A note for readers
This book tells stories about online liberties shaped by technical architectures and infrastructures. It originates from a three-year research project called NEXTLEAP (nextleap.eu, NEXT-generation Techno-Social and Legal Encryption, Access and Privacy, funded by the European Commission in the frame of the H2020 Collective Awareness Platforms (CAPS) programme). The purpose of NEXTLEAP, which ran from 2016 to 2018, was to ‘create, validate, and deploy communication and computation protocols that can serve as pillars for a secure, trust-worthy, annotable and privacy-respecting Internet1 that ensures citizens’ fundamental rights’2: as such, it was an interdisciplinary project at its core. Its consortium included computer scientists and social scientists working in close dialogue with one another in an attempt to build a protocol that ‘actually works’. The project was founded in the immediate aftermath of the Snowden revelations, which made technical work surrounding encryption much more of a political issue than it had been in the past, even the fairly recent past, and showed the extent to which sociopolitical factors are crucial in assessing the worth of specific communication technologies vis-à-vis issues such as privacy protection and surveillance. Our role within the project, in close dialogue with technical partners, was to conduct an extensive sociological investigation of technical development processes and user adoption in the field of encrypted secure messaging.
Reflecting this interdisciplinary background, the book is somewhat of a hybrid object, as the research it is based upon was produced with different (albeit entwined) objectives, including to inform the very practical technical discussions among the project developers, to fuel interdisciplinary work in collaboration with computer scientists and to advance a science and technology studies (STS)- and sociology of innovation-oriented understanding of phenomena such as encryption and distributed architectures. We therefore thought it might be helpful to provide readers with some guidance about how to engage with the book, which might depend on their interests, backgrounds or even reading styles. Moreover, in order for the book to be as accessible as possible, a glossary has been included at the end of the book that provides definitions for the technical terms we use.3 While some of these terms are especially crucial in the discourses and practices of developers, and as such will (also) be unpacked as the chapters unfold, we believe that a glossary can be useful as a general resource. We also provide a comprehensive list that explains the many abbreviations and acronyms that characterise this field. This is located before the book’s Introduction. The book does not have an index, but as an Open Access text, e-book versions are freely available to download, so users can search for particular terms that interest them.
During our fieldwork we had the opportunity to meet and talk with many professionals, ranging from cryptographers to user experience and user interface (UI/UX) designers, trainers and users, who mentioned in our discussions (both recorded and off the record) the protocols and tools we focus on here. Moreover, as we continue to be engaged within the field of cryptographic tools and protocols ourselves, as usability researchers, we have been exposed to many ongoing debates in the community around such tools and protocols, and their implications for the field of encryption in secure messaging. This social science research, deeply embedded among technologists, and ultimately improving technology, is in our view one of the stand-out features of this book.
The book has two distinct but interrelated aims: first, to provide what we call an ‘analytical portrait’ of the state of the art of the highly complex and technical secure messaging field. While the field is changing rapidly and is becoming more of a matter of interest for the general public, it is in our view important to capture the details of how the different technologies and social practices that compose this field emerged, interact and currently operate. In this sense, one of the book’s key contributions is to provide something akin to an analytical history of the present, creating a new record of a phenomenon that, even as it continues to develop, is changing the terrain of digital social life in myriad major ways. To make an analytical portrait, as we understand it, means to retrace the development of an artefact – in particular, moments of crises, debates, controversies – to try and understand the ‘life’ of a few selected encrypted messaging applications, from their creation to their appropriation and reconfigurations by users, to their becoming, in some instances, a subject of public debate, of governance and of lobbying.
The second, related aim is to conceptualise this phenomenon via tools and approaches that have been developed in the social sciences, with a particular focus on bringing to the field of secure messaging insights from STS. Indeed, encryption, the making of secure messaging tools that adopt it as its core principle, and the co-shaping of particular definitions of digital ‘freedom’, can be read through the lenses of questions and issues that have long been of concern to STS. These range from the effects of competing imaginaries and visions on the day-to-day enactment of technical innovation, to the performative effects that processes of categorisation and ‘sorting things out’ have on the structuration of a field. Writing with these issues in mind implies engaging in close dialogue with the established STS literature on socio-technical controversies, infrastructure- and architecture- embedded governance and the political value of ‘mundane practices’. While the style of writing used when engaging with these questions may be unfamiliar to those outside the discipline, the intention is to advance the conceptualisation of encryption as an intimately ‘socio-technical’ phenomenon, a foremost example of why, today, digital communication technologies are controversial and contested, why they are both a target and tool of governance, and why they have assumed a fundamental place in the exercise of authority and power.
The book begins – in the introductory Chapter 0 and Chapter 1 – by introducing how a social science perspective can inform the understanding of very broad technical questions, such as encryption and decentralisation; it then progressively narrows its focus to issues specific to secure communications, such as the relationality of risk and the meaning of elaborating a threat model. In Chapters 2, 3 and 4 the book shifts to provide distinct analytical portraits of the field. It presents several case studies of secure messaging projects, including a real-time history of innovations in the making. The book then gradually shifts back in Chapters 5 and 6 to a more explicitly social science- and STS-informed mode of analysis, by examining issues such as sense-making and categorisation attempts in this field, and the implications of the ‘making of’ Internet freedoms via secure messaging for Internet governance.
As such, the different chapters in this book may ‘matter’ in different ways to different readers. Readers expecting higher levels of conceptualisation, drawing from STS traditions and the literature of technology and innovation in society, may be more immediately familiar with Chapters 0, 1 and 5, where notions such as ‘translation’ in an actor-network theory sense, Bowker and Star’s ‘sorting things out’, as well as more recent STS-inspired notions of data justice and data activism are fundamental tools to analyse the fieldwork. However, these chapters should not be neglected by readers from more technical backgrounds, since they bring to light the relational and highly socially embedded nature of some tools that help users in their great diversity ‘make sense’ of the tools technologists build.
Admittedly, however, technologists will probably feel more at home in Chapters 2, 3 and 4, which focus more on technical analyses of the case studies and on how the technical architecture of different projects co-shapes development choices and user practices. Nevertheless, we would emphasise again that insights from STS inform these chapters in more ways than may appear at first sight. Indeed, by unveiling phenomena such as informal standardisation processes, controversies around different implementations of a particular protocol and trade-offs between usability and technical efficiency, the concepts and methods of STS are both inextricably entwined in shaping our perspectives and embedded in our writing.
While this book is likely to be of primary interest to the readerships described above, we hope that it may spark interest in wider readerships, including those categories of actors that have been so kind as to participate in our fieldwork – developers, activists, journalists, and, last but not least, users. For these groups of readers, we are hopeful that this book may prompt, or, perhaps more modestly, fuel, a series of ‘taking stock’ discussions on their practices with and around privacy-protecting communication tools. We also hope that regulators may find reasons to take pause and reflect upon our analysis. This is likely to happen most prominently in the concluding chapter, which is not simply the sum of the conclusions arrived at in previous chapters but a substantive discussion of, and overture towards, several pressing Internet governance issues of our time as they relate to the security of communications. This book has the not-so-concealed objective of being useful to these publics, at a time when encryption is as much, or ever more, a pressing societal concern as a technical one.
The field of encrypted messaging does not stand still. As we write this note, in November 2020 and in the context of a pandemic-driven increase in surveillance, we can observe new contributions that explore the links between civil liberties and encryption, such as UNICEF’s working paper on children, encryption and privacy4, alongside new threats to encryption, such as a resolution proposed by the Council of the European Union that controversially calls for a discussion of how to ‘better balance’ the two principles of ‘security through encryption and security despite encryption’.5 Such cases provide reminders – and there will certainly be more by the time this book is published – of the need for a technically-informed social and political analysis of what encrypted communications are ‘made of’, and of the definitions of freedom they co-produce. We hope that this book will be a lasting contribution towards this goal, and we look forward to it joining the debate.
1 This introductory note is perhaps the best place to highlight the difference between the ‘Internet’ and the ‘Web’, although the two terms are all too often used interchangeably in day-to-day discourse. The Internet is the global system of interconnected computer networks that use a ‘common language’ – namely the Internet protocol suite – to communicate with one another. The Web, or World Wide Web (WWW), is a particular set of applications that is built on top of the Internet, one of the most widely used by end users (along with, e.g. file sharing and e-mail applications).
3 Every time the first instance of a term included in the glossary occurs, it is highlighted in bold.