First Monday

Distributed, privacy-enhancing technologies in the 2017 Catalan referendum on independence: New tactics and models of participatory democracy by Marta Poblet

This paper examines new civic engagement practices unfolding during the 2017 referendum on independence in Catalonia. These practices constitute one of the first signs of some emerging trends in the use of the Internet for civic and political action: the adoption of horizontal, distributed, and privacy-enhancing technologies that rely on P2P networks and advanced cryptographic tools. In this regard, the case of the 2017 Catalan referendum, framed within conflicting political dynamics, can be considered a first-of-its kind in participatory democracy. The case also offers an opportunity to reflect on an interesting paradox that twenty-first century activism will face: the more it will rely on private-friendly, secured, and encrypted networks, the more open, inclusive, ethical, and transparent it will need to be.


Methods and materials
An emergent ecosystem of distributed technologies
Distributed technologies and the Catalan referendum of 2017




Activist movements that turn to social media to voice their aspirations are no longer a novelty. The Iranian Green Revolution of 2009 and the Arab Spring of 2011 famously leveraged social media for protest and coordination. In both cases, state governments reacted quickly by blocking access to social networks and shutting down the Internet. Repression of bloggers and digital activists followed (Poblet, 2017). Social media platforms have subsequently become an essential tool for civic and political activism, but the risks for activists persist. Digital platforms satisfy a major communication need in any form of activism — spreading out open information to mass-scale audiences. Yet, they also fall short of guaranteeing private, secured communications between activists when coordinating their actions in hostile environments. To meet this second requirement, different tools are required.

In recent years, new protocols and apps based on distributed networks have been tested for that purpose. As opposed to centralised platforms such as Facebook, Twitter or Google, distributed networks are architectures where ‘computation is spread across multiple nodes instead of just one’ [1]. As there is no central node to attack, distributed technologies make any attempt to suppress the entire network extremely difficult. If one node is shut down, other nodes can still communicate, spread information or replicate data. By enabling redundancies, distributed networks are therefore more resistant to censorship. Yet, a distributed architecture does not necessarily resolve privacy and security issues, as individual nodes can still be identified and exposed. To mitigate these risks, an encryption layer to protect end-to-end communications is needed.

This article analyses the adoption of distributed and privacy-enhancing technologies in the context of civic and political activism by presenting the case study of the Catalan referendum on independence of 1 October 2017. Promoted by the government of Catalonia, the referendum was deemed illegal by the Spanish government. The process was punctuated by growing tensions between Spanish and Catalan governments in a highly volatile scenario. The paper reviews some of the strategies of pro-referendum activists and tech-savvy communities to ensure its eventual implementation. The use of distributed technologies and encrypted protocols is a first-of-its-kind experience and illustrates a path that could be followed in other electoral processes in the near future (Poblet, 2017). Yet it also raises new political and ethical questions about privacy, transparency and inclusiveness.



Methods and materials

The case study of the Catalan referendum of 2017 presented in this paper draws from different mainstream and social media sources. First, I collected pieces of news from national and international newspapers (digital versions) across the political spectrum, both during the three months before and the three months after the referendum (e.g., La Vanguardia, El Periódico, El País, Diari Ara, Vilaweb, Nació Digital, Politico, Independent, Guardian, New York Times). Second, I also followed television and radio news during the same period (TV3, TVE, Antena 3, La Sexta, Rac1, Catalunya Ràdio, Cadena SER, Cadena COPE) and public statements posted on Twitter by government representatives, political parties leaders and grass-root organisations. Because the referendum was declared illegal by the Spanish government, I do not use or quote non-published anonymous sources.

The presentation of the case study is organised chronologically, even if the adoption of some technologies may overlap in time. The case study is also analysed in the light of the properties of a linked democracy ecosystem (Poblet, et al., in press).



An emergent ecosystem of distributed technologies

The idea of a distributed architecture to improve robustness and resilience of communication networks was famously proposed by Paul Baran in the early 1960s, when he distinguished between centralised, decentralised and distributed networks (Baran, 1964). Baran’s research memorandum also introduced the concept of ‘message blocks’. Message blocks would be sent separately across the network and the information pieces they contained would be put back together at the final destination point (Baran, 1964).


Centralised, decentralised and distributed networks
Figure 1: Centralised, decentralised and distributed networks (Baran, 1964).


Baran’s concepts were highly influential in the development of the Internet architecture and, later on, its World Wide Web protocols. Yet, the evolution of both the Internet and the Web feature ongoing tensions between centralised, decentralised and distributed models. The Internet giants that emerged in the first two decades of the Web — Google, Amazon, eBay and Facebook — would coexist with services tapping into peer-to-peer (P2P), distributed protocols for data sharing — Napster, KaZaA, eDonkey and eMule. While most of these services were discontinued following lawsuits for copyright infringements in different jurisdictions, their protocols and networks have evolved into new clients and applications with different degrees of adoption. Today’s Web is largely dominated by centralised services that are built on top of decentralised architectural configurations and protocols.

Yet, the distinction between decentralised and distributed models is not always clear (Rasch, 2013). Sometimes the terms “decentralised” and “distributed” are used indistinctively, but from other perspectives distributed models are considered as a subset of decentralised systems (e.g., Eagar, 2017). Vitalik Buterin, founder of the blockchain-based platform Ethereum, has recently proposed three levels or types of decentralisation to clarify the discussion around Baran’s model. Thus, Buterin considers three different axes that can lead to multiple configurations: (i) architectural decentralisation (‘how many physical computers is a system made up of?’); (ii) political decentralisation (‘how many individuals or organizations ultimately control the computers that the system is made up of?’), and (iii) logical decentralisation (‘does the interface and data structures that the system presents and maintains look more like a single monolithic object, or an amorphous swarm?’) (Buterin, 2017). From this perspective, for example, ‘blockchains are politically decentralized (no one controls them) and architecturally decentralized (no infrastructural central point of failure) but they are logically centralized (there is one commonly agreed state and the system behaves like a single computer)’ (Buterin, 2017). Yet, blockchains are also usually known as a type of distributed ledger technology (DLT), which use ‘independent computers (referred to as nodes) to record, share and synchronize transactions in their respective electronic ledgers (instead of keeping data centralized as in a traditional ledger)’ (World Bank, 2018).

Ultimately, the use of one term or another depends on the choice of a combination of technical specifications — architectural and logical features — and governance models — decision-making processes, regulations and politics. In practice, DLTs, decentralised protocols and decentralised apps (or Dapps) are converging into an emerging ecosystem of communities, platforms and tools. In this regard, Internet and Web pioneers such as Vint Cerf, Tim Berners-Lee and Brewster Kahlo have been actively advocating for a decentralised, memory-preserving Web for some years now. In 2016, they convened the first Decentralized Web Summit [2], an event showcasing a number of initiatives with a shared vision to ‘lock the Web open’ with decentralised protocols and applications [3]. The overall vision of the ‘decentralised Web’ aims at ‘re-decentralising’ the Internet with architectures and tools that allow its users greater self-sovereignty in terms of data access and ownership, privacy, security and preservation of digital memory:

Today, the Web we use is not private, secure, reliable or free from censorship. It lacks a memory, a way to preserve our digital record through time. By distributing data, processing and hosting across millions of computers worldwide with no centralized control, a new Decentralized Web has the potential to be open, empowering users around the globe to control and protect their own personal data better than before. [4]

Some of the projects, networks and protocols within this broad umbrella were started in the previous decade. Tor, I2P or Psiphon, now popular software tools for anonymous browsing of the Web and circumvention of censorship in hostile environments, were initially released in the early to mid 2000s [5]. The publication of the Bitcoin protocol in 2008, proposed as ‘a system for electronic transactions without relying on trust’ [6] triggered the current wave of innovations based on DLTs. The new capabilities and solutions that both networks and DLTs enable are still in the early stages of the innovation process. Therefore, it is not yet clear which protocols, platforms, tools and applications will eventually survive and how many of them will be widely adopted, replacing actual incumbents in different domains. The experimentation and testing, nevertheless, is already visible in civic and political arenas with activists, organisations and governments exploring the possibilities that the decentralised ecosystem opens up. When it comes to avoiding censorship, projects such as [7], or applications such as Lantern [8] are examples of the new generation of peer-to-peer, encrypted circumvention solutions [9]. Sometimes, creative options emerge out of individual agency. An interesting case is the use of ether (ETH) transactions on the Ethereum platform to disseminate censored messages: no amount of coins is actually exchanged (the field ‘value’ is 0), but the ‘input data’ field is repurposed to contain the message. Chinese activists have used the ‘input data’ field in the transactions to disseminate censored letters and stories about intimidation, threats and corruption (Flynn, 2018).

At the government level, Estonia is a well-known early example of experimenting with blockchain technologies to upgrade the provision of its e-government services [10]. In the U.S., approximately 20 states ‘have either started pilot programs, enacted blockchain legislation or are considering bills’ (Logsdon, 2018). In France, the government has recently announced a new messaging system for its departments based on Matrix, an open-source, encrypted, distributed protocol to protect their communications [11]. In Catalonia, the referendum on independence of 2017 offers another contrasting example where coordination between government and activists leveraged some of the tools of this emerging distributed ecosystem during the weeks leading to the vote.



Distributed technologies and the Catalan referendum of 2017


On 27 June 2017, Catalan president Carles Puigdemont announced that a referendum on independence would be held in Catalonia on 1 October 2017 [12]. The referendum would ask one single question to 5.4 million eligible voters: ‘Do you want Catalonia to be an independent state in the form of a republic?’. Three years before, on 9 November 2014, the Catalan government had called a non-binding poll where 80 percent of 2.3 million voters opted for independence. For some years, polls have consistently suggested that, while there is a large majority of Catalans in favour of a negotiated referendum to settle the question of independence, they remain split on this issue.

To avoid the anticipated backlash from the Constitutional Court, the supporting legislation came nearly three months later. Following a heated debate marked with incidents, the Parliament of Catalonia eventually passed the Law on the Referendum on Self-determination of 6 September 2017 [13]. The Spanish government reacted immediately accusing the lawmakers of committing a ‘constitutional and democratic atrocity’ and warning that it would stop the referendum [14]. As expected, it also requested the Constitutional Court to suspended the law. The Court magistrates held an urgent meeting the day after and ruled a temporary suspension [15]. Prior to that, the Superior Court of Justice of Catalonia had issued orders to different police forces to prevent any preparatory activities leading to the vote.

Despite the combined efforts of courts and law enforcement agencies to halt the poll, nearly 2.3 million people (43 percent of the electoral roll) turned up to cast their votes on 1 October [16]. The voting, nevertheless, came with unusual scenes of violence when national police forces deployed by the Spanish government across the Catalan region stormed polling stations to seize ballot boxes. By the end of the day, it was reported that nearly 900 voters suffered different injuries after facing police batons [17]. Internet connections and computer systems in polling stations were also compromised in the attempt to prevent access to electronic census data [18].

While the Catalan government was responsible for the organisation of the referendum, judicial orders critically limited its room for manoeuvre. On 20 September, Spanish police raided several Catalan government offices and arrested senior officials from different departments. In this agitated context, the role of pro-referendum activists would become decisive both during the weeks leading to the poll and on the voting day. Ballot boxes, secretly stored in warehouses in the south of France for several weeks before polling day, were distributed to a network of thousands of volunteers who kept them in private homes and car boots until the referendum eve (Vicens and Tedo, 2017). Likewise, millions of ballot papers were printed in France and introduced in Catalonia with the same method [19]. Instructions were primarily given face to face and phones were turned off during meetings. The use of WhatsApp was deemed too risky, and telegram messages were only exchanged as a last resort (Vicens and Tedo, 2017).

Large-scale civic activism was critical to ensure the off-line logistics of the referendum. Nevertheless, a second arena of political struggle emerged in cyberspace when one Spanish judge issued a court order to seize referendum related Web sites [20]. At this point in time, smaller communities of hackers took the lead in preserving and distributing information online. Distributed protocols and cryptographic protections became core to their online tactics.

Cloning of Web sites

The first judicial warrant of 15 September 2017, ordered the seizure of the official referendum Web site ( Immediately after, the same judge forced Spanish telecommunication carriers to block access to mirror Web sites such as, and to shut down all .cat top-level domain Web sites publishing information on the upcoming vote [21]. The seizure triggered strong criticism from organisations such as the Internet Society [22] and the Electronic Frontier Foundation (EFF) [23] and the issue was raised in the European Parliament [24]. As the new was hosted in a different country (Luxembourg) to avoid censorship, Catalan President Carles Puigdemont took the unprecedented step to post on Twitter the basic steps to use proxies to safely access the domain.


Tweet by Catalan President Carles Puigdemont sharing proxy addresses
Figure 2: Tweet by Catalan President Carles Puigdemont sharing proxy addresses [‘No one can stem the tide. Keep going! #1Oct’].


As these Spanish ISPs blocked access to the new domains, the source code of the referendum Web site was published in Github. Hackers then picked dozens of new domains to create new mirror sites such as,, and to navigate social media [25]. The cat-and-mouse game between hackers and police went on. According to data from the Open Observatory of Network Interference (OONI), more than 25 Web sites were blocked from 25 September 2017 onwards (Lundström and Xynou, 2017). This form of activism was not exempt from risks either, as some of the hackers who cloned the original Web sites would later be arrested and/or investigated.


Network measurements collected from three Spanish ISPs
Figure 3: Network measurements collected from three Spanish ISPs (Lundström and Xynou, 2017).


Locating polling stations

Prior to any election day in Spain, the Electoral Board sends notifications to electors who have been drafted as polling officers. Voting cards with the assigned polling stations are also mailed by the Office of the Electoral Census to all registered voters.

Yet, the delivery of such notifications was a major logistical issue for the referendum organisers as the state-owned postal service — Correos — was given instructions to intercept any polling-related mailing. To bypass the postal blockade, the Catalan government launched the Web site OnVotar [Where to Vote] on 21 September. Voters could query the census database to retrieve their assigned polling station by introducing their date of birth, ID number and postal code. Software developers, nevertheless, had to face a double conundrum. First, how to protect the census database from seizure (if centralised in a server, the Spanish authorities would easily render it inoperative). The solution required decentralisation: a static Web site, but a decentralised database. The Web site used the Interplanetary File System (IPFS), a peer-to-peer distributed protocol inspired by Bitcoin and BitTorrent that allows users to access Web sites when the original server is down [26]. The advantages of IPFS over centralised protocols were twofold: on the one hand, the use of (an international top-level domain operated from the U.K.) would make it difficult for Spanish authorities to attempt to redirect the domain to its own servers (as had been the case with the .cat Web sites); on the other hand, even if all traffic to/from the Web site were cut, there was always the option to access and clone the content by downloading the IPFS client (Pujol-Gonzalez, 2017). In fact, when Spanish ISPs — following a new court order — blocked the domain and cut off connection to the referendum Web site, the contents survived across the IPFS network and could be replicated until the eve of the referendum [27].

The second issue was privacy. Contents stored in the IPFS network are publicly accessible, yet the census database is protected by privacy legislation. In that case, the solution involved cryptography. Instead of a plain text database, IPFS stored an encrypted summary of it (or a ‘hash’), as shown in the (fictitious) example below:


encrypted summary


When registered voters filled their personal data in the Web site to know where to vote, the browser in their devices would compute a hash function 1,714 times [28] to find the password that decrypts the only content needed in plain text, that is, the polling station (a piece of data not subject to privacy regulation). Hash functions have an important property that is relevant to this use case: they are one-way computations. The function creates an encrypted output (hash) but the input (original dataset) cannot be recreated from the hash. The only option available to external attacks is to apply brute-force searches (an extremely large number of random attempts). The database, therefore, is not invulnerable, but it requires an enormous computational effort to decrypt it completely [29]. The remaining privacy risks of the solutions adopted in the Catalan case were intensely discussed in social networks and hacker communities [30], but, ultimately, the combination of both decentralisation (IPFS protocols) and encryption (hash functions) could be considered a first-of-its-kind experiment in the election cycle domain.

Peer-to-peer messaging

Like in any other contemporary political movement, activists, volunteers and pro-referendum supporters at large became very active on social networks and instant messaging services. As the referendum day approached, WhatsApp and Telegram groups shared concise guidelines and recommendations on how to act peacefully and keep calm at all times.

Yet, on 30 September rumors started to spread that the Spanish government could go as far as to shut the Internet down to block the voting process. FireChat was then recommended as a peer-to-peer IM/chat solution to deal with this threat. The app does not need the Internet to work, as messages can be relayed end-to-end via Bluetooth connections of mobile phone users. In the end, FireChat was mainly used during the voting day for citizens to self-organize and maintain a constant critical mass of people at every voting station. There was a global chat room and chat rooms for every city. If a polling station ran low on the numbers of people preventing the closure of the station or seizure of the ballot boxes, there would be a call for help and some people would transfer from other voting stations.

Releasing the universal census

Following judicial warrants, police forces already had sealed a number of voting stations ahead of the referendum day. In an unexpected turn of the events, the Catalan government announced on the morning of referendum day — one hour before the opening of the voting stations — the use of the ‘universal census’, a back-up protocol enabling Catalan electors to cast their votes at any functioning polling station.

The ‘universal census’ system was a Web site-based application ( that validated voters’ IDs, prevented duplicate votes and enabled final counting. The Web was hosted in the servers of at least three different providers (Amazon, DigitalOcean and and was shielded with Cloudflare — a network of data centres that protects Web sites from malicious activity — to mitigate distributed denial of service (DDoS) attacks [31].

In response, the Spanish police shut down the Internet network of the public schools — where the vast majority of voting stations were located. In addition to that, the main telecom carriers blocked the domain, which became accessible only via its IP address [32]. Electoral officers were given IDs and passwords to access the Web site with their own laptops, tablets and cell phones (or the ones supplied by volunteer citizens). To keep the Web site IP address safe, IP proxy addresses — redirecting the traffic to the site — were used. A virtual call centre provided proxy addresses on demand, since a number of proxies became quickly congested or suffered external attacks rendering them inoperative (Qurium Media Foundation, 2018). Throughout the day, cell networks became easily saturated in many areas, and voters lining up in polling stations were requested to keep their phones on airplane mode. The cyberbattle went on all day long. As one volunteer hacker recalls:

We could disarticulate all the efforts by the technical services and intelligence of the transatlantic [Spanish state]. Thanks to Tor, to Signal, to mobiles purchased abroad, to Linux and the open source software, even to Bitcoin ... Oh! And to the work and imagination of a bunch of hackers who went all out to make it possible. [33]

In many polling stations, the role of hackers would be decisive in keeping the voting platform up and running. As 1 October came to an end, 2,286,217 votes could be counted: 90.18 percent of voters supported independence, and 7.83 percent opposed [34]. The Parliament would eventually pass a Declaration of Independence [35] on 27 October and, soon after the vote, the Senate in Madrid would vote for direct rule of Catalonia via the application of Article 155 of the Spanish Constitution [36]. A new period of political uncertainty, tensions and stalemate opened up. Yet, in the midst of this antagonistic period, a fledging generation of techno-political activism had its coming of age.




The Catalan referendum of October 2017 offers an interesting case study of participatory practices where off-line and online strategies are deeply intertwined. A distinctive trait of this case study is the use of distributed tactics of horizontal coordination at different levels and in multiple waves.

First, the constraints imposed on Catalan public authorities cascaded one after the other in a highly agitated political environment: suspension of the referendum law, police raiding of government departments and IT centres, arresting of public officers, blocking of referendum Web sites, seizure of polling material and interception of postal communications. These measures restricted considerably the organisational capacity of the Catalan government but, at the same time, triggered coordinated action between the government and grass-root organisations, emerging groups of activists, hacker communities and even external individuals and organisations [37]. As activists from the Xnet movement put it:

This capacity for action distributed between the government and organized citizens has been the trend throughout the electoral process, with large-scale use of chats, networks and other tools that have allowed swift circulation of information circulated on the micro-scale and among strangers who are working together to deal with hoaxes, leaks and infiltrations (Xnet, 2017).

Second, horizontal civic coordination took the lead at very specific times. The logistics involving the purchase, distribution, and custody of the ballot boxes were entirely managed by a small group of volunteers and deployed by thousands of other volunteers acting as distributed nodes with a high degree of redundancy (Vicens and Tedo, 2017).

The protection of voting stations from police closure took a similar pattern. On the referendum eve, activists realised that it would be critical to maintain high numbers of people in all voting stations throughout the night (the Catalan police, following court orders, had started to seal the ones that were not occupied during the day). The GitHub Web site EscolesObertes [OpenSchools] was uploaded the very same day to show which stations were open, closed or missing the numbers of people required [38]. Although the Web site’s data was not always reliable, information spreading through FireChat would provide much more accurate updates.

Third, the shutting down of the public schools’ Internet network left a large number of polling stations without access to the referendum application. Mobile devices from volunteers were used instead, and nearby homes opened up their Wi-Fi networks. Roughly one hundred voting stations used to bypass the Internet outage. is one of the world’s largest people-owned, wireless-based mesh networks [39]. The network, created in 2003, initially expanded in central areas of Catalonia that were not covered by ISPs broadband connections. Nowadays the network has around 30k nodes. is not directly connected to the Internet, but there are a number of public and private gateways that can be used to connect to the Internet from it.

The practices deployed in the Catalan referendum case are interconnected — the actors are active at one or more levels or areas — and leverage a broad set of digital platforms, apps, protocols and digital data.


Tools and technologies deployed during the process leading to the Catalan referendum of 1 October 2017
Figure 4: Tools and technologies deployed during the process leading to the Catalan referendum of 1 October 2017.


In the broader Spanish context, two specific movements — the 13M movement of 2004 and the 15M in 2011 — had already demonstrated emergent features of civic protest blending off-line and online practices of political participation, thus inspiring subsequent movements both nationally and globally. While different in scope and objectives, both movements are the closest precedents to our case study.

Digitally enabled mobilisations in Spain

The 13M movement of 2004 can be seen as the first prototype of civil protest and disobedience that built momentum through the use of cellphones and the Internet as tools of information and coordination. On the morning of 11 March (between 07:37 and 07:40 AM), 10 bombs exploded on four commuter trains around Madrid, three days before the national elections, causing 193 death casualties and more than 2,000 wounded people [40]. The ruling PP party had campaigned on anti-terrorism and security, and sought to attribute the bombings to the Barque terrorist organisation ETA, despite contradictory evidence from the foreign press and claims from Al Qaeda. Public outrage at the bombings soon focused on the misleading reports from government and official media narratives that sought to manipulate the crisis for electoral advantage. The subsequent country-wide public protests of 13 March were organised initially through non-affiliated activists using networks and contact lists building on prior campaigns. They were neither spontaneous eruptions of discontent or organised by traditional political parties or actors but constituted a new form of politics demonstrating the ‘agency of social movement networks’ [41]. Furthermore, the novelty of this protest accrued to: the use of SMS and Internet to spread information among networks (20 percent increase in traffic); the role of disparate public sentiments and motivations; the heterogeneous character of protestors and the lack of a formal, centralised and hierarchical organization to coordinate protestors (Fominaya, 2011). In short, the role of the ‘crowd’ as a political agent. With a subsequent high voter turnout (77 percent) the incumbent government lost the election [42].

In 2011, the 15M movement, famously known as los indignados, followed a similar trajectory as a form of civic protest but also as an outlet for social unrest, especially as the consequences of the 2008 financial crisis were realised in government austerity programs in Spain. The 15M movement used social media as a tool to communicate, mobilize and coordinate over 100,000 protestors across 50 cities in Spain. In addition, it bypassed official media and the traditional political machinery. Actors mobilised and communicated through connected but distributed networks to coordinate protestors (Anduiza, et al., 2014). At the same time, several working committees and, importantly, a Computing Committee, provided structure and support for communication protocols that were key to maintaining momentum and network linkages [43]. The demographic composition of protestors also differed and included young protestors, more women, the unemployed and the more educated. In reaching beyond traditional structures Anduiza, et al. (2014) suggest that 15M as a digital modality ameliorated ‘participatory inequalities’ and provided an entry point for those with limited prior political experience [44]. In this respect 15M was ‘unprecedented’ in the characteristics of the protestors and the Internet-based mobilization practices but at the same time referred back to 13M. It also became a focal point for a range of grievances and general discontent regarding social injustice (Micó and Casero-Ripollés, 2014) and calls for ‘real democracy’ and thus became a new paradigm (Castañeda, 2012; Anduiza, et al., 2014) that could be re-used and elaborated for future campaigns.

New tactics, new conceptual frameworks

Similar calls for institutional transparency and improved democratic practice, as well as protests at corruption and economic inequality were also coordinated by digital media in Iceland, Greece, in the U.S. with the Occupy Wall Street movement, and in the countries of the Arab Spring, among other places. Despite their particularities, all these examples raise questions about the categories that frame the analysis in terms of agency of individuals, collective action, political structures and the impact of the movement.

As Margetts, et al. (2016) argue, waves of protest and activism, coordinated through technology and in particular social media constitute a new ‘political force’. The authors suggest that these new movements appear to gather momentum quickly but are ultimately ‘unsustainable’; but they also suggest that established theories and categories of political activism are insufficient to fully analyse the nature of these contemporary political practices of technology-enabled participation and the non-traditional actors that participate in these hybrid spaces. For example, Bennett and Segerberg (2012) refer to these practices as ‘digitally networked action’ (DNA) and suggest that they can be better understood within the logics of ‘connective action’ rather than the more traditional approach of collective action:

In place of the initial collective action problem of getting the individual to contribute, the starting point of connective action is the self-motivated (though not necessarily self-centered) sharing of already internalized or personalized ideas, plans, images, and resources with networks of others. [45]

From this perspective, it is possible to analyse the Catalan case with the lens of connective action and frame it as hybrid type of ‘organisationally enabled network[s]’ involving “formal organisation actors stepping back from projecting strong agendas, political brands, and collective identities” as well as “more informal organizational actors that develop some capacities of conventional organizations in terms of resource mobilization” [46]. Yet, while ‘at the core of this logic is the recognition of digital media as organizing agents’ [47], the Catalan case exhibits additional layers of complexity. Because digital media operate in the open, they satisfy the personalisation, co-creation, distribution and dissemination of contents that characterise DNAs (Bennett and Segerberg, 2012). But when the adversary is a state, jurisdiction is the limit. The dynamics of networked actions are open and decentralised at the social layer, but the digital media that operate as organisational agents are centralised at the infrastructure layer. Social media networks have become centralised silos of data and metadata, and centralisation makes these platforms extremely vulnerable to jurisdictional coercion. In such circumstances, the balance between leveraging the affordances of digital media and assuming the risks of open communications is hard to strike. Privacy of data and anonymity of metadata (i.e., who sends what to whom) became of paramount importance in the Catalan case, triggering the search for distributed and encrypted tactics at the infrastructural layer. The complexity of building such a layer requires the type of expert activism that features what Postill describes as ‘the rise of nerd politics’ [48]. Postill’s ‘techno-political nerds’ (data activists, digital rights activists, social rights activists) are ‘people who operate at the intersection of technology and politics, and who care deeply about the fate of democracy in the digital age’ [49]. Nerd politics would constitute a new form of citizen politics: its actors are not just politically ‘sophisticated’ in terms of their ‘ability to process political information’ [50] but in their expanded ‘capacity to do things’ collectively and at scale, as the original meaning of demokratia suggests (Ober, 2017; 2008).

Moving from centralisation to distribution, from open to crypto practices, can perhaps be better understood within the framework of new power dynamics. More specifically, within the tensions and strains resulting from algorithmic surveillance by data/metadata processing, jurisdictional coercion by physical force and privacy-enhancing, censorship-resistant practices of participatory democracy.

A linked democracy model

The 2017 referendum in Catalonia gave rise to a participatory ecosystem that can also be analysed as a model of ‘linked democracy’. Linked democracy can be defined as participatory ecosystem emerging from the interaction between people, digital tools and technologies and data (Casanovas, et al., 2017). Such a model presents the following properties (Poblet, et al., in press):

  1. Contextually-bound. Interactions between people, technologies, and data occur at specific settings. To borrow Simon’s classical concepts, these interactions constitute the ‘inner environment’ (Simon, 1988; 1969) that can be ‘represented by a set of given alternatives of action’ [51]. People are identifiable individuals or groups coming together with a common goal or purpose. But this goal is situated in an ‘external environment’ that also imposes their own constraints and requires adjustment and adaptive behaviour.

  2. Open ended. Even if contextually bound, participatory ecosystems are also highly dynamic: people, technology and data interactions (‘inner context’) evolve and adapt as the external context (‘outer environment’) changes, as if in a perpetual beta state.

  3. Blended. Interactions between people, technology and data take place seamlessly, both off-line and online. They emerge in Webs and squares; in online forums and assemblies; in trending topics and rallies.

  4. Distributed. Participatory ecosystems can be represented as distributed networks with multiple nodes. In these networks, communities can be identified as groups of non-hierarchical nodes, but it is also possible to portray communities as groups of edges or links.

  5. Technologically agnostic. Participatory ecosystems rely on technologies that can be replaced. Whereas specific technologies can fail, be prohibited or have supply interrupted, the existence, reuse, upgrade or development of alternative implementations grants its availability and consequently the robustness of the overall ecosystem.

  6. Modular. Digital tools support a vast range of options for citizens and groups. These options will attract different levels of interest and engagement. Some forms of engagement will likely attract large numbers, while some others, requiring more time and cognitive effort, will appeal to much smaller crowds. Participation is therefore the combined outcome of modular engagement.

  7. Scalable. Participatory ecosystems are able to accommodate increasing numbers of nodes (participants, technologies, data) and interactions between them without compromising connectivity and effectiveness.

  8. Knowledge-reusing. Linked democracy ecosystems tap into collective intelligence to produce new forms of collective, commons-based knowledge. This knowledge adopts multiple formats: unstructured conversation threads in forums, Web sites, social media, portals, etc.

  9. Knowledge-archiving. Linked democracy ecosystems are able to trace and reproduce commons-based knowledge. Traceability, reproducibility and accountability are essential components of collective, commons-based knowledge.

  10. Aligned. Political ecosystems may emerge bottom-up, as civic engagement initiatives, or top-down, from legislative or open government initiatives. In any case, only if institutional arrangements are in place will there be the consequential decision making and the feedback loops that characterise aligned processes.

The participatory ecosystem that emerged with the organisation of the Catalan referendum exhibits the above properties with differing intensity and further analysis will be required here. Also, the particular circumstances of the Catalan case — a highly volatile and changing environment punctuated with strong legal and political pressures — add some specific features to this model.

As we have seen, disseminating information across multiple networks, while preserving privacy of data and anonymity of messages, became a central preoccupation of the activist movement in Catalonia. Both decentralisation and cryptography provide some advantages, notably more resilient networks that protect the content of communications end to end. The Catalan hackers leveraged both decentralised architectures and cryptographic protocols to this purpose. Nevertheless, neither distribution nor cryptography are silver bullets, because they can’t prevent per se the potential identification of both senders and receivers of the messages. Communications’ metadata remain exposed and can be exploited to undermine the security of systems, to track actors and, overall, to perform mass surveillance. There are some existing tools and strategies to mitigate these risks: for example, the use of Tor [52] to enable anonymous communications, or protocols such as Ricochet that enable tools such as Cwtch. Yet, research in the construction and user experience of metadata resistant tools is still lacking (Lewis, 2018) [53].

Participatory ecosystems built on distributed architectures and cryptographic protocols are increasingly relying on technologies and tools whose complexity requires new forms of public trust. No matter how trustless — absence of third trusted parties — these environments promise to be, citizens will still need to consent to their use. Consensus algorithms may solve trust at the platform layer, but trust will still be needed at the social one, and it is hard to see how this will happen without transparent governance mechanisms. Twenty-first century activism comes with an interesting paradox that we have not yet started to explore: the more it will rely on secured and encrypted networks, the more open, inclusive, ethical, and transparent it will need to be.




New forms of civic protest in the twenty-first century have emerged through the use of technology to mobilise and coordinate large numbers of people, both online and in physical spaces. Civic and political activism advocating widespread use of distributed technologies, encryption and privacy-enhancing protocols to bring political change is perhaps a sign of a (re)emerging trend of the Internet: the horizontal, decentralised network of networks that Vint Cerf and Tim Berners-Lee, inventors of its core technologies, initially envisioned.

The actual deployment of distributed solutions and encryption techniques in the Catalan referendum on independence also illustrates this trend and highlights some innovations in the electoral space. The key role of techno-experts was already obvious in the organisation of the 2011 15M movement — and in this perspective the continuities with 1 October in Catalonia could be analysed in further work. The novelty of the 2017 movement, yet, is the realisation that activism has evolved into a data (and metadata) intensive practice. In this context, privacy — both as a fundamental right and a legal requirement — is not a peripheral issue, but the touchstone that will test the resilience of any activist movement. Privacy-enhancing technologies require very specific capabilities and expertise, as well as the assumption that solutions will never be risk-free. In that regard, activist movements will be faced with decisions on what risks are acceptable in every particular context. Ultimately, these are political and ethical issues that take more than technology savviness to assess. End of article


About the author

Marta Poblet is an associate professor at RMIT University’s Graduate School of Business and Law. She is one of the co-founders of the Institute of Law and Technology at the Autonomous University of Barcelona. She holds a JSD in law (Stanford University, 2002) and a Master’s in International Legal Studies (Stanford University, 2000). Her research interests cover different areas at the intersection of law, political sciences and technology. She is also interested in the connections between technology developments (AI, blockchain, human computer interaction) and the different theories of democracy and citizenship.
E-mail: marta [dot] pobletbalcell [at] rmit [dot] edu [dot] au



The author is grateful to Ariadne Vromen for her comments as a discussant of the first version of this paper, presented at the World Congress of Political Science (Brisbane, 21–25 July 2018). Thanks also to Marc Pujol-Gonzalez for e-mail conversations and insight on decentralised and encrypted technologies, and to Mari Fitzpatrick for her research assistance and editing work. In Figure 4 of this paper three icons from the Noun Project have been used: group icon by Tyler Gloude; data icon by IcoDots; mobile device icon by Victografic.



1. Raval, 2016, p. 4.

2. The second edition of the Summit took place in San Francisco, 31 July–2 August 2018. See, accessed 23 August 2018.

3. See, for example, the project Solid (from ‘social linked data’) led by Tim Berners Lee at MIT, aims to ‘radically change the way Web applications work today, resulting in true data ownership as well as improved privacy’,, accessed 23 August 2018.

4. Decentralized Web Summit at, accessed 23 August 2018.

5. Tor (by the Tor Project) was initially released in 2002; I2P (Invisible Internet Protocol), in 2003; Psiphon, developed at the University of Toronto, was first released in 2006.

6. Nakamoto, 2008, p. 8.

7. at, accessed 23 August 2018. defines itself as a ‘a peer-to-peer routing and distributed storage system designed for accessing websites from the stringest network environments’ CENO2 bridges ‘darknet’ connections with the Web.

8. Lantern at, accessed 23 August 2018.

9. For a state of the art on the new tools and technologies, see the panel ‘Can the Decentralised Web combat Censorship, Prosecution, and Government Interference?’ at the 2018 Decentralised Web Summit,, accessed 23 August 2018. .

10., accessed 23 August 2018.

11., accessed 23 August 2018.

12., accessed 23 August 2018.

13., accessed 23 August 2018.

14., accessed 23 August 2018.

15. The Spanish Constitutional Court would eventually declare the law unconstitutional in its Sentence of 17 October 2017, El Pais, at, accessed 23 August 2018.

16., accessed 23 August 2018.

17., accessed 23 August 2018.

18., accessed 23 August 2018.

19., accessed 23 August 2018.

20., accessed 23 August 2018.

21. The list included, in addition,,,,,,, and, El Mon, at, accessed 23 August 2018.

22., accessed 23 August 2018.

23., accessed 23 August 2018.

24., accessed 23 August 2018.

25., accessed 23 August 2018.

26., accessed 23 August 2018.

27. As of 30 June 2018 a clone of the Web site is still active at Wikileaks,, accessed 23 August 2018.

28. Programmers did not pick an arbitrary number to recourse their hash function: 1714 is the year of Catalonia’s defeat in the Spanish War of Succession and marks the loss of Catalan political institutions in front of the Bourbon candidate to the throne of Spain, Phillip V, Diari Ara, at, accessed 23 August 2018.

29. In fact, developers did not need to have access to the full original census database either, since they operated the function using just the five last digits and letter of voters’ IDs (Pujol-Gonzalez, 2017).

30. See, for example,, accessed 23 August 2018.

31. Cloudfare, at, accessed 23 August 2018. Cloudflare projects Galileo and Athens offer free service to ‘organizations working on behalf of the arts, human rights, civil society, or democracy.’


33. [translated from Catalan], accessed 23 August 2018.

34., accessed 23 August 2018.

35., accessed 23 August 2018.

36., accessed 23 August 2018.

37. Notably, Julian Assange offered expertise on virtual private networks, secured communications and the use of apps such as FireChat or Signal. He also suggested Catalans to bypass the seizure of regional finances by adopting Bitcoin. Likewise, Pirate Bay founder Peter Sunde offered anonymous hosting to censored Web sites through his privacy-enhancing service Njalla. The hosting Web site explains that Njalla is ‘the Sami word referring to the way of keeping the non-wanted beasts out of the stuff you care about’ (Poblet, 2017).

38. The original page is no longer available, but a surviving clone can be found at, accessed 23 August 2018.

39., accessed 23 August 2018.

40., accessed 23 August 2018.

41. Fominaya, 2011, p. 291.

42. Fominaya, 2011, p. 301.

43. Micó and Casero-Ripollés, 2014, pp. 864–865.

44. Anduiza, et al., 2014, p. 760.

45. Bennett and Segerberg, 2012, p. 753.

46. Bennett and Segerberg, 2012, pp. 756–757.

47. Bennett and Segerberg, 2012, p. 752.

48. Postill, 2018, p. 1.

49. Ibid.

50. Dalton, 2014, p. 21.

51. Simon, 1988, p. 70.

52. Tor, at, accessed 23 August 2018. Tor is a software that bounces communications around a distributed network of relays run by volunteers all around the world.

53. Cwth, at, accessed 23 August 2018.Cwtch is an experimental prototype based on the metadata resistant protocol Ricochet.



Eva Anduiza, Camilo Cristancho and José M. Sabucedo, 2014. “Mobilization through online social networks: The political protest of the indignados in Spain,” Information, Communication & Society, volume 17, number 6, pp. 750–764.
doi:, accessed 26 November 2018.

Paul Baran, 1964. “On distributed communication networks,” RAND Memorandum (August), at, accessed 28 August 2018.

W. Lance Bennett and Alexandra Segerberg, 2012. “The logic of connective action: Digital media and the personalization of contentious politics,” Information, Communication & Society, volume 15, number 5, pp. 7390–768.
doi:, accessed 26 November 2018.

Vitalik Buterin, 2017. “The meaning of decentralisation” (6 February), at, accessed 28 August 2018.

Pompeu Casanovas, Danuta Mendelson and Marta Poblet, 2017. “A linked democracy approach to regulate public health data,” Health and Technology, volume 7, number 4, pp. 519–537.
doi:, accessed 26 November 2018.

Ernesto Castañeda, 2012. “The indignados of Spain: A precedent to Occupy Wall Street,” Social Movement Studies, volume 11, numbers 3–4, pp. 309–319.
doi:, accessed 26 November 2018.

Russell J. Dalton, 2014. Citizen politics: Public opinion and political parties in advanced industrial democracies. Sixth edition. Los Angeles: Sage.

MaRi Eagar, 2017. “What is the difference between decentralized and distributed systems?” (4 November), at, accessed 28 August 2018.

Walker Flynn, 2018. “Uncensored content on Ethereum: How Chinese activists inspired civil” (13 August), at, accessed 28 August 2018.

Cristina Flesher Fominaya, 2011. “The Madrid bombings and popular protest: Misinformation, counter-information, mobilisation and elections after ‘11-M’,” Contemporary Social Science, volume 6, number 3, pp. 289–307.
doi:, accessed 26 November 2018.

Sarah Jamie Lewis, 2018. “Cwtch: Asynchronous, decentralized, and metadata resistant group communication” (28 June), at, accessed 28 August 2018.

David Logsdon, 2018. “Blockchain for government has already arrived” (9 August), at, accessed 28 August 2018.

Tord Lundström and Maria Xynou, 2017. “Evidence of Internet censorship during Catalonia’s independence referendum,” Open Observatory of Network Interference [OONI], at, accessed 28 August 2018.

Helen Margetts, Peter John, Scott Hale and Taha Yasseri, 2016. Political turbulence: how social media shape collective action. Princeton, N.J.: Princeton University Press.

Josep-Lluis Micó and Andreu Casero-Ripollés, 2014. “Political activism online: organization and media relations in the case of 15M in Spain,” Information, Communication & Society, volume 17, number 7, pp. 858–871.
doi:, accessed 26 November 2018.

Satoshi Nakamoto, 2008. “Bitcoin: A peer-to-peer electronic cash system,” at, accessed 28 August 2018.

Josiah Ober, 2017. Demopolis: Democracy before liberalism in theory and practice. Cambridge: Cambridge University Press.
doi:, accessed 26 November 2018.

Josiah Ober, 2008. “The original meaning of ‘democracy’: Capacity to do things, not majority rule,” Constellations, volume 15, number 1, pp. 3–9.
doi:, accessed 26 November 2018.

Marta Poblet, 2017. “Inside Catalonia’s cypherpunk referendum,” Eureka Street, volume 27, number 20 (6 October), at, accessed 28 August 2018.

Marta Poblet, Pompeu Casanovas and Victor Rodriguez-Doncel, in press. Linked democracy. Berlin: Springer Nature.

John Postill, 2018. The rise of nerd politics: Digital activism and political change. London: Pluto Press.

Marc Pujol-Gonzalez, 2017. “How the Catalan government uses IPFS to sidestep Spain’s legal block,” at, accessed 28 August 2018.

Qurium Media Foundation, 2018. “Blocking techniques Catalunya,” at, accessed 28 August 2018.

Miriam Rasch, 2013. “Beyond distributed and decentralized: What is a federated network?” Institute of Network Cultures (3 April), at, accessed 28 August 2018.

Herbert H. Simon, 1988. “The science of design: Creating the artificial,” Design Issues, volume 4, numbers 1–2, pp. 67–82.

Herbert H. Simon, 1969. The sciences of the artificial. Cambridge, Mass.: MIT Press.

Laia Vicens and Xavi Tedó, 2017. Operació urnes. Barcelona: Columna.

Xnet, 2017, “Repression and digital resistance in the #CatalanReferendum” (4 October), at, accessed 28 August 2018.

World Bank, 2018. “Blockchain and distributed ledger technology (DLT)” (12 April), at, accessed 28 August 2018.


Editorial history

Received 23 August 2018; accepted 26 November 2018.

Creative Commons License
This paper is licensed under a Creative Commons Attribution 4.0 International License.

Distributed, privacy-enhancing technologies in the 2017 Catalan referendum on independence: New tactics and models of participatory democracy
by Marta Poblet.
First Monday, Volume 23, Number 12 - 3 December 2018