≡ Menu

How to Crush Dissent

While in Berlin for the LinuxTag 2010 conference a couple of months ago, I took the opportunity for a 8-mile long meandering walk across the city, from Warschauer Strasse and the East Side Gallery to Wittenbergplatz and KaDeWe, taking in the various historical sites along the way.  It was a great refresher course in 20th century European history.  I especially enjoyed the free outdoor exhibit in Alexanderplatz, which dealt with the Revolutions of 1989 with a focus on the various dissident movements and publications in the DDR.  Most were self-published, stealthily distributed samizdat newletters, copied laboriously using  typewriters and carbon paper, primitive printing presses, or toward the end, some personal computers smuggled in from the West.  They had on display an Amiga 500 and an NEC Pinwriter P6 used in 1989.  Through “advanced” technology like this, document production could be raised from a few hundred to tens of thousands of copies.

As I looked at this display of samizdat publications, each a sign of struggle, technical and political,  I was smug.   Surely, all of this is irrelevant today?  The march of technology has now put within each of our hands tools that are orders of magnitude more efficient and effective than any underground publication of 1989.  With the Web, and WordPress and Twitter and YouTube and other services, we can instantly get a message out to millions of people.  We are far more advanced now.

Or so I thought for a few brief minutes, until the horrible truth struck me as I considered the question more deeply.  No, technology has not made dissent safer.  We are merely fortunate that the political climes of 2010 permit more dissent.  But if challenged, the powers that be have far greater tools to control information than they did in 1989.  I am not certain the tools available to the individual come close to being able to withstand them.

I strongly believe that the capability for citizens to dissent is an essential complement to fallible leadership. And all leadership is fallible.  Without such capabilities, transitions of power may be less frequent, but they also may be far bloodier.

Note that I say “capability” for dissent.  I don’t mean that all forms of dissent should be legal.  Certainly this is a good thing as well, and is enshrined in the constitutions of many democracies today.  But I mean something more fundamental, the capability of individuals and groups to organize and express dissent, even when this goes against the law. It is almost axiomatic that a regime slouching toward oppression will, at an early stage, declare dissent illegal.  History has shown this to us repeatedly.  So the capability to express illegal dissent is in some sense even more important than the ability to express dissent legally.

Through the 20th century there were many attempts to reduce capabilities to express dissent, from outlawing of opposition political parties, to shuttering independent newspapers, to mandatory registration of typewriters.  These all made dissent more difficult and riskier, but they did not remove the capability.  It was still possible, for one person, or a group of people, to organize in secret and get their message out.  They did it illegally, and at their own peril.  But that was enough to start the wheels turning.  If 10 people protest, they are called insane and carted away to the hospital.  If 1,000 people protest, tear gas is used and people are sent to prison,  But if 100,000 protest, then governments fall.  In a sense the gamut from civil war to an open democratic election, including a nationwide protest someplace in the middle, are all proxies for the use of force.  There are bloody and bloodless ways of determining the majority opinion, and prudence suggests not eliminating the opportunity to use bloodless methods.

My sad observation is that we are quickly reaching the point, perhaps for the first time in history, where governments will have the means to eliminate even the capability for illegal dissent.  I believe this is a destabilizing threshold to cross.

Consider the following thought experiment.   Imagine we are back in 1985, back in the DDR, but instead of typewriters, you have all the 21st century technological facilities, the internet, Twitter, Youtube, etc.  You are a dissident and I am the government.

Your two main tasks are:

  • To collaborate electronically with trusted parties, while protecting the contents of the communication, as well as the identities of the other parties.
  • To publish  information anonymously or pseudonymously for public consumption

You wouldn’t be much of a dissident leader if you didn’t attempt those two tasks, and I wouldn’t be much of an oppressive regime if I did not try to stop you!

So where should I start?

  1. A private national network.  Think North Korea.
  2. A Great Firewall.
  3. Mandatory registration of computers, internet accounts
  4. Control of DNS
  5. Control of search
  6. Control of Certificate Authorities
  7. Invisible tagging of paper/ink
  8. Software monoculture that provides a single point of government control
  9. Limits on how many emails can be sent.  One might argue in favor of this as an anti-spam measure.  But also prevents effective organization.
  10. Outlaw strong cryptography.
  11. Reduce due process, making it trivial to subpoena ISP records without judicial review
  12. Make circumvention technology illegal
  13. Copyright — prevent fair use, Creative Commons, etc., extending copyright to government records

The interesting thing is how far we’ve gone down this road, especially at the behest of the recording industry and the copyright lobby.

What capabilities do you have on the other side?  What are your abilities to express dissent?

I think the example of Wikileaks quickly comes to mind.  That shows one example of a web site, that through technical and jurisdictional means, appears to have avoided take-down by a far more powerful entity, at least so far.  However, I think this is a Pyrrhic victory.  The mere existence of Wikileaks will spur governments to tighten laws, invest in additional counter-information technologies, such as the Internet “Kill Switch” proposed by the Department of Homeland Security in the U.S., etc..  The presence of a presently uncontrollable voice will surely lead to a concentration of control of the choke points of the internet that will eventually silence that voice.

When an irrepressible force meets an immovable object, one may speculate which will win.  I put my bets on the side with the money and the guns.  The danger for the rest of us is that in their attempts to control a venue for indiscriminate, absolute free speech, they devise such choke points that they provide the ability for future regimes to crush dissent, and by eliminating dissent also eliminate the best opportunity we have for peaceful revolutions.

Of course, I do not advocate sedition.  And I’m not an advocate of absolute free speech.  There are copyright laws, there are privacy concerns, there are military secrets, there is child pornography.   These all trump free speech.  But I think that means that we make these activities illegal and vigorously prosecute those who break these laws.  But we should be seeking the minimal technical means necessary to detect the violators, without introducing such technologies that, to the level of a mathematical certainty, eliminate the ability for these activities to take place.  Because, if we do so, we also at the same time introduce mechanisms that can be also used to crush political dissent.  These technologies may first be promoted under the banner of “national security” or “protection of intellectual property”, but that is just their purported intent, not their technological limitation.

One would need to be a rather poor student of history not to notice that for several times in the past century governments have occasionally lapsed and ended up a wee bit overzealous in their attempts to secure a high degree of visible consensus among their citizens.  When this happen, it is good to have several avenues to pursue honest and forthright discourse.  Certainly one doesn’t want to make it too easy to topple an established form of government, but neither does one want to make it mathematically impossible.  You want to bias the balance of rights toward stability, while acknowledging that the forces of revolution are forces of construction as well as destruction. We have 400 years or more of experience balancing free speech with legitimate needs of governments to declare some speech illegal.  To date this has been done without the concentration of technical and administrative control sufficient to effect absolute prior restraint.  This is changing.  The unintended consequences of having such concentrated control should give us pause and make us hesitate rather than move quickly.  The creation of the equivalent of an anti-free speech nuclear bomb, a big red button that when pressed will silence a class of speech, must be avoided.

{ 21 comments… add one }

  • orcmid 2010/08/15, 15:52

    Important concerns well-said. Thank you.

  • mariuz 2010/08/16, 03:13

    True , the same could happen in any country , for example in Romania some extremist parties they try to “filter” all the blogs on the internet . Yes it’s stupid but they do have some really bad ideas for internet
    like you said : great firewall , forbidden encryption

    ps:god save the pgp

  • Roshan 2010/08/16, 07:48

    Mariuz: About PGP — If I were an oppressive government today, then I would detain people for the mere use of PGP since the number of people using encryption is small and no one uses it for trivialities. One way to fight that sort of thing is for the use of encryption like that to become much more widespread so that the government can’t know that that particular encrypted message isn’t just John Doe telling his wife about the cute thing his cat did. They can’t arrest every cat owner, can they?

  • Chris Ward 2010/08/16, 12:44

    Fortunately, you have a proud tradition of respecting dissent in the USA.

    Everything from kicking us Brits out back in 1776, to the question of whether one person can own another person which you fought an internal war over (the current position is that one person may not own another person), to Rosa Parkes and her bus ticket (which you eventually concluded was precisely as good as any other bus ticket in terms of which seat she could sit on).

    So it gets contested, but eventually usually ends up on the side of the freedom-loving. The public interest wins out in the end.

    Now, what’s AT&T up to at the moment ? Telephones, or Unix ?

    And how about the competitive position betweeen Lotus Notes and Microsoft Office ? Of course, you and I would both prefer that businesses bought Lotus Notes; that pays our salaries.

    But the public interest is that they should have the choice.

    “God Save the Queen”. Or, if you prefer, “I Pledge Allegiance to the Flag, and to the Republic for Which it Stands”.

    We’re not really showing dissent. We’re just engaging in honest competition.

  • NI 2010/08/16, 13:27

    History is teaching us people never learn from history.

    As a person who had the misfortune to spend half of his life under an oppressive regime I can testify that what the author of this post is telling is sad, true and especially worrying. I’ve been through all that so I might be able to adapt once again but how about the rest of you ?

  • Rob 2010/08/16, 13:33

    @Roshan, The use of encryption should be easy enough to detect. At the network’s edge I can scan for high entropy, for example. If I see a single person email a large number of people each with different high entropy messages then I would likely start asking questions. Of course, there are then steganographic approaches, where the existence of the message is obscured, by embedding in an image, etc.

    But as a regime, I don’t know if I care too much about technical means people use to keep secrets in small groups. I know that secrets don’t scale. Above more than a few people there will be a “patriotic” neighbor, a passer by, even a mole. If the US government, with all the resources available to it, can’t keep classified documents off of Wikileaks what makes us think that dissidents will be much better at preserving their secrets? As for the remaining, small conspiracies, they are useful for perpetuating a constant sense of paranoia. In fact, if they didn’t exist, I’d need to invent them.


    I think my point is that bits are bits. The technological mechanism that can shut off my bits because of an alleged copyright violation can also be used to shut off my bits because my views are considered dangerous.

    I’ll give you an analogy. The right to free speech is one of our basic freedoms. But we are slowly seeing the technological means developed by which we could be deprived of this right by the push of a button. What if we did the same to another basic right, say the right to live? What if under government mandate we were all fitted with special collars that by the push of a remote button would relay a radio signal to sever my spine and cause my immediate death. The argument might be that there are terrorists, and kidnappers and murderers out there, and it is much safer to have everyone wear these collars, since then the legitimate authorities could protect life and property more easily. You could argue that the police already have the ability to use deadly force in extreme circumstances, and that this is just a more efficient, safer way of enforcing existing laws.

    What would we think of that? What would we think of that technology existing, and the potential for it falling into the hands of a less liberal government? The analogy of course, is that digital devices and the web in general are being fitted with remote kill technology. Who controls that kill switch?

  • Chris Ward 2010/08/16, 17:03

    It was ever so, though.

    In the Middle Ages, in England, you had to choose whether you would live in Nottingham Castle with the Sheriff, pay your taxes, and be protected by the King; or live in Sherwood Forest with the outlaws, pledge allegiance to Robin Hood, and survive that way. It was a squabble about money then, too; do you tax the poor to pay the rich, or is it more ‘just’ to rob the rich and give to the poor ?

    Some of the web has ‘remote kill’ technology, but more is being added that doesn’t have any such thing. I feel it will probably all ‘melt down’ one day, and stop; but I think it will more likely be the result of a genuine accident, or an out-of-control “Sorcerer’s Apprentice”, than be deliberate act of any government or business. The engineering solution will be to press the ‘reset button’, restart it, and get on with designing something more robust for the future.

    We had “Guaranteed Service” in the days of IBM SNA; but that (like many other IBM proprietary technologies) saturated its market. And so we are now in the days of “Best Effort” open standard TCP/IP, and we have to live with the consequences. Sometimes it breaks.

    Bits are bits, and in America you have the right to be anonymous as and when you choose. You’re OK.

  • Rob 2010/08/17, 14:22

    Of course what was illegal to print in England could be published in Amsterdam. So there were outlets for dissident views.

    The danger I think is we draw a box around the government and law abiding citizens and label that box “society” and assume that everything outside of that box is expendable. But even a cursory look at history shows that the most pivotal figures were the ones who stood outside that box at their time. In fact, civilization has been saved many times by those outside the box.

    I have nothing against putting the thumb on the scale to bias in favor of those in the box. It would be chaos otherwise. But I think that the moment we implement absolute, mathematically perfect, technological means to eliminate public speech of those outside the box, then we have essentially condemned the intellectual and cultural progress of the species.

  • anon 2010/08/17, 17:12

    I would install a darknet client and distribute it. They are made for these exact purposes. Check wikipedia. In short, they run on a version of the tor protocol where you are sharing websites only with other users of that specific client. They are made to exist in oppressive countries like North Korea, they have no single point of failure for hosting a website, it is untraceable, and it is where all of the terrorist websites currently exist.

  • Rob 2010/08/18, 20:50

    Easy, I create a darknet client clone and also distribute it. But mine spies on you and echos the traffic to the Department of Law and Order. The average user can’t tell the difference between a legitimate copy and the real
    one. Code signing? OK, mine will be signed as well. And I’ll make sure that root CA’s are government regulated. So whoops, your certificate was just revoked!

    Also, your client needs to run on an OS, right? Well, I could declare that terrorists are using darknet clients to harm America and require that all OS’s sold in the US must have mandatory malware detectors installed, government approved of course, that will find and eliminate such software. Of course, they will also look for, remove and report file sharing apps and whatever else we consider to be illegal.

  • Anon 2010/08/24, 09:55

    Hi Rob,
    Thanks for responding! I’m having a problem quickly responding to your post because it’s hard to tell how much you know about Tor, hidden services, and the darknet clients. I’ll respond in your hypothetical, but know that this does actually work in countries where it is illegal to have VPN technology or distribute that technology. And I’ll explain why it does.

    So the spies and echoes would be listening to the information being passed around the network and the second would be operating an exit node. Neither are really threats to the network that is built in Tor space. So if you’ve built an OpenVPN server, or played with VPNs, you know that they operate with virtual IPs, not real IPs. That is the useful part of hidden services.

    So in hidden services you operate a website on lkjljlkj.onion which isn’t accessible with a x.x.x.x IP, it is only accessible with a hex based virtual IP. So you never know where it is coming from in the real world. In other words, if you are listening that’s fine, because you have a bunch of garbage IPs.

    Seccond, if you are broadcasting that info to some other place, that’s fine. These are all public on these networks. These aren’t password protected sites, nor should they be. It’s like operating 4chan but legitimately on an anonymous server. So people can talk as they would, not giving personally identifying info knowing anyone at large can and is reading it.

    For a while wikileaks only existed in tor space. So that is a good example, right? A site everyone knows is public, and wants to be public. But now can’t be traced.

    Oh, almost forgot. So what the darknet adds, is redundancy to your hosting. So you can setup your site, they are usually basic html sites, and let thousands of people host small bits of it. (Think of the bittorrent protocol pushing out information to thousands of nodes to host simultaneously, which gives you redundancy, although it isn’t over bittorrent). You can also just have a few selected people host it, or have certain people host certain parts.

    And again, this IS working in countries like China where this is very illegal, so it isn’t a theoretical exercise. It works.

  • Rob 2010/08/29, 21:41

    @Anon, my point is you can only start a darknet by distributing access software, just like you can’t use a VPN without first getting employees to install the VPN software. So a weak link, and perhaps the weakest link, is the integrity of that software. How do you know the software does what is says it does? Perhaps you have the source code and compile it. Perhaps you also trust the compiler and the OS and build that all your self. But there are only very few people (relatively) who can do that. And fewer still who can verify that the code has no backdoors or intentional flaws.

    So in practice, you are distributing binaries, either on the public web, or via some other mechanism, maybe even physical copies. But how do you know that these are genuine? A hash? Well who hosts the official hash value, and how do you know if they are legit? Maybe it is digitally signed? But how do you know if the root authority is not compromised? The problem is that there are only a handful of trusted root services on the internet, namely DNS and CA’s, and these seem well in reach of government tampering.

    So even if a running darknet doesn’t depend on DNS or CA’s, setting one up initially and growing it and scaling to a size needed for political action, this seems much harder. Hmmm… so maybe the goal should be to set these up now, before it is too late?

  • crashsystems 2010/09/02, 14:01

    The technological suppression of dissent is essentially a specific application of security technologies. Everyone who understands security knows that there is no such thing as perfect security. Instead, there are degrees of security, with improved technology getting closer but never quite reaching perfection. Likewise, I think the technology to censor and suppress dissent will improve but will never reach perfection.

    Just as improved technology improves how well a government can censor, it improves the user’s ability to bypass censorship. However, this only applies to people who truly understand the technology and how to use it. So as technology improves, more technological knowledge is needed to avoid censorship, which means the number of people knowledgeable enough to avoid censorship decreases, but never quite reaches zero.

  • anotheranon 2010/09/03, 06:04

    Thank you for this informative and inspiring article!

    I have recently read a book by Geert Mak, titled “In Europe”, which gives a very good overview of the good, bad and ugly history of Europe in the 20th century.

    I heartily recommend it to young people who think that oppression is “a long time ago and far away”, because the book illustrates with a lot of examples and anecdotes that what individual people do sometimes really matters.

    Warning: the book is fat, and some chapters are seriously depressing, as you would imagine..

  • TriangleDoor 2010/09/07, 12:54

    Moving one’s communication to a networked client-server model is the biggest boon to monitoring and controlling–including disallowing–communication traffic since the word *boon* was coined. Only free-to-air electromagnetic communication–radio and television, both in point-to-point and broadcast senses–can hope to evade such control. Short of that, we have the written, printed and spoken word in its various forms, aided by sneakernet in *its* various forms.

    The idea of “network neutrality” is snake oil and will only make lawyers more wealthy. The whole reason for moving communication to client-server networking, beyond achieving more or less guaranteed and uniform propagation, is monitoring and control of what’s in the pipe. Such networking is the enemy of freedom to communicate *on its face*.

    Working in the UI of my family’s router, I can block (or, if I’m the likes of FrontPorch and other dep-packet inspector-modifiers, even modify!) words, sites, addresses, subnets, the entire Internet, with a few keystrokes and clicks. Such meddling will *never* be possible with free-to-air radiocommunication; it can be jammed–which, BTW, is uniformly illegal even at the international level–but never as completely and uniformly as the gatekeeping facilitated by even the lowest cost home router.

  • Reprint 2010/10/24, 08:13

    Rather than single point of government control, there is the possibilty of other entities taking advantage of that single choke point. Most of our protective legislation is oriented towards protecting citizenry from government abuse. Nowadays, some multinationals have larger budgets than some nations and cause more trouble than some armies.

  • Bill on Tor 2011/01/09, 21:04

    “Hmmm… so maybe the goal should be to set these up now, before it is too late?”

    Darknet: If I were publishing anything genuinely likely to get me a kick on the door in the middle of the night, this is where I’d do it.
    E-mail anonymizers … use for an hour (via Tor) and then walk away.
    Tor (I’d like for them to allow a variable number of hops, say, 3-7, just to mix things up a bit)
    TrueCrypt: “All gone. Two layers deep. Can live on a USB key.” Its presence indicates likely encryption … but once you’ve revealed your fetish for (fill in the blank) … it’ll take physical torture to get the second layer out of you.
    Rick roll your drive. (DAGS.) Or, alternately, host a macarena festival on your drive. It’s all good … and it puts your deleted data one layer deeper. Instructions are available for Linux & Windows users. Although the Windows instructions are poorly drawn.
    PGP (everywhere, everytime, on by default) On by default is the key here. I’d use it in a NY second … if I knew anybody who could read an encrypted e-mail when they got it from me. Heck, I’d e-mail ’em just for the novelty of it.
    Printer memory that is easily and irrevocably wipeable. Second best, memory that is readily swappable. Keep a ‘safe’ stick / disk inserted except when printing ‘touchy’ stuff. Insert the ‘touchy’ memory while printing that stuff, then wipe it after use. EVERY use. At intervals,
    Cell phone memory that is also easily and irrevocably wipeable. NO onboard call or number memory.
    Twitter: (yes!) you can get info (such as an address) out to a LOT of people if the ones you DO get it out to understand the need to pass it along (retweet) with urgency.

    I’m sure I missed a lot. Will you guys miss me?

    Sadly, I see only two choices … to be paranoid but prepared or to be grist for the mill.

  • Bill Canaday, 2011 2011/01/10, 14:22

    It seems like it would be possible for the gov’t. (or other well-funded entity, such as the UN) to map the TOR servers … there just aren’t that many … and shut them down individually.

    There only appear to be a few thousand of them now.

    What is needed are a couple million or so in a constant state of flux. This won’t, in itself, keep TOR from being shut down. What it will do is make the shutdown too big to ignore or deny. The TOR software (Linux, Windows, OS-X, smartphones) is available for download here: http://www.torproject.org/download/download.html.en

  • Jakob Krarup 2011/03/22, 08:12

    Good article :)
    Found an important typo I think.
    You write: “I don’t mean that dissent should be legal.”
    Don’t you mean “illegal”…?


  • Rob 2011/03/22, 19:09

    @Jakob, I meant that. But it is a little confusing, so I rephrased it now as “I don’t mean that all forms of dissent should be legal”.

    There is a spectrum of ways to approach dissent, ranging from encouraging it, to tolerating it, to allowing it legally only in some forms, to making it illegal in most or all forms, to making dissent impossible, even by those who are willing to take the consequences for breaking the law. The scary thing to me is that we are approaching the technological ability to make many forms of dissent impossible, not merely illegal.


  • Alpheus 2011/12/22, 18:28

    I’ve given this very issue a matter of thought months ago (perhaps even around the time you wrote this article), and I agree: we need to be wary. I have often wondered how a “sneakernet” would be helpful in overcoming these difficulties, as well as our own private networks. Perhaps it may even be necessary to resort to “ancient” technologies, such as typewriters and dot-matrix printers.

    In any case, these aren’t easy questions to answer, but we ought to keep them in mind, and do our best to answer them!

Leave a Comment

Next post:

Previous post: