Data and Goliath
Page 24
7. Urge countries to ensure that individuals are promptly notified when their personal information is improperly disclosed or used in a manner inconsistent with its collection;
8. Recommend comprehensive research into the adequacy of techniques that deidentify; data to determine whether in practice such methods safeguard privacy and anonymity;
9. Call for a moratorium on the development or implementation of new systems of mass surveillance, including facial recognition, whole body imaging, biometric identifiers, and embedded RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate; and
10. Call for the establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions.
The idea is that a new Magna Carta, one more focused on the institutions that abuse power in the 21st century, will do something similar. A few documents come close. The Madrid Privacy Declaration, signed by about 100 organizations in 2009, is still the most robust articulation of privacy rights in the modern age.
15
Solutions for the Rest of Us
Surveillance is both a technological and a legal problem. Technological solutions are often available to the user. We can use various privacy and anonymity technologies to protect our data and identities. These are effective, but can be thwarted by secret government orders. We need to fight the political battle as well.
Political solutions require group effort, but are generally limited to specific countries. Technological solutions have the potential to be global. If Microsoft designs its Windows operating system with ubiquitous file encryption, or if the Internet Engineering Task Force decides that all Internet traffic will be encrypted by default, then those changes will affect everyone in the world who uses those products and protocols.
The point is that politics can undermine technology, and also that technology can undermine politics. Neither trumps the other. If we are going to fix things, we need to fight on both the technological and the political fronts. And it’s not just up to governments and corporations. We the people have a lot of work to do here.
DEFEND AGAINST SURVEILLANCE
Law professor Eben Moglen wrote, “If we are not doing anything wrong, then we have a right to do everything we can to maintain the traditional balance between us and power that is listening. We have a right to be obscure. We have a right to mumble. We have a right to speak languages they do not get. We have a right to meet when and where and how we please.” If a policeman sits down within earshot, it’s within your rights to move your conversation someplace else. If the FBI parks a van bristling with cameras outside your house, you are perfectly justified in closing your blinds.
Likewise, there are many ways we personally can protect our data and defend ourselves against surveillance. I’m going to break them down into categories.
Avoid Surveillance. You can alter your behavior to avoid surveillance. You can pay for things in cash instead of using a credit card, or deliberately alter your driving route to avoid traffic cameras. You can refrain from creating Facebook pages for your children, and tagging photos of them online. You can refrain from using Google Calendar, or webmail, or cloud backup. You can use DuckDuckGo for Internet searches. You can leave your cell phone at home: an easy, if inconvenient, way to avoid being tracked. More pointedly, you can leave your computer and cell phone at home when you travel to countries like China and Russia, and only use loaner equipment.
You can avoid activating automatic surveillance systems by deliberately not tripping their detection algorithms. For example, you can keep your cash transactions under the threshold over which financial institutions must report the transaction to the feds. You can decline to discuss certain topics in e-mail. In China, where automatic surveillance is common, people sometimes write messages on paper, then send photographs of those messages over the Internet. It won’t help at all against targeted surveillance, but it’s much harder for automatic systems to monitor. Steganography—hiding messages in otherwise innocuous image files—is a similar technique.
Block Surveillance. This is the most important thing we can do to defend ourselves. The NSA might have a larger budget than the rest of the world’s national intelligence agencies combined, but it’s not made of magic. Neither are any of the world’s other national intelligence agencies. Effective defense leverages economics, physics, and math. While the national security agencies of the large powerful countries are going to be able to defeat anything you can do if they want to target you personally, mass surveillance relies on easy access to our data. Good defense will force those who want to surveil us to choose their targets, and they simply don’t have the resources to target everyone.
Privacy enhancing technologies, or PETs, can help you block mass surveillance. Lots of technologies are available to protect your data. For example, there are easy-to-use plug-ins for browsers that monitor and block sites that track you as you wander the Internet: Lightbeam, Privacy Badger, Disconnect, Ghostery, FlashBlock, and others. Remember that the private browsing option on your browser only deletes data locally. So while it’s useful for hiding your porn viewing habits from your spouse, it doesn’t block Internet tracking.
The most important PET is encryption. Encrypting your hard drive with Microsoft’s BitLocker or Apple’s FileVault is trivially easy and completely transparent. (Last year, I recommended TrueCrypt, but the developers stopped maintaining the program in 2014 under mysterious circumstances, and no one knows what to think about it.) You can use a chat encryption program like Off the Record, which is user-friendly and secure. Cryptocat is also worth looking at. If you use cloud storage, choose a company that provides encryption. I like Spideroak, but there are others. There are encryption programs for Internet voice: Silent Circle, TORFone, RedPhone, Blackphone.
Try to use an e-mail encryption plug-in like PGP. Google is now offering encrypted e-mail for its users. You’ll lose some search and organization functionality, but the increased privacy might be worth it.
TLS—formerly SSL—is a protocol that encrypts some of your web browsing. It’s what happens automatically, in the background, when you see “https” at the beginning of a URL instead of “http.” Many websites offer this as an option, but not as a default. You can make sure it’s always on wherever possible by running a browser plug-in called HTTPS Everywhere.
This is not meant to be a comprehensive list. That would take its own book, and it would be obsolete within months. Technology is always changing; go on the Internet to find out what’s being recommended.
I’m not going to lead you on; many PETs will be beyond the capabilities of the average reader of this book. PGP e-mail encryption, especially, is very annoying to use. The most effective encryption tools are the ones that run in the background even when you’re not aware of them, like HTTPS Everywhere and hard-drive encryption programs. In Chapter 14, I discussed some things companies are doing to secure the data of their users. Much more is going on behind the scenes. The standards bodies that run the Internet are sufficiently incensed at government surveillance that they’re working to make encryption more ubiquitous online. Hopefully there will be more options by the time this book is published.
Also remember that there’s a lot that encryption can’t protect. Google encrypts your connection to Gmail by default, and encrypts your mail as it sits on its servers and flows around its network. But Google processes your mail, so it has a copy of the keys. The same is true for anything you send to any social networking site.
Most metadata can’t be encrypted. So while you can encrypt the contents of your e-mail, the To and From lines need to be unencrypted so the e-mail system can deliver messages. Similarly, your cell phone can encrypt your voice conversations, but the phone numbers you dial, the location of your phone, and your phone’s ID number all need to be unencrypted. And while you can encrypt
your credit card data when you send it over the Internet to an online retailer, that company needs your name and address so it can mail your purchases to you.
And finally, encryption doesn’t protect your computer while in use. You can still be hacked, either by criminals or governments. But, again, this is likely to be targeted surveillance rather than mass. All this means that while encryption is an important part of the solution, it’s not the whole of it.
The current best tool to protect your anonymity when browsing the web is Tor. It’s pretty easy to use and, as far as we know, it’s secure. Similarly, various proxies can be used to evade surveillance and censorship. The program Onionshare anonymously sends files over the Internet using Tor. Against some adversaries, web proxies are adequate anonymity tools.
There are more low-tech things you can do to block surveillance. You can turn location services off on your smartphone when you don’t need it, and try to make informed decisions about which apps may access your location and other data. You can refrain from posting identifying details on public sites. When Snowden first met journalists in Hong Kong, he made them all put their cell phones in a refrigerator to block all signals to and from the devices, so they couldn’t be remotely turned into listening devices.
Sometimes surveillance blocking is remarkably simple. A sticker placed over a computer’s camera can prevent someone who controls it remotely from taking pictures of you. You can leave the return address off an envelope to limit what data the post office can collect. You can hire someone to walk behind your car to obscure your license plate from automatic scanners, as people do in Tehran. Sometimes it is as easy as saying “no”: refusing to divulge personal information on forms when asked, not giving your phone number to a sales clerk at a store, and so on.
Some sorts of blocking behaviors are illegal: you’re not allowed to actually cover your car’s license plate. Others are socially discouraged, like walking around town wearing a mask. And still others will get you funny looks, like wearing face paint to fool facial recognition cameras or special clothing to confuse drones.
Distort Surveillance. I have my browser configured to delete my cookies every time I close it, which I do multiple times a day. I am still being surveilled, but now it’s much harder to tie all those small surveillances back to me and ads don’t follow me around. When I shop at Safeway, I use a friend’s frequent shopper number. That ends up distorting the store’s surveillance of her.
Sometimes this is called obfuscation, and there are lots of tricks, once you start thinking about it. You can swap retailer affinity cards with your friends and neighbors. You can dress in drag. In Cory Doctorow’s 2008 book, Little Brother, the lead character puts rocks in his shoes to alter the way he walks, to fool gait recognition systems.
There is also safety in numbers. As long as there are places in the world where PETs keep people alive, the more we use them, the more secure they are. It’s like envelopes. If everyone used postcards by default, the few who used envelopes would be suspect. Since almost everyone uses envelopes, those who really need the privacy of an envelope don’t stand out. This is especially true for an anonymity service like Tor, which relies on many people using it to obscure the identities of everyone.
You can also, and I know someone who does this, search for random names on Facebook to confuse it about whom you really know. At best, this is a partial solution; data analysis is a signal-to-noise problem, and adding random noise makes the analysis harder.
You can give false information on web forms or when asked. (Your kids do it all the time.) For years, well before consumer tracking became the norm, Radio Shack stores would routinely ask their customers for their addresses and phone numbers. For a while I just refused, but that was socially awkward. Instead, I got in the habit of replying with “9800 Savage Road, Columbia, MD, 20755”: the address of the NSA. When I told this story to a colleague some years ago, he said that he always gave out the address “1600 Pennsylvania Avenue, Washington, DC.” He insisted that no one recognized it.
You can also get a credit card in another name. There’s nothing shady about it, just ask your credit card company for a second card in another name tied to your account. As long as the merchant doesn’t ask for ID, you can use it.
Deception can be extremely powerful if used sparingly. I remember a story about a group of activists in Morocco. Those who didn’t carry cell phones were tracked physically by the secret police and occasionally beaten up. Those who did weren’t, and could therefore leave their phones home when they really needed to hide their movements. More generally, if you close off all the enemy’s intelligence channels, you close off your ability to deceive him.
Break Surveillance. Depending on the technology, you can break some surveillance systems. You can sever the wires powering automatic speed traps on roads. You can spray-paint the lenses of security cameras. If you’re a good enough hacker, you can disable Internet surveillance systems, delete or poison surveillance databases, or otherwise monkey wrench. Pretty much everything in this category is illegal, so beware.
Some of these methods are harder than others. Some of us will be able to do more than others. Many people enter random information into web forms. Far fewer people—I’ve only ever met one who did this—search for random things on Google to muddle up their profiles. Many of these behaviors carry social, time, or monetary costs, not to mention the psychological burden of constant paranoia. I rarely sign up for retail affinity cards, and that means I miss out on discounts. I don’t use Gmail, and I never access my e-mail via the web. I don’t have a personal Facebook account, and that means I’m not as connected with my friends as I might otherwise be. But I do carry a cell phone pretty much everywhere I go, and I collect frequent flier miles whenever possible, which means I let those companies track me. You’ll find your own sweet spot.
We should all do what we can, because we believe that our privacy is important and that we need to exercise our rights lest we lose them. But for Pete’s sake, don’t take those silly online surveys unless you know where your data is going to end up.
AID GOVERNMENT SURVEILLANCE
A call to help the government in its surveillance efforts might seem out of place in this book, but hear me out.
There are legitimate needs for government surveillance, both law enforcement and intelligence needs, and we should recognize that. More importantly, we need to support legitimate surveillance, and work on ways for these groups to do what they need to do without violating privacy, subverting security, and infringing upon citizens’ right to be free of unreasonable suspicion and observation. If we can provide law enforcement people with new ways to investigate crime, they’ll stop demanding that security be subverted for their benefit.
Geopolitical conflicts aren’t going away, and foreign intelligence is a singular tool to navigate these incidents. As I write this in the late summer of 2014, Russia is amassing forces against Ukraine, China is bullying Japan and Korea in the South China Sea, Uighur terrorists are killing Han Chinese, Israel is attacking Gaza, Qatar and Turkey are helping Gaza defend itself, Afghanistan is a chaotic mess, Libya is in decline, Egypt is back to a dictatorship, Iran’s nuclear program might be resuming, Ebola is sweeping West Africa, North Korea is testing new missiles, Syria is killing its own people, and much of Iraq is controlled by a nominally Islamic extremist organization known as ISIS. And this is just the stuff that makes the news. When you read this book, the list will be different but no less serious. I assure you that no one in the White House is calling for the NSA to minimize collection of data on these and similar threats. Nor should they.
Additionally, governments around the world have a pervasive fear of cyberattack. A lot of this is overreaction, but there are real risks. And cyberdefense is mired in a classic collective action problem. Most of the infrastructure of cyberspace is in private hands, but most of the harm of a major cyberattack will be felt by the population as a whole. This means that it’s not going to work long-term to
trust the companies that control our infrastructure to adequately protect that infrastructure. Some sort of government involvement is necessary. In 2013, NSA director General Keith Alexander said, “I can’t defend the country until I’m into all the networks.” That’s the prevailing view in Washington.
Yes, we need to figure out how much we want the NSA in all of our networks. But we also need to help the NSA not want to get into all of our networks. If we can give governments new ways to collect data on hostile nations, terrorist groups, and global criminal elements, they’ll have less need to go to the extreme measures I’ve detailed in this book. This is a genuine call for new ideas, new tools, and new techniques. Honestly, I don’t know what the solutions will look like. There’s a middle road, and it’s up to us to find it.
This isn’t a task for everyone. It’s something for industry, academia, and those of us who understand and work with the technologies. But it’s an important task, and not one that either the intelligence or the law enforcement communities will do for us. If we want organizations like the NSA to protect our privacy, we’re going to have to give them new ways to perform their intelligence jobs.
CHOOSE YOUR ALLIES AND ENEMIES
Our laws are based on geographical location. For most of human history, this made a lot of sense. It makes less sense when it comes to the Internet; the Internet is just too international.
You’re obviously subject to the legal rules of the country you live in, but when you’re online, things get more complicated. You’re going to be affected by the rules of the country your hardware manufacturer lives in, the rules of the country your software vendor lives in, and the rules of the country your online cloud application provider lives in. You’re going to be affected by the rules of the country where your data resides, and the rules of whatever countries your data passes through as it moves around the Internet.