When a group of students from Iowa State University (ISU) contacted us earlier this month about forming an ISU Digital Freedom group, they were facing an unexpected problem: despite their simple goal of fostering a healthy conversation around freedom-enhancing software, the university administration denied them official recognition. The university has since granted the Digital Freedom group the green-light to meet on campus, but under unduly restrictive conditions. These students’ story is instructive to students around the country and the world who are concerned about online privacy.
The administration initially denied the Digital Freedom Group's proposal because it did not want ISU students either to advocate for or participate in the “secrecy network” Tor, and would not permit the student group to use any “free software designed to enable online anonymity.” The students had not proposed that a Tor node be established on campus. Rather they asked that they be able to provide a forum to “discuss, learn and practice techniques to anonymize and protect digital communication.”
The students were told they had to gain clearance from the Iowa State University attorneys and security clearance from the university's Chief Information Officer. They were ultimately successful, and Iowa State University is now home to its very own Digital Freedom Group.
EFF strongly supports the formation of student groups like the Digital Freedom Group that aim to discuss and learn about methods for secure and private use of the Internet. We submit this open letter to campus activity review boards across the world that may feel a similar hesitation on the topic of online anonymity and privacy. Students, professors, and staff from other universities are invited to contact us [ email@example.com ] with stories of misguided, speech-chilling policies.
University administrations around the world,
A healthy conversation about online privacy should never be stifled. Yet we've heard too many stories of students whose efforts to initiate these conversations have faced roadblocks from university administrators fearful of encryption and anonymity software.
But the time has come now to embrace these technologies, not blindly reject them. There is nothing to fear about online privacy and the various tools available to achieve it.
The demonization of technology because of a few bad actors is a dangerous path. Think about it: the classification of a computer as a machine designed for cybercrime, makes no more sense than maligning cell phones because drug dealers use them to make illegal sales. Instead, we should encourage ethical and responsible use of technologies. The best way to do this is through meaningful conversation that explains how technologies function and the myriad ways technology is and can be utilized.
Tor, in particular, was originally developed by the U.S. Naval Research Laboratory for the purposes of protecting government communications. But today it is used to serve a variety of needs. Journalists use Tor to protect the anonymity of their sources; Internet users in countries where information is censored use Tor to circumvent oppressive firewalls; lawyers use Tor to exchange sensitive information relating to a case; corporations use Tor to protect trade secrets; and people use Tor everyday to have conversations about topics they might feel uncomfortable discussing without the protection anonymity provides. The technology is popular among survivors of rape or gang violence and medical patients who want to take part in online communities, but may only wish do so anonymously.
Anonymous speech has a long history in democratic societies, particularly when used by those whose politically contentious views might have put them ill-at-ease amongst their contemporaries (like Mark Twain, Voltaire, and George Orwell—all pen names). The Federalist Papers were written under the collective pen name Publius to protect the identities of the individual authors. In a similar fashion, Tor gives people the opportunity to discuss anything, freely and without fear of being tracked or chastised for their opinions.
There are other free software tools that we consider to be good hygiene for a privacy-conscious user, like GPG email encryption, which is used to keep email communication private from malicious hackers or unconstitutional government surveillance. There is also our HTTPS Everywhere browser extension, designed to encrypt data that travels between a user's computer and a website. These practices are not designed to cloak criminals from the view of law-enforcement. Rather, they are intended to make experiences online as trustworthy as possible, despite the fact that the interactions occur across great distances between people and organizations that may never meet in the physical sense.
Conversations about online privacy and security should be encouraged, and never silenced. The more that students understand how security threats function and the myriad ways they can protect their communications and identity, the less vulnerable they are to cybercrime or unwanted surveillance. Privacy technologies can be introduced as a framework grounded in ethical applications and First Amendment principles.
Please never hesitate to contact the Electronic Frontier Foundation with questions about online privacy or anonymity tools, and more importantly, think twice before ever limiting what students can and cannot discuss openly, especially when it comes to the use of technology. Healthy and open dialogue about how students can, should, and do use existing technologies is far better than forcing secrecy, which may only serve to promote notions of criminality about Internet practices that, if used properly, serve to enhance and protect our basic rights online.
Securely and sincerely,
The Electronic Frontier Foundation
PS: Please see and share our “Myths and Facts About Tor” document for a deeper discussion about the oft-misunderstood software.