Security Culture

We recommend that you read the chapter “Defending against Surveillance and Suppression” before reading this chapter.

What You’ll Learn

  1. What social movement security culture is
  2. Why security culture is essential to digital security

Social movements aware of the history of informant-driven suppression by State and private adversaries have developed what is termed security culture. This term refers to information-sharing agreements and other group practices intended to minimize the negative impacts of infiltration, surveillance, and other suppressive threats to the group, its work, its membership, and broader social movements; that is, security here means something much broader than digital security. The term culture indicates an aspiration for security principles and practices to become reflexive and intuitive. The ideal security culture helps a group to safely and easily communicate and bring in new members (if desired) while avoiding excessive paranoia or cumbersome procedures and policies.

Although perspectives and practices on security culture vary widely, some important widespread principles you should adhere to are the following:

  1. Share information on a need-to-know basis.
  2. If you are organizing with others, get to know your group members as well as possible.
  3. Avoid gossip and rumors.

Security Culture Meets Digital Security

Let’s explore some of these elements in detail and how they relate to digital security.

Need to Know: Minimize Information Sharing and Digitizing

The first principle of keeping secrets is to minimize the number of people who must be trusted to keep them. Of course there is a spectrum of information sensitivity, from public announcements to open meetings, from in-development press releases to specific places and times of direct actions. Deciding what information needs to be protected and being careful to protect it is only part of the picture; people also need to accept that they won’t have access to sensitive information unless they need it to do their work.

From a digital security perspective, this also means deciding what information becomes digitized. (Do you really need a Google Doc listing all the people who plan on attending a protest? Do you really need to post identifiable photos of people who showed up? Do you need those posts to be public and geolocated?) Limiting the amount and extent of information sharing dovetails with good digital security practices because no platform or means of communication can be considered perfectly secure.

Before taking specific digital security measures (such as using possibly complicated end-to-end encrypted technology), consider what information needs to be stored, be shared, or even exist in a digital format—perhaps (absent a global pandemic) we should be meeting and discussing our ideas in person as much as possible. Keep in mind that any digital information is extremely easy to copy, and so even a strong encryption can only protect information to the extent that every human with access to it can be trusted. Not even a perfectly designed secure app or digital platform can stop information from being compromised by an infiltrator or defector within a group.

Get to Know: Vetting and Trust Building

Get to know the people that you work with so that you can trust them with whatever risks you decide to take together. But when you decide to digitize information, you are potentially welcoming more “people” (well, corporations and the State) into your organizing circle. If your group uses, for example, Gmail for communications among group members, then Google also has all those emails, and those emails can be easily subpoenaed by the State. So you should be ready to trust that any entity has access to your unencrypted data, whether that entity is a human with whom you interact, your internet service provider, your cloud storage provider, or your email provider.

Don’t Gossip or Spread Rumors

Social movements in the past have been crushed by gossip and rumors, with the State using our human weaknesses to engage in gossip and rumors to its advantage, as we discussed in the chapter “Mechanisms of Social Movement Suppression”: the use of snitch jacketing, agent provocateurs, and false propaganda as tactics of deception depend on social movement participants believing the source and repeating information.

For digital security, we can aim to authenticate the source of information. This is particularly important online, where one can more easily pretend to be someone one isn’t, either through low-tech means (such as fake accounts or stealing an account) or high-tech means (such as redirecting network traffic). We will discuss authenticating digital sources in the chapter “Protecting Your Communications” and the conclusion, “Selecting Digital Security Tools.”

But a very basic consideration is one’s use of social media, where gossip and rumors abound and where the details of our personal lives make infiltration unnecessary to get to know what your weaknesses might be. Social media platforms should only be used to publicly distribute information, and conversations there should never be considered private.

These protective actions have the potential to protect you from social media monitoring, subpoenas and search warrants, and doxxing.

In Context: Saint Paul Principles

Leading up to the 2008 Republican National Convention in Saint Paul, Minnesota, different social movements came together around the opposition to the Republican Party’s support of the war in Iraq. The coalition of protest groups adopted the following principles ahead of the convention in order to make space for different groups’ views and strategies and reduce the risks one group is facing from affecting another group:

  1. Our solidarity will be based on respect for a diversity of tactics and the plans of other groups.
  2. The actions and tactics used will be organized to maintain a separation of time or space.
  3. Any debates or criticisms will stay internal to the movement, avoiding any public or media denunciations of fellow activists and events.
  4. We oppose any state repression of dissent, including surveillance, infiltration, disruption and violence. We agree not to assist law enforcement actions against activists and others.

These rules have become known as the “Saint Paul Principles” and have been adopted by many coalitions of groups in the years since. The principles elevate notions of security culture from an intragroup level to an intergroup level. They are designed to help different groups come together if they have the same ultimate aim but may disagree on how to get there and to increase the success that the overarching movement will be successful in their agreed-upon aim.

External Resources

License

Icon for the Creative Commons Attribution-NonCommercial 4.0 International License

Defend Dissent Copyright © 2021 by Glencora Borradaile is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted.