Ten principles for user-protection in hostile states

The Tor Project's "Ten Principles for User Protection in Hostile States" is both thoughtful and thought-provoking — it's a list that excites my interest as someone who cares about the use of technology in improving lives and organizing political movements (principle 1 is "Do not rely on the law to protect systems or users" — a call to technologists — while number 7 is aimed at companies, "Invest in cryptographic R&D to replace non-cryptographic systems" and principle 2 says "Prepare policy commentary for quick response to crisis," which suggests that the law, while not reliable, can't be ignored); and also as a science fiction writer (check out those tags! "Acausal trade," "Pluralistic singularity" and "Golden path"! Yowza!)

The principles are interesting in part because of the way they walk up and down the ladder of Lessig's four principles of regulation (code, law, norms and markets), while taking for granted that the reader agrees that users should be protected — this having become a hotly debated question all over the world, whether we're talking about jihadis, political dissidents, trolls, democratic opposition politicians or children being stalked by marketers or sexual predators.

It's a masterful piece of threat-modeling, too, and this has also become one of the most significant disciplines in modern political discourse, after languishing in obscurity for decades. Think of the Obama-supporting Democrats who didn't worry about their president abusing the expanded powers he asserted to overcome an intransigent Republican Congress who are now waking up to those powers being wielded by a man who ran on a platform of ethnic cleansing and religious intolerance.

The Tor Project — like many of the projects that I support — is officially nonpartisan on the subject of economics and politics, but has embedded in it some implicit political values about privacy and free speech. These principles are the material surrounding these politics, without ever enumerating the politics themselves. That makes them especially fascinating.

While I'm on the subject, I just facepalmed at the realization that I left Tor off my charitable giving list, but man, do they deserve to be there. I'm donating to them today, and hope you will too.

Ten Principles for User Protection

1. Do not rely on the law to protect systems or users.

2. Prepare policy commentary for quick response to crisis.

3. Only keep the user data that you currently need.

4. Give users full control over their data.

5. Allow pseudonymity and anonymity.

6. Encrypt data in transit and at rest.

7. Invest in cryptographic R&D to replace non-cryptographic systems.

8. Eliminate single points of security failure, even against coercion.

9. Favor open source and enable user freedom.

10. Practice transparency: share best practices, stand for ethics, and report abuse.

Technology in Hostile States: Ten Principles for User Protection
[Mike Perry/Tor Project]