Protestware: Using Open Source Software as a Platform for Political Movements

The recent Russia-Ukraine conflict has seen the rise of a new political movement: “protestware”, which involves using open source software to make political statements. What are the ramifications of using an amorphous technological medium as a political platform in an age of intimate human-technology relationships?

What does it mean to talk of freedom of speech in a world in which communication is organised through mass communication? - John Street, Politics and Technology 1992

Political systems govern the way we live our everyday lives. The structure of our governments and the promulgation of laws impact jobs, property, healthcare and education. Technology is entwined into our existence, folded into the structures of our organisations and has become a driving force for social change. Because of the way technology has seeped into the fabrics of our social structures, politics and technology have become inseparable. 

We exist at the epoch of the digital age characterised by nuanced human-technology relationships. Our increasingly intimate relationship with technology and the ease of accessibility of technology yields layers of complexity that may unravel in unforeseen ways. Following the recent invasion of the Ukraine, a new phenomena - “protestware” - has emerged among the open source community [1]. Open source developers have been making changes to software to express support for Ukraine. While many of these cases consist of anti-war messages, there have been a few cases that have involved more malicious attacks on Russian and Belarusian computers. One example is the modifications made to a popular piece of open source code (node-ipc). The update meant that when executed, the code would scan the IP address of the user and if the user was from Russia or Belarus, their system files were deleted and replaced with a heart emoji [2]. 

The idea of open source software being used as a political platform is interesting from the perspective of reach and impact. Open source software is freely accessible to anyone, anywhere. Those developing and sharing code through open source are beholden to no one. They have agency over the content that is developed and how it is shared with the world. While this medium may be an opportunistic vessel for advocacy and support of a nation under attack, the incident with node-ipc illustrates a different dimension that comes with using technology as a political platform. 

A lot of open source software is utilised as dependencies for larger systems. Therefore, even a small change in that code will lead to flow-on effects. The dependent nature of software is one example of the fragility of technology. The emergence of protestware is a salient example of how that fragility can be exploited in times of political instability. 

I conduct research around safety of emerging technologies and one point I often talk to is how risk landscapes change with technological innovation. What’s interesting about protestware is the impact political instability has had on the risk landscape of open source software. My research looks at the increasingly intimate relationships between humans and technology and analyses the risks associated with that. Something I hadn’t considered prior to learning about protestware was the risks humans afford to technology because of this intimate relationship. While my research does consider how assurance can be provided around the human role in an interaction with human and machine (using machine specifically here as my research addresses physical machines), I had not considered how human responses to political instability could manifest in software. More specifically, I did not consider humans exploiting the fragility of technology as part of the risk landscape associated with human-machine interaction. 

Because of the deeper relationships we form with technology, our decisions around how we use it become more personal. The extension of technology into the many facets of our everyday lives means we view technology as more than just a tool. Our responses to changes in our lives, such as those caused by political instability, can now be materialised through an amorphous medium that has far reaching impacts. The two questions I have taken away from the phenomena that is protestware are: how does humans exploiting the fragility of technology change the risk landscape that emerges at the intersection between humans and technology, and should the impacts of political instability be captured as a risk and if so, is this a human risk or a technical risk? 

References

[1] https://www.wired.com/story/open-source-sabotage-protestware/ 

[2] https://fortune.com/2022/03/22/what-is-protestware-russia-ukraine-sberbank-software-open-source/