to speak. It's easy to get captured by the glowing promise of ICT in democratic societies, and from there spin off into a dreamworld where protesters coordinate over an open-source Twitter clone via their smartphones, but that's just not realistic (or possibly even desirable). But the lessons of organizational communication are conceptual: they can often be back-ported to other, less-efficient media. So maybe the question isn't how to bring social protest to the Net, it's how to bring the Net's security innovations (including decentralization and peer-to-peer communication) and bring those over to the movement.

Future - Present - Past