both Yahoo: Andrea Peterson, Barton Gellman, and Ashkan Soltani (14 Oct 2013), “Yahoo to make SSL encryption the default for Webmail users. Finally,” Washington Post, http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/14/yahoo-to-make-ssl-encryption-the-default-for-webmail-users-finally.
and Microsoft: Craig Timberg, Barton Gellman, and Ashkan Soltani (26 Nov 2013), “Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic,” Washington Post, http://www.washingtonpost.com/business/technology/microsoft-suspecting-nsa-spying-to-ramp-up-efforts-to-encrypt-its-internet-traffic/2013/11/26/44236b48-56a9-11e3-8304-caf30787c0a9_story.html.
Several large e-mail providers: Some examples. Danny Yadron (3 Jun 2014), “Comcast to encrypt email for security,” Wall Street Journal, http://online.wsj.com/articles/comcast-to-encrypt-email-for-security-1401841512. Mikey Campbell (13 Jun 2014), “Apple will soon encrypt iCloud emails in transit between service providers,” Apple Insider, http://appleinsider.com/articles/14/06/13/apple-will-soon-encrypt-icloud-emails-in-transit-between-service-providers-.
Other companies are doing more: Nate Cardozo, Parker Higgins, and Kurt Opsahl (13 Mar 2014), “Update: Encrypt the web report: Who’s doing what,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what. Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data bind,” New York Times, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html.
Both iPhones and Android phones: In late 2014, Apple modified its system so everything is encrypted. Android phones had encryption capability since 2011, but Google made it the default in 2014 to match Apple. David E. Sanger and Brian X. Chen (26 Sep 2014), “Signaling post-Snowden era, new iPhone locks out NSA,” New York Times, http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html. Craig Timberg (18 Sep 2014), “Newest Androids will join iPhones in offering default encryption, blocking police,” Washington Post, http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/18/newest-androids-will-join-iphones-in-offering-default-encryption-blocking-police.
Google is now offering: Google (3 Jun 2014), “Transparency report: Protecting emails as they travel across the web,” Google Official Blog, http://googleblog.blogspot.com/2014/06/transparency-report-protecting-emails.html.
Yahoo secretly fought the NSA: Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data bind,” New York Times, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html. Craig Timberg (11 Sep 2014), “U.S. threatened massive fine to force Yahoo to release data,” Washington Post, http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html.
Twitter unsuccessfully fought: Kim Zetter (28 Aug 2012), “Twitter fights back to protect ‘Occupy Wall Street’ protester,” Wired, http://www.wired.com/2012/08/twitter-appeals-occupy-order. Tiffany Kary (14 Sep 2012), “Twitter turns over Wall Street protester posts under seal,” Bloomberg News, http://www.bloomberg.com/news/2012-09-14/twitter-turns-over-wall-street-protester-posts-under-seal.html.
Facebook is fighting a court order: Vindu Goel and James C. McKinley Jr. (26 Jun 2014), “Forced to hand over data, Facebook files appeal,” New York Times, http://www.nytimes.com/2014/06/27/technology/facebook-battles-manhattan-da-over-warrants-for-user-data.html.
none of the big e-mail providers: Amicus curiae briefs were filed by three nonprofit organizations: EFF, ACLU, and Empeopled LLC. Electronic Frontier Foundation (24 Oct 2013), “Brief of amicus curiae,” United States of America v. Under Seal 1; Under Seal 2 [Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth Circuit, https://www.eff.org/document/lavabit-amicus. American Civil Liberties Union (25 Oct 2013), “Brief of amicus curiae,” United States of America v. Under Seal 1; Under Seal 2 [Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth Circuit, https://www.aclu.org/sites/default/files/assets/stamped_lavabit_amicus.pdf. Empeopled LLC (24 Oct 2013), “Brief of amicus curiae,” United States of America v. Under Seal 1; Under Seal 2 [Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth Circuit, http://justsecurity.org/wp-content/uploads/2013/10/empeopled-lavabit-amicus.pdf.
On four occasions in the early 2000s: Rebecca MacKinnon (2006), “‘Race to the bottom’: Corporate complicity in Chinese Internet censorship,” Human Rights Watch, http://www.hrw.org/reports/2006/china0806/5.htm.
lobbying for legislative restrictions: Thomas Lee (25 May 2014), “Mind your business: Slow flex of tech’s lobbying muscle,” San Francisco Chronicle, http://www.sfgate.com/technology/article/Mind-Your-Business-Slow-flex-of-tech-s-lobbying-5504172.php. Joseph Menn (5 Jun 2014), “U.S. technology companies beef up security to thwart mass spying,” Reuters, http://www.reuters.com/article/2014/06/05/us-cybersecurity-tech-idUSKBN0EG2BN20140605. Reform Government Surveillance (2014), https://www.reformgovernmentsurveillance.com.
The EU has been trying to pass: Zack Whittaker (4 Feb 2013), “Privacy groups call on US government to stop lobbying against EU data law changes,” ZDNet, http://www.zdnet.com/privacy-groups-call-on-us-government-to-stop-lobbying-against-eu-data-law-changes-7000010721. James Fontanella-Khan (26 Jun 2013), “Brussels: Astroturfing takes root,” Financial Times, http://www.ft.com/cms/s/0/74271926-dd9f-11e2-a756-00144feab7de.html. David Meyer (12 Mar 2014), “Web firms face a strict new set of privacy rules in Europe: Here’s what to expect,” Gigaom, http://gigaom.com/2014/03/12/web-firms-face-a-strict-new-set-of-privacy-rules-in-europe-heres-what-to-expect.
a new Magna Carta: Tim Berners-Lee (Dec 2010), “Long live the Web,” Scientific American, http://www.cs.virginia.edu/~robins/Long_Live_the_Web.pdf.
that imposes responsibilities: Jemima Kiss (11 Mar 2014), “An online Magna Carta: Berners-Lee calls for bill of rights for web,” Guardian, http://www.theguardian.com/technology/2014/mar/12/online-magna-carta-berners-lee-web.
the prevailing political philosophy: Thomas Hobbes (1651), Leviathan, Printed for Andrew Crooke, http://www.gutenberg.org/files/3207/3207-h/3207-h.htm.
John Locke argued: John Locke (1690), Two Treatises of Government, Printed for Awnsham Churchill, http://books.google.com/books/?id=LqA4nQEACAAJ.
Madrid Privacy Declaration (2009): The Public Voice (3 Nov 2009), “The Madrid Privacy Declaration,” International Conference of Data Protection and Privacy Commissioners, Madrid, Spain, http://privacyconference2011.org/htmls/adoptedResolutions/2009_Madrid/2009_M1.2.pdf.
Rebecca MacKinnon makes this point: Rebecca MacKinnon (2012), Consent of the Networked: The Worldwide Struggle for Internet Freedom, Basic Books, http://www.owlasylum.net/owl_underground/social/ConsentoftheNetworked.pdf.
15: Solutions for the Rest of Us
Law professor Eben Moglen wrote: Eben Moglen (27 May 2014), “Privacy under attack: The NSA files revealed new threats to democracy,” Guardian, http://www.theguardian.com/technology/2014/may/27/-sp-privacy-under-attack-nsa-files-revealed-new-threats-democracy.
I’m going to break them down: Sociologist Gary Marx cataloged 11 different ways people resist surveillance; I’m going to be drawing on his taxonomy in this section. Gary T. Marx (May 2003), “A tack in the shoe: Neutralizing and resisting the new surveillance,” Journal of Social Issues 59, http://web.mit.edu/gtmarx/www/tack.html.
Privacy enhancing technologies: R. Jason Cronk (25 Nov 2013), “Thoughts on the term ‘privacy enhancing technologies,’” Privacy Maverick, http://privacymaverick.com/2013/11/25/thoughts-on-the-term-privacy-enhancing-technologies.
Privacy Badger: Jon Brodkin (2 May 2014), “EFF ‘Privacy Badger’ plugin aimed at forcing websites to stop tracking users,” Ars Technica, http://arstechnica.com/information-technology/2014/05/eff-privacy-badger-plugin-aimed-at-forcing-websites-to-stop-tracking-users.
and others: Electronic P
rivacy Information Center (2014), “EPIC online guide to practical privacy tools,” http://epic.org/privacy/tools.html.
Remember that the private browsing: Sara M. Watson (24 Sep 2014), “Ask the Decoder: How private is private browsing, really?” Al Jazeera, http://america.aljazeera.com/articles/2014/9/24/private-browsing.html.
Microsoft’s BitLocker: Microsoft Corporation (21 Aug 2013), “BitLocker overview,” http://technet.microsoft.com/en-us/library/hh831713.aspx.
Apple’s FileVault: Apple Corporation (Aug 2012), “Best practices for deploying FileVault 2,” http://training.apple.com/pdf/WP_FileVault2.pdf.
I recommended TrueCrypt: James Lyne (29 May 2014), “Open source crypto TrueCrypt disappears with suspicious cloud of mystery,” Forbes, http://www.forbes.com/sites/jameslyne/2014/05/29/open-source-crypto-truecrypt-disappears-with-suspicious-cloud-of-mystery.
a chat encryption program: Nikita Borisov, Ian Goldberg, and Eric Brewer (28 Oct 2004), “Off-the-record communication, or, Why not to use PGP,” ACM Workshop on Privacy in the Electronic Society (WPES’04), Washington, D.C., https://otr.cypherpunks.ca/otr-wpes.pdf.
Google is now offering encrypted e-mail: Stephan Somogyi (3 Jun 2014), “Making end-to-end encryption easier to use,” Google Online Security Blog, http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html.
TLS—formerly SSL—is a protocol: Tim Dierks and Eric Rescorla (17 Apr 2014), “The Transport Layer Security (TLS) Protocol Version 1.3,” Internet Engineering Task Force Trust, Network Working Group, http://tools.ietf.org/html/draft-ietf-tls-rfc5246-bis-00.
You can make sure it’s always on: Electronic Frontier Foundation (2014), “HTTPS Everywhere,” https://www.eff.org/Https-everywhere.
go on the Internet to find out: Here’s a good guide. Electronic Privacy Information Center (2014), “EPIC online guide to practical privacy tools,” http://epic.org/privacy/tools.html.
very annoying to use: Peter Bright and Dan Goodin (14 Jun 2013), “Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away?” Ars Technica, http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away.
The standards bodies that run the Internet: Here’s the Internet Engineering Task Force’s statement on security and pervasive monitoring. Jari Arkko and Stephen Farrell (7 Sep 2014), “Security and pervasive monitoring,” Internet Engineering Task Force, https://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring.
various proxies can be used: Mirimir (2014), “Advanced privacy and anonymity using VMs, VPN’s, Tor, etc,” IVPN, https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-1.
The program Onionshare: Andy Greenberg (21 May 2014), “Free app lets the next Snowden send big files securely and anonymously,” Wired, http://www.wired.com/2014/05/onionshare.
cell phones in a refrigerator: Most modern refrigerators are not metal boxes, and don’t make good Faraday cages. Check the details of your model before trying this yourself.
hire someone to walk behind your car: John Farrier (16 Apr 2014), “What is a job that exists only in your country?” Neatorama, http://www.neatorama.com/2014/04/16/What-Is-a-Job-That-Exists-Only-in-Your-Country.
face paint to fool facial recognition: Robinson Meyer (24 Jul 2014), “Anti-surveillance camouflage for your face,” Atlantic, http://www.theatlantic.com/features/archive/2014/07/makeup/374929. Joseph Cox (14 Sep 2014), “The rise of the anti-facial recognition movement,” Kernel, http://kernelmag.dailydot.com/issue-sections/features-issue-sections/10247/anti-facial-recognition-movement.
special clothing to confuse drones: Adam Harvey (2013), “Stealth wear,” AH Projects, http://ahprojects.com/projects/stealth-wear.
there are lots of tricks: A good list of techniques is here. Finn Brunton and Helen Nissenbaum (2 May 2011), “Vernacular resistance to data collection and analysis: A political theory of obfuscation,” First Monday 15, http://firstmonday.org/article/view/3493/2955.
puts rocks in his shoes: That trick also appears in Robert A. Heinlein’s Double Star. Robert A. Heinlein (1956), Double Star, Doubleday, http://books.google.com/books?id=bnoGAQAAIAAJ.
your kids do it all the time: danah boyd et al. (7 Nov 2011), “Why parents help their children lie to Facebook about age: Unintended consequences of the ‘Children’s Online Privacy Protection Act,’” First Monday 16, http://firstmonday.org/ojs/index.php/fm/article/view/3850/3075.
that was socially awkward: Overcoming this awkwardness is important. There’s a story where a customer refused to give Comcast a reason why he was disconnecting. At first, it seems rude. But when you think about it, Comcast is not entitled to this information. Xeni Jardin (14 Jul 2014), “Listen to Comcast torture Ryan Block and Veronica Belmont as they try to cancel service,” Boing Boing, http://boingboing.net/2014/07/14/listen-to-comcast-torture-ryan.html.
You’ll find your own sweet spot: Julia Angwin wrote an excellent account of her year-long quest to evade surveillance in the Internet age. Julia Angwin (2014), Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, Times Books, http://books.google.com/books?id=bbS6AQAAQBAJ.
Geopolitical conflicts aren’t going away: Stewart Baker makes this point. Stewart A. Baker (29 Oct 2013), “Potential amendments to the Foreign Intelligence Surveillance Act,” Testimony before the Permanent Select Committee on Intelligence of the United States House of Representatives, http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Baker10292013.pdf.
NSA director General Keith Alexander said: David E. Sanger (13 Aug 2013), “NSA leaks make plan for cyberdefense unlikely,” New York Times, http://www.nytimes.com/2013/08/13/us/nsa-leaks-make-plan-for-cyberdefense-unlikely.html.
You’re going to be affected: DLA Piper (7 Mar 2013), “Data protection laws of the world,” DLA Piper, http://files.dlapiper.com/files/Uploads/Documents/Data_Protection_Laws_of_the_World_2013.pdf.
because Microsoft is a US company: In 2014, Microsoft unsuccessfully challenged a US demand for data stored solely in Ireland. The court demanded that the company turn it over to the US government. The decision is currently stayed while it is being appealed. Joseph Ax (31 Jul 2014), “U.S. judge orders Microsoft to submit customer’s emails from abroad,” Reuters, http://www.reuters.com/article/2014/07/31/usa-tech-warrants-idUSL2N0Q61WN20140731.
The UK wants similar access: Guardian (19 Sep 2014), “Former UK ambassador to the United States given data-access role,” Guardian, http://www.theguardian.com/technology/2014/sep/19/sir-nigel-shienwald-data-access-role-david-cameron.
Apple’s business model protects: Rich Mogull (25 Jun 2014), “Why Apple really cares about your privacy,” Macworld, http://www.macworld.com/article/2366921/why-apple-really-cares-about-your-privacy.html. Charles Arthur (18 Sep 2014), “Apple’s Tim Cook attacks Google and Facebook over privacy flaws,” Guardian, http://www.theguardian.com/technology/2014/sep/18/apple-tim-cook-google-facebook-privacy-surveillance.
Do you trust a company: European countries allow for far more permissive government access than the US does. Cyrus Farivar (13 Oct 2013), “Europe won’t save you: Why e-mail is probably safer in the US,” Ars Technica, http://arstechnica.com/tech-policy/2013/10/europe-wont-save-you-why-e-mail-is-probably-safer-in-the-us.
European Court of Justice struck down: James Kanter (8 Apr 2014), “European court rejects data retention rules, citing privacy,” New York Times, http://www.nytimes.com/2014/04/09/business/international/european-court-rejects-data-retention-rules-citing-privacy.html.
the UK government rushed through: David Meyer (17 Jul 2014), “The UK’s ‘emergency’ DRIP surveillance law is now a done deal,” Gigaom, http://gigaom.com/2014/07/17/the-uks-emergency-drip-surveillance-law-is-now-a-done-deal.
It was an ugly political railroad job: Ray Corrigan (11 Jul 2014), “Mass surveillance and scared politicians,” B2fxxx, http://b2fxxx.blogspot.com/2014/07/mass-surveillance-and-scared-politicians.htm
l.
sites that identify surveillance cameras: No CCTV, http://www.no-cctv.org.uk/camera_locations/default.asp. The CCTV Treasure Hunt, http://cctvtreasurehunt.wordpress.com. NYC Surveillance Camera Project, http://www.mediaeater.com/cameras.
South Korean teachers objecting: Christian (24 Jun 2004), “After the Saturday large demonstration against NEIS South Korean government shows how it understand the democracy,” Jinbo, http://act.jinbo.net/drupal/node/5819. Seoyong Kim and Sunhee Kim (Oct 2004), “The conflict over the use of information technology in South Korean schools,” Innovation 17, http://ajou.ac.kr/~seoyong/paper/Seoyong%20Kim-2004-The%20Conflict%20Over%20the%20Use%20of%20Information%20Technology.pdf.
German consumers opposing: IBM Corporation (16 Dec 2004), “METRO Group’s Future Store takes German public by storm—thanks to wireless technology,” ftp://ftp.software.ibm.com/software/solutions/pdfs/10704035_Metro_cs_1b.pdf. Kim Zetter (28 Feb 2004), “Germans protest radio-ID plans,” Wired, http://archive.wired.com/techbiz/media/news/2004/02/62472. Jan Libbenga (1 Mar 2004), “German revolt against RFID,” Register, http://www.theregister.co.uk/2004/03/01/german_revolt_against_rfid.
Facebook users objecting: K. C. Jones (17 Feb 2009), “Facebook’s terms of use draw protest,” Information Week, http://www.informationweek.com/software/social/facebooks-terms-of-use-draw-protest/d/d-id/1076697. Bobbie Johnson and Afua Hirsch (18 Feb 2009), “Facebook backtracks after online privacy protest,” Guardian, http://www.theguardian.com/technology/2009/feb/19/facebook-personal-data.
US airline travelers objecting to: Ashley Halsey III and Derek Kravitz (25 Nov 2010), “Protests of TSA airport pat-downs, body scanners don’t delay Thanksgiving travel,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2010/11/24/AR2010112406989.html. Jason Keyser (25 Oct 2012), “TSA quietly removing some full body scanners,” Associated Press, http://bigstory.ap.org/article/government-replaces-body-scanners-some-airports-0.
Data and Goliath Page 47