Photography and Social Media

5CC1F7AF-32C8-44BD-9E44-C061F92CC924
(Passer By by Christopher Parsons)

Why do we want to share our photos online? What platforms are better or worse to use in sharing images? These are some of the questions I’ve been pondering for the past few weeks.

Backstory

About a month ago a colleague stated that she would be leaving Instagram given the nature of Facebook’s activities and the company’s seeming lack of remorse. Her decision has stuck with me and left me wondering whether I want to follow her lead.

I deleted my Facebook accounts some time ago, and have almost entirely migrated my community away from WhatsApp. But as an amateur photographer I’ve hesitated to leave an app that was, at least initially, designed with photographers in mind. I’ve used the application over the years to develop and improve my photographic abilities and so there’s an element of ‘sunk cost’ that has historically factored into my decision to stay or leave.

But Instagram isn’t really for photographers anymore. The app is increasingly stuffed with either videos or ads, and is meant to create a soft landing point for when/if Facebook truly pivots away from its main Facebook app.1 The company’s pivot makes it a lot easier to justify leaving the application though, at the same time, leaves me wondering what application or platform, if any, I want to move my photos over to.

The Competition(?)

Over the past week or two I’ve tried Flickr.2 While it’s the OG of photo sharing sites its mobile apps are just broken. I can’t create albums unless I use the web app. The sharing straight from the Apple Photos app is janky. I worry (for no good reason, really) about the cost for the professional version (do I even need that as an amateur?) as well as the annoyance of tagging photos in order to ‘find my tribe.’

It’s also not apparent to me how much community truly exists on Flickr: the whole platform seems a bit like a graveyard with only a small handful of active photographers still inhabiting the space.

I’m also trying Glass at the moment. It’s not perfect: search is non-existent, you can’t share your gallery of photos with non-Glass users at the moment, discovery is a bit rough, there’s no Web version, and it’s currently iPhone only. However, I do like that the app (and its creators) is focused on sharing images and that it has a clear monetization schema in the form of a yearly subscription. The company’s formal roadmap also indicates that some of these rough edges may be filed away in the coming months.

I also like that Glass doesn’t require me to develop a tagging system (that’s all done in the app using presets), let’s me share quickly and easily from the Photos app, looks modern, and has a relatively low yearly subscription cost. And, at least so far, most of the comments are better than on the other platforms, which I think is important to developing my own photography.

Finally, there’s my blog here! And while I like to host photo series here this site isn’t really designed as a photo blog first and foremost. Part of the problem is that WordPress continues to suck for posting media in my experience but, more substantively, this blog hosts a lot more text than images. I don’t foresee changing this focus anytime in the near or even distant future.

The Necessity of Photo Sharing?

It’s an entirely fair question to ask why even bother sharing photos with strangers. Why not just keep my images on my devices and engage in my own self-critique?

I do engage in such critique but I’ve personally learned more from putting my images into the public eye than I would just by keeping them on my own devices.3 Some of that is from comments but, also, it’s been based on what people have ‘liked’ or left emoji comments on. These kinds of signals have helped me better understand what is a better or less good photograph.

However, at this point I don’t think that likes and emojis are the source of my future photography development: I want actual feedback, even if it’s limited to just a sentence or so. I’m hoping that Glass might provide that kind of feedback though I guess only time will tell.


  1. For a good take on Facebook and why its functionally ‘over’ as a positive brand check out M.G. Siegler’s article, “Facebook is Too Big, Fail.” ↩︎
  2. This is my second time with Flickr, as I closed a very old account several years ago given that I just wasn’t using it. ↩︎
  3. If I’m entirely honest, I bet I’ve learned as much or more from reading photography teaching/course books, but that’s a different kind of learning entirely. ↩︎
Link

The Lawfare Dimension of Asymetrical Conflict

The past week has seen a logjam begin to clear in Canadian-Chinese-American international relations. After agreeing to the underlying facts associated with her (and Huawei’s) violation of American sanctions that have been placed on Iran, Meng Wanzhou was permitted to return to China after having been detained in Canada for several years. Simultaneously, two Canadian nationals who had been charged with national security crimes were themselves permitted to return to Canada on health-related grounds. The backstory is that these Canadians were seized shortly following the detainment of Huawei’s CFO, with the Chinese government repeatedly making clear that the Canadians were being held hostage and would only be released when the CFO was repatriated to China.

A huge amount of writing has taken place following the swap. But what I’ve found to be particular interesting in terms of offering a novel contribution to the discussions was an article by Julian Ku in Lawfare. In his article, “China’s Successful Foray Into Asymmetric Lawfare,” Ku argues that:

Although Canadians are relieved that their countrymen have returned home, the Chinese government’s use of its own weak legal system to carry out “hostage diplomacy,” combined with Meng’s exploitation of the procedural protections of the strong and independent Canadian and U.S. legal systems, may herald a new “asymmetric lawfare” strategy to counter the U.S. This strategy may prove an effective counter to the U.S. government’s efforts to use its own legal system to enforce economic sanctions, root out Chinese espionage, indict Chinese hackers, or otherwise counter the more assertive and threatening Chinese government.

I remain uncertain that this baseline premise, which undergirds the rest of his argument, holds true. In particular, his angle of analysis seems to set to the side, or not fully engage with, the following:

  1. China’s hostage taking has further weakened the trust that foreign companies will have in the Chinese government. They must now acknowledge, and build into their risk models, the possibility that their executives or employees could be seized should the Chinese government get into a diplomatic, political, or economic dispute with the country from which they operate.
  2. China’s blatant hostage taking impairs its world standing and has led to significant parts of the world shifting their attitudes towards the Chinese government. The results of these shifts are yet to be fully seen, but to date there have been doubts about entering into trade agreements with China, an increased solidarity amongst middle powers to resist what is seen as bad behaviour by China, and a push away from China and into the embrace of liberal democratic governments. This last point, in particular, runs counter to China’s long-term efforts to showcase its own style of governance as a genuine alternative to American and European models of democracy.
  3. Despite what has been written, I think that relying on hostage diplomacy associated with its weak rule of law showcases China’s comparatively weak hand. Relying on low rule of law to undertake lawfare endangers its international strategic interests, which rely on building international markets and being treated as a respectable and reputable partner on the world stage. Resorting to kidnapping impairs the government’s ability to demonstrate compliance with international agreements and fora so as to build out its international policies.

Of course, none of the above discounts the fact that the Chinese government did, in fact, exploit this ‘law asymmetry’ between its laws and those of high rule of law countries. And the Canadian government did act under duress as a result of their nationals having been taken hostage, including becoming a quiet advocate for Chinese interests insofar as Canadian diplomats sought a way for the US government to reach a compromise with Huawei/Meng so that Canada’s nationals could be returned home. And certainly the focus on relying on high rule of law systems can delay investigations into espionage or other illicit foreign activities and operations that are launched by the Chinese government. Nevertheless, neither the Canadian or American legal systems actually buckled under the foreign and domestic pressure to set aside the rule of law in favour of quick political ‘fixes.’

While there will almost certainly be many years of critique in Canada and the United States about how this whole affair was managed the fact will remain that both countries demonstrated that their justice systems would remain independent from the political matters of the day. And they did so despite tremendous pressure: from Trump, during his time as the president, and despite the Canadian government being subjected to considerable pressure campaigns by numerous former government officials who were supportive, for one reason or another, of the Chinese government’s position to return Huawei’s CFO.

While it remains to be written what the actual, ultimate, effect of this swap of Huawei’s CFO for two inappropriately detained Canadians will be, some lasting legacies may include diminished political capital for the Chinese government while, at the same time, a reinforcing of the trust that can be put in the American and Canadian (and, by extension, Western democratic) systems of justice. Should these legacies hold then China’s gambit will almost certainly prove to have backfired.

Link

The So-Called Privacy Problems with WhatsApp

(Photo by Anton on Pexels.com)

ProPublica, which is typically known for its excellent journalism, published a particularly terrible piece earlier this week that fundamentally miscast how encryption works and how Facebook vis-a-vis WhatsApp works to keep communications secured. The article, “How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users,” focuses on two so-called problems.

The So-Called Privacy Problems with WhatsApp

First, the authors explain that WhatsApp has a system whereby recipients of messages can report content they have received to WhatsApp on the basis that it is abusive or otherwise violates WhatsApp’s Terms of Service. The article frames this reporting process as a way of undermining privacy on the basis that secured messages are not kept solely between the sender(s) and recipient(s) of the communications but can be sent to other parties, such as WhatsApp. In effect, the ability to voluntarily forward messages to WhatsApp that someone has received is cast as breaking the privacy promises that have been made by WhatsApp.

Second, the authors note that WhatsApp collects a large volume of metadata in the course of using the application. Using lawful processes, government agencies have compelled WhatsApp to disclose metadata on some of their users in order to pursue investigations and secure convictions against individuals. The case that is focused on involves a government employee who leaked confidential banking information to Buzzfeed, and which were subsequently reported out.

Assessing the Problems

In the case of forwarding messages for abuse reporting purposes, encryption is not broken and the feature is not new. These kinds of processes offer a mechanism that lets individuals self-identify and report on problematic content. Such content can include child grooming, the communications of illicit or inappropriate messages or audio-visual content, or other abusive information.

What we do learn, however, is that the ‘reactive’ and ‘proactive’ methods of detecting abuse need to be fixed. In the case of the former, only about 1,000 people are responsible for intaking and reviewing the reported content after it has first been filtered by an AI:

Seated at computers in pods organized by work assignments, these hourly workers use special Facebook software to sift through streams of private messages, images and videos that have been reported by WhatsApp users as improper and then screened by the company’s artificial intelligence systems. These contractors pass judgment on whatever flashes on their screen — claims of everything from fraud or spam to child porn and potential terrorist plotting — typically in less than a minute.


Further, the employees are often reliant on machine learning-based translations of content which makes it challenging to assess what is, in fact, being communicated in abusive messages. As reported,

… using Facebook’s language-translation tool, which reviewers said could be so inaccurate that it sometimes labeled messages in Arabic as being in Spanish. The tool also offered little guidance on local slang, political context or sexual innuendo. “In the three years I’ve been there,” one moderator said, “it’s always been horrible.”

There are also proactive modes of watching for abusive content using AI-based systems. As noted in the article,

Artificial intelligence initiates a second set of queues — so-called proactive ones — by scanning unencrypted data that WhatsApp collects about its users and comparing it against suspicious account information and messaging patterns (a new account rapidly sending out a high volume of chats is evidence of spam), as well as terms and images that have previously been deemed abusive. The unencrypted data available for scrutiny is extensive. It includes the names and profile images of a user’s WhatsApp groups as well as their phone number, profile photo, status message, phone battery level, language and time zone, unique mobile phone ID and IP address, wireless signal strength and phone operating system, as a list of their electronic devices, any related Facebook and Instagram accounts, the last time they used the app and any previous history of violations.

Unfortunately, the AI often makes mistakes. This led one interviewed content reviewer to state that, “[t]here were a lot of innocent photos on there that were not allowed to be on there … It might have been a photo of a child taking a bath, and there was nothing wrong with it.” Often, “the artificial intelligence is not that intelligent.”

The vast collection of metadata has been a long-reported concern and issue associated with WhatsApp and, in fact, was one of the many reasons why many individuals advocate for the use of Signal instead. The reporting in the ProPublica article helpfully summarizes the vast amount of metadata that is collected but that collection, in and of itself, does not present any evidence that Facebook or WhatsApp have transformed the application into one which inappropriately intrudes into persons’ privacy.

ProPublica Sets Back Reasonable Encryption Policy Debates

The ProPublica article harmfully sets back broader policy discussion around what is, and is not, a reasonable approach for platforms to take in moderating abuse when they have integrated strong end-to-end encryption. Such encryption prevents unauthorized third-parties–inclusive of the platform providers themselves–from reading or analyzing the content of the communications themselves. Enabling a reporting feature means that individuals who receive a communication are empowered to report it to a company, and the company can subsequently analyze what has been sent and take action if the content violates a terms of service or privacy policy clause.

In suggesting that what WhatsApp has implemented is somehow wrong, it becomes more challenging for other companies to deploy similar reporting features without fearing that their decision will be reported on as ‘undermining privacy’. While there may be a valid policy discussion to be had–is a reporting process the correct way of dealing with abusive content and messages?–the authors didn’t go there. Nor did they seriously investigate whether additional resources should be adopted to analyze reported content, or talk with artificial intelligence experts or machine-based translation experts on whether Facebook’s efforts to automate the reporting process are adequate, appropriate, or flawed from the start. All those would be very interesting, valid, and important contributions to the broader discussion about integrating trust and safety features into encrypted messaging applications. But…those are not things that the authors choose to delve into.

The authors could have, also, discussed the broader importance (and challenges) in building out messaging systems that can deliberately conceal metadata, and the benefits and drawbacks of such systems. While the authors do discuss how metadata can be used to crack down on individuals in government who leak data, as well as assist in criminal investigations and prosecutions, there is little said about what kinds of metadata are most important to conceal and the tradeoffs in doing so. Again, there are some who think that all or most metadata should be concealed, and others who hold opposite views: there is room for a reasonable policy debate to be had and reported on.

Unfortunately, instead of actually taking up and reporting on the very valid policy discussions that are at the edges of their article, the authors choose to just be bombastic and asserted that WhatsApp was undermining the privacy protections that individuals thought they have when using the application. It’s bad reporting, insofar as it distorts the facts, and is particularly disappointing given that ProPublica has shown it has the chops to do good investigative work that is well sourced and nuanced in its outputs. This article, however, absolutely failed to make the cut.

Link

Project GUNMAN and the Telling of Intelligence Histories

This story of how the National Security Agency (NSA) was involved in analyzing typewriter bugs that were implanted by agents of the USSR in the 1980s is pretty amazing (.pdf) in terms of the technical and operational details which are have been written about. It’s also revealing in terms of how the parties who are permitted to write about these materials breathlessly describe the agencies’ past exploits. In critically reading these kinds of accounts its possible to learn how the agencies, themselves, regard themselves and their activities. In effect, how history is ‘created’—or propaganda written, depending on how your read the article in question—functions to reveal the nature of the actors involved in that creation and the way that myths and truths are created and replicated.

As a slight aside, whenever I come across material like this I’m reminded of just how poor the Canadian government is in disclosing its own intelligence agencies’ histories. As senior members of the Canadian intelligence community retire or pass away, and as recorded materials waste away or are disposed of, key information that is needed to understand how and why Canada has acted in the world are being lost. This has the effect of impoverishing Canadians’ own understandings of how their governments have operated, with the result that Canadian histories often risk missing essential information that could reveal hidden depths to what Canadians know about their country and its past.

Link

When the Government Decides to Waylay Parliament

Steven Chaplin has a really great explanation of whether the Canadian government can rely on national security and evidentiary laws to lawfully justify refusing to provide documents to the House of Commons, and to House committees. His analysis and explanation arose as a result of the Canadian government doing everything it could to, first, refuse to provide documents to the Parliamentary Committee which was studying Canadian-Chinese relations and, subsequently, refusing to provide the documents when compelled to do so by the House of Commons itself.

Rather than releasing the requested documents the government turned to the courts to adjudicate whether the documents in question–which were asserted to contain sensitive national security information–must, in fact, be released to the House or whether they could instead be sent to an executive committee, filled with Members of Parliament and Senators, to assess the contents instead. As Chaplin notes,

Having the courts intervene, as proposed by the government’s application in the Federal Court, is not an option. The application is clearly precluded by Article 9 of the Bill of Rights, 1689, which provides that a proceeding in Parliament ought not to be impeached or questioned in court. Article 9 not only allows for free speech; it is also a constitutional limit on the jurisdiction of the courts to preclude judicial interference in the business of the House.

The House ordered that the documents be tabled without redaction. Any decision of the court that found to the contrary would impeach or question the proceeding that led to the Order. And any attempt by the courts to balance the interests involved would constitute the courts becoming involved in ascertaining, and thereby questioning, the needs of the House and why the House wants the documents.

Beyond the Court’s involvement impeding into the territory of Parliament, there could be serious and long-term implications of letting the court become a space wherein the government and the House fight to obtain information that has been demanded. Specifically,

It may be that at the end of the day the government will continue to refuse to produce documents. In the same way that the government cannot use the courts to withhold documents, the House cannot go to court to compel the government to produce them, or to order witnesses to attend proceedings. It could also invite disobedience of witnesses, requiring the House to either drop inquiries or involve the courts to compel attendance or evidence. Allowing, or requiring, the government and the House to resolve their differences in the courts would not only be contrary to the constitutional principles of Article 9, but “would inevitably create delays, disruption, uncertainties and costs which would hold up the nation’s business and on that account would be unacceptable even if, in the end, the Speaker’s rulings were vindicated as entirely proper” (Canada (House of Commons) v. Vaid [2005]). In short, the courts have no business intervening one way or the other.

Throughout the discussions that have taken place about this issue in Canada, what has been most striking is that the national security commentators and elites have envisioned that the National Security and Intelligence Committee of Parliamentarians (NSICOP) could (and should) be tasked to resolve any and all particularly sensitive national security issues that might be of interest to Parliament. None, however, seems to have contemplated that Parliament, itself, might take issue with the government trying to exclude Parliament from engaging in assessments of the government’s national security decisions nor that issue would be taken when topics of interest to Parliamentarians were punted into an executive body, wherein their fellow Members of Parliament on the body were sworn to the strictest secrecy. Instead, elites have hand waved to the importance of preserving secrecy in order for Canada to receive intelligence from allies, as well as asserted that the government would never mislead Parliament on national security matters (about which, these same experts explain, Members of Parliament are not prepared to receive, process, or understand given the sophistication of the intelligence and the apparent simplicity of most Parliamentarians themselves).

This was the topic of a recent episode of the Intrepid Podcast, where Philippe Lagassé noted that the exclusion of parliamentary experts when creating NSICOP meant that these entirely predictable showdown situations were functionally baked into how the executive body was composed. As someone who raised the issue of adopting an executive, versus a standing House, committee and was rebuffed as being ignorant of the reality of national security it’s with more than a little satisfaction that the very concerns which were raised when NSICOP was being created are, in fact, arising on the political agenda.

With regard to the documents that the House Committee was seeking, I don’t know or particularly care what their contents include. From my own experience I’m all too well aware that ‘national security’ is often stamped on things that either governments want to keep from the public because they can be politically damaging, be kept from the public just generally because of a culture of non-transparency and refusal of accountability, as well as (less often) be kept from the public on the basis that there are bonafide national security interests at stake. I do, however, care that the Government of Canada has (again) acted counter to Parliament’s wishes and has deliberately worked to impede the House from doing its work.

Successive governments seem to genuinely believe that they get to ‘rule’ Canada absolutely and with little accountability. While this is, in function, largely true given how cowed Members of Parliament are to their party leaders it’s incredibly serious and depressing to see the government further erode Parliament’s powers and abilities to fulfil its duties. A healthy democracy is filled with bumps for the government as it is held to account but, sadly, the Government of Canada–regardless of the party in power–is incredibly active in keeping itself, and its behaviours, from the public eye and thus held to account.

If only a committee might be struck to solve this problem…

Link

Ephemerality in Messaging

Signal announced last week that their users could set a default that messages would auto-delete themselves after a period of time from 30 second to four weeks. The default would apply to all conversations, though could be modified on a per-conversation basis. The company wrote,

As the norms for how people connect have changed, much of the communication that once took place through the medium of coffee shops, bars, and parks now takes place through the medium of digital devices. One side effect of this shift from analog to digital is the conjoined shift from the ephemeral to the eternal: words once transiently spoken are now – more often than not – data stored forever.

I tend to think that the retain-forever approach that digital technologies have imposed on contemporary life is deeply unhealthy, and think pretty highly of the early work done by people like Mayer-Schonberger despite some of my critiques. As I noted when I reviewed his book,

… comprehensive digital remembering collapses history and thus impairs our judgement to act in time, while denying humans the chance to evolve, develop, and learn. This leaves us to helplessly oscillate between two equally troubling options: a permanent past and an ignorant present.

Signal’s approach, while appreciated, is also only a first step as they don’t provide an easy way to also extract and permanently retain some communications outside of their environment. Why does this matter? Because there are, in fact, some conversations that need to be retained for some time, be they personal (e.g., last communications with a loved on) or professional (e.g., government employees required to retain substantive decisions and conversations in archives). The company might introduce a flag where–with the consent of both parties–specific parts of conversations could be retained indefinitely outside of the default deletion times. Adding in the friction of retention would serve to replicate how ‘remembering’ often works in non-digital contexts: it takes extra effort to create facsimiles. We should strive to replicate that into more of our digital environments.

Still, Signal’s approach–enabling deletion by default–is arguably an effort to bend communications closer to their historical norms and, as such, likely for the better. They’re obviously not the first company to think this way–Snapchat famously led the way, and numerous social companies’ ‘stories’ posts are designed delete after 24 hours for ‘privacy’ and also (really) engagement reasons–but I think that it’s meaningful that a text-messaging company is introducing this as a way of easily setting defaults for forgetting.

Link

Standards as the Contemporary Highway System

Jonathan Zittrain, in remarks prepared a few weeks ago, framed Internet protocol standards in a novel way. Specifically, he stated:

Second, it’s entirely fitting for a government to actively subsidize public goods like a common defense, a highway system, and, throughout the Internet’s evolution, the public interest development of standards and protocols to interlink otherwise-disparate systems. These subsidies for the development of Internet protocols, often expressed as grants to individual networking researchers at universities by such organizations as the National Science Foundation, were absolutely instrumental in the coalescence of Internet standards and the leasing of wholesale commercial networks on which to test them. (They also inspired some legislators to advertise their own foresight in having facilitated such strategic funding.) Alongside other basic science research support, this was perhaps some of the best bang for the buck that the American taxpayer has received in the history of the country. Government support in the tens of millions over a course of decades resulted in a flourishing of a networked economy measured in trillions.

Zittrain’s framing of this issue builds on some writing I’ve published around standards. In the executive summary of a report I wrote a few months ago, I stated that,

… the Government of Canada could more prominently engage with standards bodies to, at least in part, guarantee that such standards have security principles baked in and enabled by default; such efforts could include allocating tax relief to corporations, as well as funding to non-governmental organizations or charities, so that Canadians and Canadian interests are more deeply embedded in standards development processes.

To date I haven’t heard of this position being adopted by the Government of Canada, or even debated in public. However, framing this as a new kind of roadway could be the kind of rhetorical framing that would help it gain traction.

The Kaseya Ransomware Attack Is a Really Big Deal

Screen Shot 2021-07-19 at 2.26.52 PM
(Managed Service Provider image by the Canadian Centre for Cybersecurity)

Matt Tait, as normal, has good insights into just why the Kaseya ransomware attack1 was such a big deal:

In short, software supply chain security breaches don’t look like other categories of breaches. A lot of this comes down to the central conundrum of system security: it’s not possible to defend the edges of a system without centralization so that we can pool defensive resources. But this same centralization concentrates offensive action against a few single points of failure that, if breached, cause all of the edges to fall at once. And the more edges that central failure point controls, the more likely the collateral real-world consequences of any breach, but especially a ransomware breach will be catastrophic, and cause overwhelm the defensive cybersecurity industry’s ability to respond.

Managed Service Providers (MSPs) are becoming increasingly common targets. It’s worth noting that the Canadian Centre for Cybersecurity‘s National Cyber Threat Assessment 2020 listed ransomware as well as the exploitation of MSPs as two of the seven key threats to Canadian financial and economic health. The Centre went so far as to state that it expected,

… that over the next two years ransomware campaigns will very likely increasingly target MSPs for the purpose of targeting their clients as a means of scaling targeted ransomware campaigns.

Sadly, if not surprisingly, this assessment has been entirely correct. It remains to be seen what impact the 2020 threats assessment has, or will have, on Canadian organizations and their security postures. Based on conversations I’ve had over the past few months the results are not inspiring and the threat assessment has generally been less effective than hoped in driving change in Canada.

As discussed by Steven Bellovin, part of the broader challenge for the security community in preparing for MSP operations has been that defenders are routinely behind the times; operators modify what and who their campaigns will target and defenders are forced to scramble to catch up. He specifically, and depressingly, recognizes that, “…when it comes to target selection, the attackers have outmaneuvered defenders for almost 30 years.”

These failures are that much more noteworthy given that the United States has trumpeted for years that the NSA will ‘defend forward‘ to identify and hunt threats, and respond to them before they reach ‘American cybershores’.2 The seemingly now routine targeting of both system update mechanisms as well as vendors which provide security or operational controls for wide swathes of organizations demonstrates that things are going to get a lot worse before they’re likely to improve.

A course correction could follow from Western nations developing effective and meaningful cyber-deterrence processes that encourage nations such as Russia, China, Iran, and North Korea to punish computer operators who are behind some of the worst kinds of operations that have emerged in public view. However, this would in part require the American government (and its allies) to actually figure out how they can deter adversaries. It’s been 12 years or so, and counting, and it’s not apparent that any American administration has figured out how to implement a deterrence regime that exceeds issuing toothless threats. The same goes for most of their allies.

Absent an actual deterrence response, such as one which takes action in sovereign states that host malicious operators, Western nations have slowly joined together to issue group attributions of foreign operations. They’ve also come together to recognize certain classes of cyber operations as particularly problematic, including ransomware. Must nations build this shared capacity, first, before they can actually undertake deterrence activities? Should that be the case then it would strongly underscore the need to develop shared norms in advance of sovereign states exercising their latent capacities in cyber and other domains and lend credence to the importance of the Tallinn manual process . If, however, this capacity is built and nothing is still undertaken to deter, then what will the capacity actually be worth? While this is a fascinating scholarly exercise–it’s basically an opportunity to test competing scholarly hypotheses–it’s one that has significant real-world consequences and the danger is that once we recognize which hypothesis is correct, years of time and effort could have been wasted for little apparent gain.

What’s worse is that this even is a scholarly exercise. Given that more than a decade has passed, and that ‘cyber’ is not truly new anymore, why must hypotheses be spun instead of states having developed sufficient capacity to deter? Where are Western states’ muscles after so much time working this problem?


  1. As a point of order, when is an act of ransomware an attack versus an operation? ↩︎
  2. I just made that one up. No, I’m not proud of it. ↩︎

Vaccination, Discrimination, and Canadian Civil Liberties

Photo by Karolina Grabowska on Pexels.com

Civil liberties debates about whether individuals should have to get vaccinated against Covid-19 are on the rise. Civil liberties groups broadly worry that individuals will suffer intrusions into their privacy, or that rights of association or other rights will be unduly abridged, as businesses and employers require individuals to demonstrate proof of vaccination.

As discussed in a recent article published by the CBC, some individuals are specifically unable to, or concerned about, receiving Covid-19 vaccines on the basis that, “they’re taking immunosuppressant drugs, for example, while others have legitimate concerns about the safety and efficacy of the COVID-19 vaccines or justifiable fears borne from previous negative interactions with the health-care system.” The same expert, Arthur Schafer of the Centre for Professional and Applied Ethics at the University of Manitoba, said, “[w]e should try to accommodate people who have objections, conscientious or scientific or even religious, where we can do so without compromising public safety and without incurring a disproportionate cost to society.”

Other experts, such as Ann Cavoukian, worry that being compelled to disclose vaccination status could jeopardize individuals’ medical information should it be shared with parties who are not equipped to protect it, or who may combine it with other information to discriminate against individuals. For the Canadian Civil Liberties Association, they have taken the stance that individuals should have the freedom to choose to be vaccinated or not, that no compulsions should be applied to encourage vaccination (e.g., requiring vaccination to attend events), and broadly that, “COVID is just another risk now that we have to incorporate into our daily lives.”

In situations where individuals are unable to be vaccinated, either due to potential allergic responses or lack of availability of vaccine (e.g., those under the age of 12), then it is imperative to ensure that individuals do not face discrimination. In these situations, those affected cannot receive a vaccine and it is important to not create castes of the vaccinated and unable-to-be-vaccinated. For individuals who are hesitant due to historical negative experiences with vaccination efforts, or medical experimentation, some accommodations may also be required.

However, in the cases where vaccines are available and there are opportunities to receive said vaccine, then not getting vaccinated does constitute a choice. As it stands, today, in many Canadian schools children are required to received a set of vaccinations in order to attend school and if their parents refuse, then the children are required to use alternate educational systems (e.g., home schooling). When parents make a specific choice they are compelled to deal with the consequences of said decision. (Of course, there is not a vaccine for individuals under 12 years of age at the moment and so we shouldn’t be barring unvaccinated children from schools, but adopting such a requirement in the future might align with how schools regularly require proof of vaccination status to attend public schools.)

The ability to attend a concert, as an example, can and should be predicated on vaccination status where vaccination is an option for attendees. Similarly, if an individual refuses to be vaccinated their decision may have consequences in cases where they are required to be in-person in their workplace. There may be good reasons for why some workers decline to be vaccinated, such as a lack of paid days off and fear that losing a few days of work due to vaccination symptoms may prevent them from paying the rent or getting food; in such cases, accommodations to enable them to get vaccinated are needed. However, once such accommodations are made decisions to continue to not get vaccinated may have consequences.

In assessing whether policies are discriminatory individuals’ liberties as well as those of the broader population must be taken into account, with deliberate efforts made to ensure that group rights do not trample on the rights of minority or disenfranchised members of society. Accommodations must be made so that everyone can get vaccinated; rules cannot be established that apply equally but affect members of society in discriminatory ways. But, at the same time, the protection of rights is conditional and mitigating the spread of a particularly virulent disease that has serious health and economic effects is arguably one of those cases where protecting the community (and, by extension, those individuals who are unable to receive a vaccine for medical reasons) is of heightened importance.

Is this to say that there are no civil liberties concerns that might arise when vaccinating a population? No, obviously not.

In situations where individuals are unhoused or otherwise challenged in keeping or retaining a certification that they have been vaccinated, then it is important to build policies that do not discriminate against these classes of individuals. Similarly, if there is a concern that vaccination passes might present novel security risks that have correlate rights concerns (e.g., a digital system that links presentations of a vaccination credential with locational information) then it is important to carefully assess, critique, and re-develop systems so that they provide the minimum data required to reduce the risk of Covid-19’s spread. Also, as the population of vaccinated persons reaches certain percentages there may simply be less of a need to assess or check that someone is vaccinated. While this means that some ‘free riders’ will succeed, insofar as they will decline to be vaccinated and not suffer any direct consequences, the goal is not to punish people who refuse vaccination and instead to very strongly encourage enough people to get vaccinated so that the population as a whole is well-protected.

However, taking a position that Covid-19 is part of society and that society just has to get used to people refusing to be vaccinated while participating in ‘regular’ social life, and that this is just a cost of enjoying civil liberties, seems like a bad argument and a poor framing of the issue. Making this kind of broader argument risks pushing the majority of Canadians towards discounting all reasons that individuals may present to justify or explain not getting vaccinated, with the effect of inhibiting civil society from getting the public on board to protect the rights of those who would be harmfully affected by mandatory vaccination policies or demands that individuals always carry vaccine passport documents.

Those who have made a choice to opt-out of vaccination may experience resulting social costs, but those who cannot opt to get a vaccine in the first place or who have proven good reasons for avoiding vaccination shouldn’t be unduly disadvantaged. That’s the line in the sand to hold and defend, not that protecting civil liberties means that there should be no cost for voluntarily opting out of life saving vaccination programs.

Link

Which States Most Require ‘Democratic Support’?

Roland Paris and Jennifer Walsh have an excellent, and thought-provoking, column in the Globe and Mail where they argue that Western democracies need to adopt a ‘democratic support’ agenda. Such an agenda has multiple points comprising:

  1. States getting their own democratic houses in order;
  2. States defending themselves and other democracies against authoritarian states’ attempts to disrupt democracies or coerce residents of democracies;
  3. States assisting other democracies which are at risk of slipping toward authoritarianism.

In principle, each of these points make sense and can interoperate with one another. The vision is not to inject democracy into states but, instead, to protect existing systems and demonstrate their utility as a way of weaning nations towards adopting and establishing democratic institutions. The authors also assert that countries like Canada should learn from non-Western democracies, such as Korea or Taiwan, to appreciate how they have maintained their institutions in the face of the pandemic as a way to showcase how ‘peer nations’ also implement democratic norms and principles.

While I agree with the positions the authors suggest, far towards the end of the article they delicately slip in what is the biggest challenge to any such agenda. Namely, they write:

Time is short for Canada to articulate its vision for democracy support. The countdown to the 2024 U.S. presidential election is already under way, and no one can predict its outcome. Meanwhile, two of Canada’s closest democratic partners in Europe, Germany and France, may soon turn inward, preoccupied by pivotal national elections that will feature their own brands of populist politics.1

In warning that the United States may be an unreliable promoter of democracy (and, by extension, human rights and international rules and order which have backstopped Western-dominated world governance for the past 50 years) the authors reveal the real threat. What does it mean when the United States is regarded as likely to become more deeply mired in internecine ideological conflicts that absorbs its own attention, limits its productive global engagements, and is used by competitor and authoritarian nations to warn of the consequences of “American-style” democracy?

I raise these questions because if the authors’ concerns are fair (and I think they are) then any democracy support agenda may need to proceed with the presumption that the USA may be a wavering or episodic partner in associated activities. To some extent, assuming this position would speak more broadly to a recognition that the great power has significantly fallen. To even take this as possible–to the extent that contingency planning is needed to address potential episodic American commitment to the agenda of buttressing democracies–should make clear that the American wavering is the key issue: in a world where the USA is regarded as unreliable, what does this mean for other democracies and how they support fellow democratic states? Do countries, such as Canada and others with high rule-of-law democratic governments, focus first and foremost on ‘supporting’ US democracy? And, if so, what does this entail? How do you support a flailing and (arguably) failing global hegemon?

I don’t pretend to have the answers. But it seems that when we talk about supporting democracies, and can’t rely on the USA to show up in five years, then the metaphorical fire isn’t approaching our house but a chunk of the house is on fire. And that has to absolutely be our first concern: can we put out the fire and save the house, or do we need to retreat with our children and most precious objects and relocate? And, if we must retreat…to where do we retreat?


  1. Emphasis not in original. ↩︎