Towards Revolutionary Communications For The 21st Century
Step I - Private Communications
This is a post about private communications. This communication itself isn't private. It's a blog. Although I've sent the link around to a number of people via email, anyone can read it, whether they're a casual reader of mine or a google-sent random. I'm using this public communication to talk about secure private communications. Down the line I plan to use private communication to talk about public communication. Sneaky, oui?
If that tickles your funny bone...
The Pitch
Here's the deal cats and kiddies. We need to be able to talk to one another in private and with trust. Since the dawn of time this has meant doing things in person, careful of where you're doing the talking and how loud. That's not going to change, but this is the 21st Century. If we rely on face2face for secure communications, we're one step behind the bad guys.
Basically, we need to take advantage of mediated communications, and to do so securely. There are three basic steps to take. First of all we need to establish security, that it's even possible to have communication protected from eavesdroppers and interlopers. Secondly we need to establish identity, that we are who we say we are. Third, we need to establish privacy or exclusivity, a means of keeping the pool of con-versants trustworthy.
I personally think that we're going to need to communicate around certain legal and regulatory barriers in the coming decades in order to get things done. We're going to need to coordinate across zones of jurisdiction, even internationally. We're going to need to be able to converse without fear. We're going to need to maintain the element of surprise. I'm going to write more about why I think we need to learn more about private communications (in addition to the massive experiments already ongoing with public communications), but for now I'll just get right down to the hurdles as I see them.
Security
Cellphones can be easily tapped by amateurs. Landlines are more and more vulnerable to wiretap without notification or judicial oversight, and can also be tapped by moderately skillful professionals. I'm not saying that your phone is tapped. That's not very likely, although depending on how things shake out it could get more probable.
But anyway, phones are on their way out. The problem is that when we get to the internet, the world of websites and forums and blogs and email and IM and Voice Over IP -- the world where our revolution is supposed to have its fertile roots -- the situation gets a lot more troubling.
Law enforcement agencies filter email traffic in bulk for keywords. They can read your or anyone else's email on US networks at will. For that matter, so can any high school geek who sets his or her mind to it. IM conversations are just as vulnerable to eavesdropping. If you converse online without encryption, anyone who wants to can easily listen in. This isn't generally too much of a problem -- most conversation is too banal to worry about -- but sometimes you want to make sure no one is looking over your shoulder.
Identity
Beyond the threat of unknown third parties, there's the question of identity, of verification. How do I know that you are who you say you are? Do you want me to send you an email that seems to come "from" you but says things you'd never in your lifetime say? I can do it in five minutes. So can thousands of other technically-literate humans. People with decent social-engineering skills (grifters and con-men and identity thieves) can do much worse.
As we move through our lives and this process, we meet new people all the time, people who are eager to help, who are eager to get involved, but people who we do not know. In large-scale public campaigning, these people must be trusted by default, and vetted more or less on the job. It's the only way to go forward.
However, when attempting to establish a more tightly-knit and enduring community of inquiry and action some additional qualifications are needed. We'll need to be able to vouch for one another as real people.
Privacy
Moving to the realm of group communications, many have been stung by posting something in a forum or a blog that the wrong people end up seeing, maybe when they Google their own name or maybe the author's. We need to be conscious of who is a party to our conversations. More than that, we need to be empowered to make it a choice. We need to control the dimensions of the sphere of information.
This goes to the question of trust, of vetting, of privacy. Beyond simply knowing someone is who they say they are, we also will need to be able to include or exclude people from our communications. Some people are disruptive. Some are unqualified. Some may even harbor malicious intent.
It's also true that in any oppositional system we have adversaries. Beyond taking steps to prevent them from disrupting our communications, it's also tactically powerful to preserve the element of surprise. Large-scale conjoint action from an unexpected cohort of diverse activists can really make a big impact, especially when the establishment doesn't see it coming. Running a major national campaign in the 21st Century will require the virtual equivalent of the old "War Room," where strategy can be frankly discussed without telegraphing things to the opposition.
Luckily for us, these problems are not new. There's no need to reinvent the wheel, but we do need to start building our skills sooner or later. Through encryption, secure signatures, and a web of trust, the above concerns can be met with solutions which are technically sound, and only as fallible as the people who operate them. This is the best we can do, and it's pretty fucking good all things considered. Here's how to start:
Acquaint Yourself With GPG/PGP.
These are the common schemes for implementing military-strength encryption on your data. GPG is free and open-source, PGP is commercial, but both work on a common protocol (meaning they can usually work together) and both get the job done.
What you need to do is download some software to do the encryption. Then what you need to do is create an identity by means of generating a "key pair." A key pair is a set of keys, one which is public and which you can use to "sign" messages so they can be verified as coming from you. This public key can also be used by others to send you an encrypted message which only you can decrypt. The other end of the pair is private, and is used to decrypt messages which have been encrypted for use by use of your public key.
You then collect public keys for all your correspondents, and make sure they all have your. When you want to send out a message that is secure, you use their respective keys to encrypt the message. There are relatively friendly graphical applications to make all this happen for both MacOS and Windows. If you use a web-based email system like gmail or hotmail, you can still use this technology. It's just a matter of composing your message and encrypting it before pasting the result into the webmail message window.
If you want to know more about how it all works, try this tutorial. There's no reason not to start. Ask for help if you need it. Once you're over the setup it's really pretty painless.
Start Building a Web of Trust
As you collect public keys you can "sign" them with your verification. This means that you say the person who uses this public key is who they say they are. You get people to sign your key. That way people know that you, who says someone is who they say they are, are in fact who you say you are. Following? If you were to draw it out it would be a web. This is a web of trust. You've already got an informal one operating in your life, maybe you've even got a web of Friendsters. Let's start making real use of this stuff.
After the technical task of signing one another's keys (side note: as a best practice, this should only be done after a face to face meeting where both parties produce paper printouts of their keys to prove validity, but if you actually know and trust someone you can make your own decisions) the next logical step is building a sphere of trusted association. We need to band together. We need to learn to find likeminded people who are honest and responsible and to quickly bring them in to our community. One way to do this is through referrals. Friends of friends, associates. This can get a lot of people in the door, and it establishes a chain of accountability to boot.
This is a good way to start, but it has certain limits. Your social network, while large, probably has limits in terms of diversity. Most do. Making diversity of race, class and background an initial priority is going to be important. The right seeds need to be found or recruited.
Going beyond that, if we're talking about establishing a real community for the revolution, we're going to need some way for people who we don't and can't already know to work their way in. We're going to need a way for people who are just coming of age -- or just coming of consciousness -- to find their way in. More on this later when we start talking about public communication.
Converse with Confidence
As we create secure means of conversation and secure spaces to converse, it's time to open up the avenues of discussion. We are people of action who are in search of influence to improve the world around us. It's time to get down to brass tacks and do it. Be bold. Be a radical. Be an outlaw. Be a hero. Help us all save ourselves.
Let's start with some email. My public key and some links to resources are included below. If you want to be a part of this, use my public key to drop me an encrypted line. Include your public key so I can respond in kind. The next steps will come as they do.
If, on the other hand, you find this whole exercise stupid, feel free to ignore it. If you have questions or comments or would like to continue the public discussion, by all means leave a comment and I'll respond with one of my own or maybe a whole new blog post.
The Nuts and Bolts
My Public Key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (Darwin)
mQGiBDuc4LERBACv0jYcITH3g3GLpiZa8+vA6I+7x7Iqc+Tmj9Mq5l35XG71H7wO
E8Wym1XC+oWOV9S6s8lCsBtToFliLrZJ8m5XRvQVSiCPNgp2aHXJXFtZgvBdBbYn
K9q5KneIfTIzNVG1QmxIvlS57uq+fW4DXiwSFzsdPKIFNucFrNSMXWA7qwCgtPUv
EJV/i0iPFfLDNKdqlCUslgsD/i9d3Mb2FIP/9sFLX+yJQokEJ8RtokSXCRfX8SgF
t32F7AkPITbcGYBj0hMeGuJpFu/QlE85W5eAbOIqfB6NvhOYUVY2uuzeCChhNgKl
4q6bF1i/9Z/xPW0NdplZvyLUoT5Zit6A2taxywOzk7jJM4uGFm6p8Vjm1lcXl8b+
vgqoA/sEbGMav3IcCoWETpJkLhnI+5QiZ+efiduqAyxdJ6Cg+iofvGgp113tDrzM
X268DfCkhtWOka2QuMpXuqPauN9EXrTyOPfrt2p9Bt0T+L0E4dz4DzIu5K7XNahM
SfgG404V+/bqi9gxW+zQVN7wUoNOesxUD1G/NMuzNQLOtcJdTrQwSm9zaHVhIEtv
ZW5pZyAoUHJpdmF0ZS9QZXJzb25hbCkgPGpvc2hrQGVmbi5vcmc+iF8EExECABcF
AjuiO4cFCwcKAwQDFQMCAxYCAQIXgAASCRAIWdW6ytR1LAdlR1BHAAEBD80AnROC
0dUxnPsoE08vniX5+YZ0FtFJAJ9hYFNGXFl5ItewNfvfy+mDbFJJfrQ1Sm9zaHVh
IEtvZW5pZyAoT3V0bGFuZGlzaCkgPGpvc2hrQG91dGxhbmRpc2hqb3NoLmNvbT6I
YgQTEQIAGgULBwoDBAMVAwIDFgIBAheABQJDJexmAhkBABIHZUdQRwABAQkQCFnV
usrUdSwzQQCeKqwGriUq+E1paa4wwL6VvzrKghcAn1VbAs8y4nbJkuoJPkwQddwh
MGbtuQENBDuc4L0QBACOwVsVy36a8UsirCRUw9L82ISBS1j0AKZ2eFNsIjVPyTxT
TdVkEC/MkEMf32/B45q6TMzs378sdgQRZVzWDBIIESZFWJriu0ENI1g1ZPXc1U9s
d6zqeeQ4amfceduaLJ7D0bhe9KhHePXVSNczpPKZPiNYQCBi0gbiRaeDhj2UswAD
BQP/TyrzGOSiqDaBVJdyOWctF0AQrs3FqlTGP/lEfauSQcI+o4ck4iHQ+Ns0rLjW
Mtk8lpVHduIUZ2kMYxbeHv8cyEuR6AtaCNJaluazL7OblmWrnQqVIvegX5eCrD2d
YX8NZRlR61zrW4SCFMtjigjxRy+ziqPzrHOC9Sa6V31yzpCITgQYEQIABgUCO5zg
vQASCRAIWdW6ytR1LAdlR1BHAAEBhGYAoLA14fDywRXq2g03vRMDV31AT0f5AJ9P
dFUYp9cDyydDXKcwdYOGUo7Q1w==
=nhXP
-----END PGP PUBLIC KEY BLOCK-----
General GPG info: http://www.gnupg.org/
MacGPG: http://macgpg.sourceforge.net/
GPG for Apple's Mail: here
If you're a Mac user you need to install MacGPG, then the Mail bundle. If you're a *nix user you probably know what you're doing enough to figure it out from the general GPG info page. If you're a Windows user, check out this tutorial. Google is your friend if you need help. Best of Luck. Hope to hear from you soon.