[liberationtech] Advice for Somali NGOs?

Wed Oct 20 09:12:50 PDT 2010

Hi Jim,

I think that if we had to enumerate every possible long-term outcome of
our actions before acting, and to quantify the probability of every
outcome, we'd never act. Fortunately, I believe it's possible to make
meaningful statements about safety without an exhaustive risk assessment.

To take the example of a person uploading a video: if we can think of
one outcome that might have bad consequences, such as the uploader being
identified by the government, and close off some of the ways that might
happen, it's reasonable to say "you're safer using Anonymous YouTube
Uploader than not using it". Of course it would be wrong to say
"Anonymous YouTube Uploader makes you safe online", or "Anonymous
YouTube Uploader is better than Tor", or "Anonymous YouTube Uploader
will topple authoritarian governments" - but I don't think anyone's
asking for that kind of statement.

Steve, have you seen the guides written by the Tactical Technology
Collective? http://www.tacticaltech.org/toolkitsandguides

Cheers,
Michael

On 20/10/10 15:35, Jim Youll wrote:
> My thought, banging out that assertion on an airplane yesterday, was
> that while the request has a few words, it cannot be answered until it
> is precisely defined, probably requiring many words, which is usually
> not very interesting to people who want to quickly make "solutions".
> This reminds me of a frequent discussion with clients who want to
> communicate an idea but haven't defined either the audience or the means
> of conveying the idea to that audience. Here the stakes are much higher
> than in business - impoverishment, loss of liberty, or death are among
> the possible outcomes.
> 
> My personal feeling is: how can anyone even begin to thinking about
> building software (something I do every day for other purposes) until
> the problem and goals and plot complications in "solving" the stated
> problem are well defined?
> 
> in concrete terms, exploring your request... 
> 
> Let's say a protagonist Asad wants to perform some communication act
> (such as "posting a video of a tragic event") that may carry "risk".
> 
> To properly address the question for real, all "risk-inducing"
> communication acts should be considered, at least in a general way.
> 
> "Risk" is well defined in the realm of insurance, and that's sort of
> what we are talking about here. Risks don't have to be enumerated, and
> can be defined in umbrella terms.
> 
> definitions
> ---------
> Risk: a declaration of a possible damaging outcomes, typically expressed
> with a statement of probability of each outcome based on experience or
> reasonably-informed estimates
> 
> Risk Reduction: overt interventions that provably or likely reduce the
> probability of a given Risk by some amount (again, based on experience
> or informed estimates)
> e.g. A home with a fire extinguisher in the kitchen and smoke alarms is
> __% less likely to suffer more than a __% loss of to the structure, 
> and __% less likely to incur a loss of life, reducing projected claims
> to the range of ($____ .. $____) per year.
> 
> 
> thoughts about "Reducing Adad's risk"
> --------------------------------
> Generally, what is meant by "risks" potentially incurred by Asad? 
> 
> Can these risks be enumerated? Can they be ranked by severity or duration?
> immediate, short-term: (e.g. brief detention / questioning)
> immediate, long-term: (e.g. imprisonment, physical harm, death)
> Submarine:  (e.g. no consequence today; later, risk converts to damage
> as Asad is injured due to his historical conduct, by the same or a new
> regime)
> 
> What is the space of risk-bearing communications that Asad may engage in
> (some possible points in the space are listed; there are surely many
> others):
> - uploading a video to a video sharing site
>  ... that only he and a few others see
>  ... watched by 20 people
>  ... watched by 20,000 people
>  ... picked up by a cable network and rebroadcast
>  ... leading to requests for interviews with ( government officials |
> alleged drug lords | wealthy, powerful businessmen )
> - intermittent contributor to a shared or open blog/forum
> - long-term "owner" and principal writer of a blog
> ( ... )
> 
> Who ("enemy") could convert Asad's "risk" (a declaration of potential
> damage) in each instance into actual damage to Asad?
> 
> For each risk-bearing communication act, what is the range of possible
> damages that could be imposed by the enemy?
> What are the probabilities of those risks?
> (e.g. from the consumer space: if i share mp3 files on BitTorrent, what
> is the chance i will be caught? Sued? How much will that cost me?)
> 
> Finally, can any or "enough" of this be converted into:
> - information for non-techncial, non-mathematician/economist terms to be
> considered wholly adequate for "informed consent" 
> - technological interventions that implement a risk reduction strategy
> for each area of risk + and a measure of how well each mates with its
> designated risk
> - feedback / monitoring / oversight to (a) continuously update risk
> models; (b) measure the effectiveness of an intervention
> 
> 
> So Steven, IMO the answer could possibly be "never" for some people in
> some places and some risks.
> The answer might also be that "technology" is not the panacea that free
> speech and information-sharing advocates need to solve the problems they
> hope to solve.
> 
> Given your example of "a video" , and my experience in journalism, I ***
> REALLY *** want to underscore the idea that engaged citizens often
> proceed with excellent intentions, considerable energy and effort, and
> justifiable upset at atrocities of all kinds... but that merely
> "exposing" those atrocities in public very often leads to no progress
> whatever against their reoccurrence. The act of re-communicating the
> atrocities is seldom itself sufficient to bring a desired outcome ("no
> more of these atrocities"), even in the US where it's not usually
> illegal to broadcast such things (though police have an increasingly
> shaky record in the US).
> 
> Thus, Asad may record a "tragic event" that carries risk if he
> broadcasts it. But is it really worth broadcasting, given the risks to
> Asad? Is Asad more important to the movement against further tragic
> events by doing something else? This decision must be made on a case by
> case basis. I remind you that there are tragic events broadcast by news
> organizations every day, and often, no lasting repairs follow. The
> record is deep with undeniable records of atrocities, yet there are
> still atrocities.
> 
> Even if the answer to the risk-reduction question is ultimately found to
> be "never" or "not often", or if it is found to be a lot of trouble to
> keep Asad and others like him safe, then the cause is not lost. Other
> strategies are probably more appropriate, both for risk management (the
> risks are all different, though - be careful) and, principally,
> potential efficacy in achieving the real goal: an end to "tragic events."
> 
> best,
> - jim
> 
> 
> 
> On Oct 20, 2010, at 2:19 AM, Steven Clift wrote:
> 
>> What do others think?
>>
>> Does this mean never?
>>
>> Clearly a few years ago Global Voices Online felt compelled to write a
>> guide about blogging that made it pretty clear nothing is safe online
>> in terms of being tracked down but you can reduce your risk.
>>
>> So if safe is clearly unacceptable and "safer" implies something
>> impossible, then taking the "you have a video file you want to share"
>> but you want to reduce your risk when sharing where are some good
>> "101" introductory resources?
>>
>> This group clearly has some of the brighest minds and those connected
>> to the liberation tech field. If you don't know, does it not exist?
>> (Which I guess brings up the why? question.)
>>
>> So, what is out there that you recommend I share with NGOs active in
>> Somalia to reduce their (or everyday people they advise) risk online?
>>
>> Steve
>>
>>
>>> On Oct 19, 2010 11:28 PM, "Jim Youll" <jyoull at alum.mit.edu
>>> <mailto:jyoull at alum.mit.edu>> wrote:
>>>
>>> Until "safer" can be quantified in terms that make sense to every
>>> owner of a video-recording phone...
>>> ... even those without much/any technical knowledge
>>> ... there is no responsible answer to this question.
>>>
>>>
>>> (hastily written, but I stand by the sentiment if not the phrasing)
>>>
>>>
>>>
>>> On Oct 19, 2010, at 12:17 AM, Steven Clift wrote:
>>>
>>> > Thank you for the few private replies.
>>> >
>>> > I...
>>>
>>> > _______________________________________________
>>> > liberationtech mailing list
>>> > liberationtech at lis...
>>>
>>
> 
> 
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.