Security Culture
What It Is, Why We Need It, and How to Do It
What Is Security Culture?
In the political context, security culture is a set of customs and practices shared by a community or movement that are designed to minimize risk.
At its most basic, security culture is rooted in the principle of sharing sensitive information only on a need-to-know basis—not an “I trust you” basis or “I really want to know” basis.
How Do We Do It?
Do not talk about your involvement or someone else’s involvement in illegal activities—past, present, or future. It might also include not talking about someone’s immigration status or other characteristics that might make them a bigger target for the State.
The exceptions are fairly obvious: (1) you can discuss such activities with the people you are actually planning those activities with (but choose people carefully); (2) you can discuss them after you have been convicted for them, provided you don’t incriminate anyone else. Obviously, different actions pose different risks and therefore, the precise level of information that is shared might vary. But need-to-know basis is the best starting point.
Common ways that people break this aspect of security culture include:
● lying about things they’ve done to impress others or prove themselves; ● bragging about things they’ve done, also often to impress others or prove how “radical” they are; ● gossiping about things they know about (“I heard so and so was involved in that”), often part of an effort to feel in-the-know and well-connected; ● asking a lot of questions about who was involved in various illegal actions, or what previous illegal actions someone has participated in. ● indirect bragging/gossiping by making a big deal about how hardcore they are, how they are trying to stay super underground/anonymous, or how much they can’t tell you about because of security culture (“Well, I could tell you soooo many stories, but like, security culture you know!”) ● pressuring/manipulating people to be involved in things in which they don’t want to be involved, sometimes by questioning their commitment to the cause or using guilt as a manipulation tactic.
There are other related aspects of security culture as well.
Image credit: Rob Wilson Photography
Do not talk to law enforcement or cooperate with their investigations. Ever. Cops never qualify as need-to-know. Everything you say to law enforcement will be misquoted, pulled out of context, and used against you and others. Nothing you say to them can help you. Often people feel that they have nothing to hide from the police or the state. Everyone has something to hide, because the cops are gathering intelligence and mapping communities. Cops lie routinely. The only three things out of your mouth should be: “I’m going to remain silent. I want to speak to a lawyer. I do not consent to a search.”
Take other appropriate measures to protect sensitive information. This means not sharing account passwords or keys/combinations to locks with people that don’t need them; using encryption for storing or sending sensitive digital information; not storing or communicating sensitive information digitally in the first place; hiding or deleting personal information that is publicly accessible on the internet.
The appropriate security measures depend on the type of information and the particular risk. Is it information that if stolen, could jeopardize someone’s employment, or simply would inconvenience the organization? Is the security measure directed at thwarting the State and law enforcement, or non-State actors like fascists or corporate security?
Commit to addressing breaches of security culture in a constructive way. Breaches will happen, and people are not perfect. But the breaches need to be addressed, constructively and without speculation as to motive. Many breaches will be a result of people who forgot, made a mistake, simply didn’t know, or some other common error. They should be reminded or educated in a way that supports their effort and growth and doesn’t judge or shame. However, sometimes people who clearly know better will make flagrant, repeated breaches. This can be extremely dangerous and must be dealt with. Unfortunately, sometimes dangerous people just have to be kicked out.
In addressing any breach, it’s bad to speculate about someone’s motives. It’s often tempting to say things like “that’s classic informant behavior,” or “they must be a snitch.” Such speculation is problematic for two reasons. One, it can easily turn into honest people getting snitch jacketed and a lot of paranoia and finger pointing, which may be more damaging than the original security culture breach was in the first place. Second, it takes the discussion away from the actual behavior and the harm or danger it created, and makes the discussion about the alleged motivation. Address the behavior, not the motivation.
Build a movement culture that is rooted in anti-oppression.
Many of the common security culture breaches—bragging, lying, pressuring, etc.—stem from macho behavior and macho culture in our movements and communities. People often feel a need to prove how “radical” or “down” or “committed” they are. Many circles will boost up the people who are seen as the most badass or militant. We would do well to critically examine the underlying cultures we create in our movements and communities and how they may be starkly at odds with good security culture.
Myths, Misconceptions, and Misapplications
Security culture is not about hiding abuse or dirty laundry. Sometimes people who abuse, manipulate, coerce, or deceive the people around them will try to use security culture to hide their harmful actions. This is an abuse of security culture and a danger to our movements. People need to be accountable for their harmful actions, and if someone is a danger to others—whether through malice or just carelessness—that information needs to be shared so that people can take appropriate steps to protect themselves.
Security culture is not about excluding new-comers, being inaccessible to people with different backgrounds, or being extra cool. We have to be aware of how our security practices might make our movements less accessible. A movement that can’t attract new participants, help build their political education and organizing capacity, and acculturate them into the resistance will flounder in its own isolation.
Security Culture is not about witch hunts to find suspected infiltrators. Investigating people is extremely time consuming and is unlikely to produce compelling evidence. False or unsupported accusations or those based on conjecture and innuendo (sometimes called “snitch jacketing” or “bad jacketing”) are extremely damaging to movements—sometimes even more damaging than the infiltrator themselves. It amplifies paranoia, distrust, and conflict.
Security culture cannot keep you safe. Our only real safety is in liberation! If you trust the wrong person with whom to plan an illegal action, and that person turns out to be an informant, or later decides to cooperate with the state, you might be in a bad spot. Taking elaborate measures to encrypt all your digital information and communications might fail if the government finds a way to access your encryption key. Kicking out the macho bragger but not doing anything about the quiet abuser might help protect against one risk, but creates a dozen others.
Resisting the misery and violence of the status quo and fighting for collective liberation is dangerous work, and there are powerful forces aligned against us. Security culture will help mitigate certain risks, but it cannot eliminate them. Our best security is in our solidarity with one another, our accountability to each other, and our fight for freedom.