Treating Surveillance as Damage and Routing Around It

Even as the U.S. security state becomes more closed, centralized and brittle in the face of NSA whistleblower Edward Snowden’s leaks, civil society and the public are responding to the post-Snowden repression by becoming more dispersed and resilient.

That’s how networks always respond to censorship and surveillance. Each new attempt at a file-sharing service, after Napster was shut down — Kazaa, Kazaa lite, eDonkey, eMule, The Pirate Bay — was less dependent on central servers and other vulnerable nodes than the one before it. Wikileaks responded the same way to U.S. government attempts to shut it down: Besides being hosted on backup servers around the world — some in countries less than friendly to the U.S. government — it responded to seizure of its domain name by publicizing its numeric IP address. Thousands of Wikileaks supporters around the world published its IP address or mirrored the site. One Wikileaks mirror site is hosted by Center for a Stateless Society, the think tank that pays me to write this column.

The Firefox Browser, in response to both U.S. government administrative seizures of so-called “pirate site” domains, and to proposed legislation that would generalize the practice, created plug-ins that would automatically direct users to the IP address of any website whose domain name had been shut down.

Networks, as the saying goes, treat censorship as damage and route around it. And the same is true of surveillance.

This is brilliantly illustrated by the public response to the Edward Snowden story. In the period after Snowden exposed the NSA’s domestic surveillance of American email, the daily adoption rate for PGP (Pretty Good Privacy) email encryption tripled.

But aside from the mainstreaming of encryption which always follows prominent news stories about state surveillance, those with a professional interest in thwarting government eavesdroppers have — as you might expect — adopted encryption at a much higher rate. Australian Crypto Party founder Asher Wolf noted, “those who want to break the law have already probably learnt cryptography.” That’s true not only of ordinary criminals and terrorists, but of dissidents, activists and whistleblowers of all kinds.

Snowden can probably thank the fact that he became the object of a manhunt only after The Guardian printed the leaked documents, and not before, to his use of the TOR’s anonymizing power. Wikileaks reportedly uses TOR to protect whistleblowers. And of course it’s widely used by traffickers in drugs, arms and pornography.

It’s since come out that the FBI has targeted TOR with malware to expose the identity of its users. But if you look more closely, it only bears out the general point. First of all, the malware was aimed at Firefox’s TOR browser bundle — not “the onion router” itself. It targeted earlier versions that were replaced by secure versions in July. Further, it was targeted at users of the Windows operating system.

Now, people whose living — or life! — depends on evading surveillance usually aren’t all that stupid. They respond to stuff. The Linux operating system, which was immune to the FBI’s anti-TOR malware, is used by a fairly small share of the population. But it was already in use by a disproportionately large share of anarchists and other activists, and of the kind of information freedom geeks who tend to support leaking on principle. And this latest news is likely to drive new adoption. Likewise, criminals, dissidents and activists who value secrecy are apt to respond by shifting to versions of TOR that are more secure.

This is yet another example of a broader rule: The superior agility and resilience of networks compared to authoritarian hierarchies, and the ability of freely cooperating individuals to devise new ways of evading surveillance and control faster than authoritarian institutions can devise ways of controlling us.

Anarchy and Democracy
Fighting Fascism
Markets Not Capitalism
The Anatomy of Escape
Organization Theory