A (Very Incomplete) Conceptual Toolkit for Designing Rebellious Software

Although Snopes corrected my belief that Bill Gates said in an address to high school students, “Be nice to nerds. You may end up working for them. We all could,” the idea rings true. For what it’s worth, that quote comes from Charles M. Sykes, author of the 1996 book Dumbing Down Our Kids. But it sounds better when it’s attributed to Mr. Gates, the archetype of nerd-turned-businessperson success stories. The truth is, people like Gates – computer scientists, hardware tinkerers, entrepreneurs, product designers, and marketers who help explain the benefits of new technology to the general population – they really do run the world now, because they’re the ones who build, command and control the computers that mediate so much of our lives today.

Software developers and designers are endowed with a particular kind of power. As glaziers of the digital world, they make and frame the windows through which we ingest and interact with information. An emergent phenomenon of this power to define the rules of interaction and consumption is that aspects of their creations have taken on a degree of social significance. In short, there is a politics of application features.

Oftentimes, software developers and designers build in features that reject (or at least push against) norms established by the structure of law and protocol. Here, we will briefly explore a small set of concepts employed in many contemporary software products and platforms, and we’ll give a short analysis of how these concepts are brought together and remixed in three particular software products: FireChat, Hush and Symphony.

This first section is formatted as a hybrid of glossary and set of links for various concepts and includes a number of cases where these concepts have been implemented.

Decentralized Systems Architecture

A decentralized system is one that does not rely on a trusted intermediary to carry out the functions of that system. Decentralized systems tend to be more resilient than centralized ones because parts of that system can stop functioning and the system will adapt and respond dynamically to changing situations.

Examples of Decentralized Systems: Ant colonies, the Internet, SETI@Home, Folding@Home, blockchain hashing.

Further Reading & Information: Paul Baran’s 1964 paper On Distributed Communications, Ray Kurzweil on decentralized systems, Aldous Huxley on decentralization, Jeremy Rifkin on Global Networking.

End To End Encryption (E2EE)

End-to-End encryption is probably the most effective work-around for achieving privacy and security in communication platforms which rely on a third party to mediate a transaction. While it’s not formally defined, the best E2EE systems encrypt information locally before transmitting it to the recipient (on whose machine the transmission is decrypted). Even if the transmission is intercepted, it is not useful to the interceptor because it is encrypted.

Examples of E2EE Systems: Pretty Good Privacy (PGP); Keybase.io, a really nice front-end for PGP with decentralized cryptographic proof of identity; Telegram; Apple’s iMessage [Daring Fireball article]; Kik; Viber; SpiderOak; Lavabit, Google End-to-End extension for Chrome

Further Reading on E2EE: E2EE in Wired Magazine’s Hacker Lexicon, Polyarista’s definition and best practices, EFF’s Secure Messaging Scorecard

Ephemerality (also known as “forgetful systems”)

Ephemerality is a relatively new concept in the product design field. Products and services which utilize ephemerality reject the paradigm of information permanence upon which the Web was built. It might be best to think about ephemerality in its analog sense: a photo on Snapchat or a message on Wickr are much like the self-destructing missives we read about in spy novels. Because the application is designed to delete (or render inaccessible) information in a programmatic and predictable way, users feel more comfortable sharing sensitive content, knowing that it won’t be “remembered” by the intermediary. (Note: while Snapchat has become an archetype for ephemeral messaging applications, it stores user photos. Famously, its encryption key was leaked in early 2014, exposing millions of photos attached to real names. Many ephemeral messaging apps feature zero data storage, or content agnosticism through E2EE.)

Examples of Ephemeral Messaging Platforms: Snapchat; Glimpse; Wickr; Pluto Mail (TechCrunch: “Snapchat for Email” [another X for Y explanation]); Confide; self-destructing video and audio in Apple’s iMessage in iOS 8+

Further Reading on Ephemeral Messaging: Bruce Schneier on ephemeral apps, Paper on whether users expect ephemeral messaging from Snapchat and other services

Decentralization, End-to-end Encryption and Ephemerality in Practice: Firechat, Hush and Symphony

If there is one thing the Arab Spring taught us, the Internet is a powerful force when it comes to organizing and publicizing protest movements. However, as governments have become more advanced in their surveillance capabilities, and in their ability to enact wholesale shut downs of telecommunications infrastructure, dissidents have evolved in the way they use communication platforms prior to and during protests. As I wrote about in a paper called Cloaking the Swarm, protesters in Hong Kong used FireChat, a messaging app which transmits messages in ad-hoc mesh networks over Bluetooth, as a pre-emptive “hack” around any communications crackdown the Hong Kong government might enact at the behest of China. Because the messages exchanged on FireChat never touch the broader Internet, and mesh networks have limited range, the information transmitted on FireChat remained largely outside the scope of government supervision. And, in the event that the Hong Kong government did shut down Internet communications, protesters would still be able to communicate with FireChat because the app does not rely on communications infrastructure to function: it’s a peer-to-peer network.

As I also pointed out in Cloaking the Swarm, there are several nondemocratic regimes in which applications that integrate “rebellious” design elements like E2EE, ephemerality and/or decentralization might play an important role in fomenting unrest. I cited one such country in the paper: “Myanmar is a particular point of interest, as it is currently one of the fastest growing markets for smartphones in the world, and is one of the only countries outside of China where Facebook is not the dominant social platform. Viber, an end-to-end encrypted messaging platform has over twice the usage rate of Facebook, according to a report released by mobile device research firm OnDeviceResearch.” Myanmar is also an incredibly interesting country for another reason. Despite years of government repression, Myanmar has a burgeoning technology startup scene [The Economist], and one of its breakaway successes is an anonymous, location-scoped communications platform called Hush. It’s still unknown how the population will use Hush, whether it will be used for gossip or fomenting unrest, but it’s a stunning development in a country where just eight years ago it was illegal to own a fax machine. (For more on Hush, there was a good article in The Global Post. And, Andreessen Horowitz had an excellent podcast episode on the subject of Myanmar and its technology revolution.)

All this being said, however, these mechanisms aren’t always used for purposes of promoting freedom and personal sovereignty. Sometimes ephemerality, decentralization and/or end-to-end encryption are used for slightly more nefarious purposes. Several months ago, I had joked with a friend that someone should host a hackathon for dangerous and terrible startup ideas. I would have pitched “Secret for Insider Trading”. It would have been called BlueHorseshoe. But, I didn’t realize a similar platform already existed. Symphony is a secure messaging app which was recently acquired by Goldman Sachs, a firm with a less than sterling history when it comes to insider trading and other violations of securities law. It features, among other things, end-to-end encryption (so hot stock tips can be exchanged outside the prying eyes of the SEC) and routine data destruction, which keeps users protected from any inquests made by investigators. By design, the application gives plausible deniability to its users (and the firm) by simply removing any offending information in a predictable fashion.

In sum, encryption, decentralization and ephemerality are three mechanisms which make up a conceptual toolkit for building software applications which push back against the established rules of law and protocol. These mechanisms ultimately promote a kind of freedom, a freedom from surveillance or later investigation. This freedom can be used to, well, promote freedom, or to hide illegal activity behind a shroud of secrecy. While these mechanisms do have political underpinnings, they remain ethically neutral: it’s ultimately up to the developers and designers to determine how these mechanisms will be used in practice. And with great power comes great responsibility.


Leave a Reply