Harm Reduction

Our community creates tools for those who believe they are at risk of violence and oppression. This is a lofty and near impossible environment to work cleanly within. Tools are quickly outdated, vulnerabilities are horded by the most powerful governments in the world for exploitation, tactics for censorship and surveillance constantly evolve, and new circumvention tools are being developed and used before older tools have had a chance to be properly reviewed by the security community. In this environment code and educational materials are always going to be found lacking in one way or another. Too often we take a stance where we attribute the blame for possible future outcomes of an exploited vulnerability, or misleading article on the authors.

The slippery slope of possibilities exaggerates the severity of missteps in code and content. Vulnerabilities can be patched, writing amended, and misspeaking retracted. We cannot ask that others bear the burden of building that their tool be impenetrable “under circumstances that the senders life may depend on it being secure.” What we can do is use an approach to user tools as interventions. Recently a peer mentioned the harm-reduction methodology from drug treatment interventions as one way to shift the focus from the perfect tool to the perfect combinations of tools. After a short period of research and quick find-and-replace of “drug” with “internet” in the key principles of harm reduction as outlined by the CCSA National Policy Working Group (1996) I was convinced.