My latest Guardian column, “We need a serious critique of net activism,” is a long, detailed review of Evgeny Morozov’s new book The Net Delusion, a book that seeks to debunk “cyber-utopianism” and the idea that the Internet can be used as a force for freedom. I agree with much of what Morozov has to say, but his portrait of “cyber-utopians” consists of straw-men and caricatures, and he ignores the substantive, nuanced arguments about technology and freedom that technology activists have pursued for decades.
Though Morozov is correct in identifying inherent security risks in the use of the internet by dissidents, his technical analysis is badly flawed. In arguing, for example, that no technology is neutral, Morozov fails to identify one crucial characteristic of cryptographic systems: that it is vastly easier to scramble a message than it is to break the scrambling system and gain access to the message without the key.Practically speaking, this means that poorly resourced individuals and groups with cheap, old computers are able to encipher their messages to an extent that they cannot be deciphered by all the secret police in the world, even if they employ every computer ever built in a gigantic, decades-long project to force the locks off the intercepted message. In this sense, at least, the technological deck is stacked in favour of dissidents – who have never before enjoyed the power to hide their communiques beyond the reach of secret police – over the state, who have always enjoyed the power to keep secrets from the people.
Morozov’s treatment of security suffers from further flaws. It is a truism among cryptographers that anyone can design a system so secure that he himself can’t think of a way of breaking it (this is sometimes called “Schneier’s Law” after cryptographer Bruce Schneier). This is why serious information security always involves widespread publication and peer-review of security systems. This approach is widely accepted to be the best, most effective means of identifying and shoring up defects in security technology.
And yet, when Morozov recounts the tale of Haystack, a trendy, putatively secure communications tool backed by the US state department that was later found to be completely insecure, he accepts at face value the Haystack creator’s statement that his tool was kept secret because he didn’t want to let Iranian authorities reverse-engineer its workings (real security tools work even if they have been reverse-engineered).