The are two types of security in activism (DRAFT)
The is the outline of what am talking about here http://en.wikipedia.org/wiki/Soft_security
"hard security for traditional mechanisms like authentication and access control, and soft security for social control mechanisms."
Encryption and anonymity, hiding communication so that people can trust that there interaction is with the people they think it is with and nobody eales. in activist cercals this has a strong tendency to centralise activist infrastructure and activity around a small "shadowy" group. And history tells us this is the easiest place for state, and corporate spy’s to live in these encrypted/secret shadows. Examples dailymail and Guardian
"Soft security attempts to discourage harm and mitigate any damage, while quality control attempts to improve a product and weed out non-conforming output. The social controls on the production of Wikipedia documents demonstrate both principles, using discussion pages, accessible edit histories, policies and guidelines, in contrast to traditional document control mechanisms such as workflow and authorization, to achieve both soft security and quality control.
In commercial security, soft security is often achieved through training of staff to manage the environment (1) to make disruptions more noticeable, (2) to make disruptions less socially acceptable, and (3) to create a perceived vested interest in the public."
Openness, activity streams, bring communication into the open to building trust. Using open tools so that you have a very direct and continues inside into what’s going on so you can actual see and trust the popule you are working because you can see them. This builds a secure working relationship and dynamic and effective community of action. Pleapole who have something to hide stand out and are easey to see.
The is a case for hard security in activism and we have tradition to facilitate this - phone, meetups, affinity groups etc. the problem am highlighting here is the online infrastructure that we use to implement so called hard security in activism are almost all based on clinet server infrastructure which in hand with the geek obsession with hard security makes the admin of these centralised services into a fatel weakness - if I was a modern police spy i would be an activist syes admin running the group website and e-mail list and it is very easy to take on these responsibility and stay int he shadows.
For hard security in activism the is a much better model of peer to peer model were the is no centre, it is horizontal web of trust. this is not popular amuncest geek activism for a number of resions probably the most important (unspoken) resign is one of control. An example of a workable open source tool that activist could use is http://en.wikipedia.org/wiki/Retroshare would be good if a group of activist tried to work with this.
The ideas behind soft security is that the open web is simply not an appropriate tool for "spiky" organising and that most of the client server "secure" tools are pseudonymous at best and blatantly open at worst, this would be fine if people understood this but they don’t and these tools are pushed on less techy people as the right this to do. This is both dangerous in a very practical sense and damaging as it makes activism much less dynamic and flexible. The tech tools activist use dampen there effectiveness and lead to a continuation of top-down working practices.
Activist hard security is currently both damaging to the movements from its dysfunctionally and from it pseudonymous. So if soft security is a much better model for MOST activist organising and is actually what the HUGE majority of activist are doing when they use facebook for organising - the question of facebook opens up a hole other connected can of worms.
Very good DRAFT wright up of these issues here http://meatballwiki.org/wiki/SoftSecurity