When Syria’s government unblocked Facebook, YouTube and Blogspot in February, many activists saw the move as an overture to protesters, possibly one offering a semblance of the freedoms won by insurgents in Egypt and Tunisia.
Others saw it as a potential means of surveillance. They were right: Within weeks, reports began to emerge from detained Syrian activists who said that authorities had demanded their Facebook passwords. Others inside the country noted that their friends’ Facebook walls had been compromised and now contained pro-regime sentiment.
On Twitter, Syrian protesters have noted the emergence of pro-regime “spambots”: accounts set up with automated feeds that post benign content, including links to attractive photographs of Syrian landscapes, to the hashtag used by protesters and supporters, presumably to flood it with contradictory information. Activists believe the bots have been created by regime supporters, paid or otherwise.
The potential for authorities to use tools like Twitter and Facebook to track down insurgents is very real. Many demonstrators chose early on not to hide their identities, emboldened by the success of Egypt’s mostly peaceful uprising. When coupled with Facebook’s requirement that users create profiles using their real names, pro-democracy activists are at risk of being unmasked on social networks.
As writer Evgeny Morozov has argued, the Internet can be as much a tool of repression and control as of liberation. As Morozov writes in his 2011 book, “The Net Delusion,” Belarus authorities have used Facebook to monitor its citizens, assuming they’ll share plenty of personal information on the social network.
In Iran, despite news media proclamations of a “Twitter revolution,” the regime had the technological upper hand, not only censoring websites but harnessing the widespread use of social media tools to their advantage to track down activists.
That Syria would pursue a digital crackdown seems inevitable. What’s less clear is the technology that companies and governments are -- or could be -- adopting to mitigate technological repression.
In January, when Tunisians uploaded videos of street protests to Facebook to share with the world, authorities modified Facebook landing pages, inserting extra code and redirecting Tunisian users to a different page in order to capture their passwords. Facebook responded favorably, adding additional security measures for Tunisian users, including routing all requests for http://facebook.com to https://facebook.com, a more secure login page for the site. Later, Facebook offered an opt-in HTTPS version of the site to users everywhere.
In this case, Facebook acted after Tunisian activists and non-governmental organizations sounded alarms. In another case in 2009, the U.S. State Department called upon Twitter to halt a site update during a crucial time for Iranian protesters. Though the move allowed activists to continue using Twitter during a time of day when protests were prevalent, the State Department’s request also provided fodder to the Iranian regime to blame the protests on foreign interference.
While those efforts were helpful, governments and Internet companies could do more. Facebook, for example, could prompt Syrian users to create new passwords and to stop using old ones that may have been compromised. That is a low-cost measure, but even it has potential drawbacks. Some detained Syrians have recently reported that authorities threatened to hurt their families if they changed their passwords.
Sometimes a company’s policies are the problem. Facebook removes users caught with pseudonyms from the site. When a person using his real name finds his account erroneously removed, Facebook requires proof of identification via e-mail, a move that presents risks for users in authoritarian states.
The U.S. is one of the few countries actively promoting an Internet freedom agenda. As a recent paper from the Center for a New American Security points out, this agenda, which includes pushing U.S. companies to create policies oriented toward free expression, would be strengthened by collaboration with other democratic governments. A new strategy released by the White House in May, the International Strategy for Cyberspace, calls for such cross-border partnerships.
By forming a coalition, the U.S. could deflect concerns that the initiative is a cover for its own geopolitical goals -- and remove the stigma some activists fear comes with accepting money from any single government.
A Step Ahead
A coalition could also more quickly train experts and supply tools to activists, helping them stay a step ahead of repressive regimes looking to block their use of networks as well as track, harass and arrest them. Broader government participation would also allow for a wider exchange of information and technology among activists from different countries.
NGOs also have a role to play in ensuring the safety of social media users. The Global Network Initiative has convened human-rights groups, academics, investors and Internet companies, including Google, Yahoo and Microsoft, in an effort to advance free expression and privacy online. My organization, the Electronic Frontier Foundation, is a participant.
Organizations can play other parts as well, distributing tools like HTTPS Everywhere, which enforces HTTPS encryption on major websites. The program was developed by the EFF and the Tor Project, a global network of servers offering anonymous Web surfing.
In the end, there is no single solution. Government regulation is difficult to get right, and can harm the very people it’s intended to help. While companies are often at the front lines, they need public scrutiny to stay in check and ensure user privacy. Ultimately, the burden falls hardest on users to stay vigilant and look out for themselves. Often, no one else will.
(Jillian C. York, a blogger and activist, is director for international freedom of expression at the Electronic Frontier Foundation in San Francisco. The opinions expressed are her own.)
To contact the author of this column: Jillian C. York at firstname.lastname@example.org
To contact the editor responsible for this column: Paula Dwyer at email@example.com