Is 11 Feb 2014 The Day We Fight Back?

The Day We Fight Back

Appalled with government surveillance without oversight? Sick of having your privacy invaded? Numb from stories about the NSA? If you are, you’ll have had many more bad days than good since June 2013.

But today, just perhaps, could be one of the better ones.

Why? Because somebody, somewhere, declared that Feb 11 is The Day We Fight Back Against Mass Surveillance and an awful lot of people are ready to agree. In a message addressed to “users of the internet”, the protest’s website declared:

Day we fight back

In January 2012 we defeated the SOPA and PIPA censorship legislation with the largest Internet protest in history. Today we face another critical threat, one that again undermines the Internet and the notion that any of us live in a genuinely free society: mass surveillance.

In celebration of the win against SOPA and PIPA two years ago, and in memory of one of its leaders, Aaron Swartz, we are planning a day of protest against mass surveillance, to take place this February 11th.

Together we will push back against powers that seek to observe, collect, and analyze our every digital action. Together, we will make it clear that such behavior is not compatible with democratic governance. Together, if we persist, we will win this fight.

That sounds good to me – so how are the organisers urging us to push back?

In the days counting down to today the campaign’s home page was rather disappointingly reminiscent of Slashot’s profit meme, protesters were urged to do three things:

  1. Run website banners and change their profile pictures
  2. Talk about it on Reddit
  3. Um, something else (OK, it actually said “Be creative”)

Hearteningly some more substantial activities are on offer. The events page lists the real-world protests that are planned in a number of cities around the world.

The plan to make 11 February a protest against NSA surveillance was announced on 10 January, the eve of the first anniversary of the death of Aaron Swartz, and has the backing of some of the internet’s big beasts like Reddit, Tumblr, Mozilla and the Electronic Frontier Foundation.

Wikipedia, who ran an evocative black out seen by hundreds of millions of people during the SOPA protests, is not on board however.

Wikipedia Screen Shot 2014-02-11 at 10.48.26

The organisers of The Day We Fight Back are understandably keen to invoke Swartz’s memory and draw a parallel with the highly successful protest he organised, but I think today is very different.

I agree with the campaign’s motives and wish it the best, but I am, personally, struggling to get behind it.

OK, I admit I struggle to get behind anything where changing my avatar counts as ‘doing something’ but my arguments run deeper than that too.

Here’s why today is not the SOPA protest; The timetable for stopping SOPA was driven by the passage of a bill through the US congress and the goal was clear – stop the bill, stop SOPA, save the internet.

In its own words the anti-SOPA campaign melted the phone lines to Capitol Hill. Minds were changed, believers turned to sceptics.

If the phone lines melt today, no votes will be counted because no votes are at stake. The smell of molten plastic might snap a few congressmen into line but what are we asking them to do, exactly, once they are? Without a clear goal the protest becomes a tantrum.

The anti-SOPA campaign was also fighting to stop bad news that hadn’t happened yet. What was being fought against was well understood and everyone could agree on what was required to stop it. And, perhaps most important of all, the campaign’s adversaries were operating in daylight and within the law.

Last of all, SOPA might have been a problem for everyone but the solution at least was confined to the USA.

None of these things are true about the situation we’re Fighting Back against today.

Of course if I use this article to simply protest against the protesters, then I am doing no good either. So let me set out what I think today will be about for me, as well as what you can do.

Before Snowden, we knew little or nothing of internet surveillance by governments. Some suspected it was going on; throwing mud in China’s direction was very popular and there had been rumblings about a system called Echelon for years, but we didn’t really know anything.

Collectively we mistook not knowing it was there for it not being there at all.

Since then we have been fed a steady, relentless flow of information, week after week, about intrusive, pervasive, government surveillance. But each week’s revelation has come from the same whistleblower, and each story has been about the same people doing the same sort of things in the same sort of places.

It’s been groundhog day since PRISM and we’ve actually learned very little.

As illuminating as it is, much of the information from Snowden is old (some of it is as current as Windows Vista) and almost all of it deals with one government agency in one country. That suggests to me that our understanding of internet surveillance, while better than it was a year ago, is mostly incomplete.

I do not believe that the NSA is the only organisation, nor that the US is the only county, capable of tapping into internet cables. Nor do I believe that if the NSA dismantled its infrastructure today I’d be safe from government surveillance.

Surveillance by the NSA is the problem we know about, but illegal surveillance by anyone in any country now or in the future is the problem we have to address if we’re actually interested in making ourselves safer.

Who do we lobby to fix that situation and how will we ever know if we have succeeded?

The answer is that we don’t know and we never will. If that’s the case, the only sensible way to behave from now on is as if we haven’t won, even if it looks like we have.

Making ourselves safer is not only useful but a form of protest – one that actually impacts the organisations spying on us in a way that any number of catchy hashtags never will.

Safer internet dayFittingly, 11 February is also Safer Internet Day, a day its organisers hope will promote safer and more responsible use of online technology and mobile phones, especially among children and young people.

Their slogan is “Let’s create a better internet together” and that is a slogan I can get behind.

What we need from 11 February is not a day of noisy protest but a day of action that kicks off the difficult process of turning the internet from something that is easily spied on into something that isn’t.

The way to do that is to start using, or (better yet) contributing to, software, services and protocols that use encryption when data is on-the-wire or at rest. There are a thousand ways to do that but here are just a few suggestions:

A good place to start for anyone who wants to share less about themselves online is by taking our 3-Step Privacy Plan Diet.

Web users can encrypt more of what they do online by using tools like HTTPS everywhere or Tor.

Systems administrators can ensure that email servers talk to each other using TLS (Transport Layer Security), that email at rest is encrypted, that websites use HTTPS and Forward Secrecy and that their DNS is secured with DNSSEC.

If you’re interested in the bigger picture, the IETF (Internet Engineering Task Force) has a number of active working groups dealing with things like the future of HTTP and TLS.

There is also the pressing question of whether Covergence, DANE or anything else can offer a realistic alternative to the vulnerable system of Certificate Authorities we use today.