Reddit AMA about Digital Privacy with Jennifer Valentino-DeVries
- Jennifer Valentino-Devries: I think it's important to consider something called a "threat model." In other words, you need to determine what kind of surveillance worries you, and what type of surveillance you're most likely to see. For many people, this will just mean that they want to make sure tracking companies don't have information about them that could be used to influence the deals and offers they get. THAT mostly requires deleting cookies and using tools like Disconnect and Ghostery.
Other people might want to protect their Web browsing further and really be anonymized as much as possible. That requires something called Tor.
Then beyond that, you can use encryption. I find that a great introductory encryption tool is something called CryptoCat. That allows you to conduct encrypted chats and have cat emoticons. This is a good way to ease yourself into understanding that you can, indeed, use this sort of thing.
Beyond even that, you can check out Adium and Pidgin and something called OTR (off the record) chat. There is an IM server, jabber.ccc.de, that is quite good about not logging, etc. A hacker called The Grugq, who is good at this stuff, recommends using Pidgin and OTR over Tor and creating multiple jabber.ccc.de addresses. He also recommends CryptoCat used over Tor.
And you can use PGP or GPG encryption for email and other things. I wrote up some instructions on it on my personal blog, but it's a little out-of-date. Could be helpful, though.
But all that said, if you are really in danger, be careful about relying on any of these things. There was a huge brouhaha over
CryptoCat, for example, and whether it was safe enough for dissidents to use. The creators of that really do warn people whose lives are in danger, for example during the Arab Spring, that they should be careful about anything.
If someone is really after you, well, that's probably beyond a Reddit thread.
But anyway, that gives you an idea of threat modeling and the depths to which you can go.
JVD: One of my favorite questions!
One response is that you might have more to hide than you think, and you might not even know right now that it's something you want to hide. Right now, people tend to talk about surveillance as a terrorism-fighting tool. So often, the public supports it, because nobody wants terrorist attacks except the terrorists. I don't want bombs going off either.
But what if the surveillance turns to target ... say ... people with Communist leanings? Or people of some other political persuasion deemed to be dangerous. We did have that whole "Red Scare" thing.
One of my colleagues, Geoff Fowler, wrote a story about some students who joined a LGBT choir at college. The choir administrator signed them up for the Facebook group, and a notice went out to their families without their approval. It created a terrible situation for them. So ... did they have something to hide? Yes and no.
Another response is that, well, this could be exactly what the framers of our Constitution had in mind when they included the Fourth Amendment.
The Fourth Amendment was intended to address things called "general warrants," in which law enforcement could just go through people's houses looking for contraband. Of course, if you were innocent and had nothing to hide, maybe it was just an inconvenience.
But is that really the society you want to live in? Certainly earlier in our history, important people didn't think so.
- JVD: One of the most important factors is transparency. Good technology education and advice also are important.
It's key for judges who are making these decisions to know what technology they are really dealing with. Secrecy for law enforcement is understandable and important in many respects. Certainly I wouldn't want anyone to be put in danger by disclosing, say, confidential sources and the like.
But judges and lawmakers need to have staff who understand this technology and what it can do. There's a magistrate judge in Texas who has written opinions on "cell tower dumps" and other surveillance technology, stating that he doesn't think judges are receiving adequate information about the technological tools to truly make good decisions.
So I'd say transparency is the first step.
(I hope I understood your question properly. There were a couple ways to read it.)
JVD: I might end up giving this answer a lot. But I think transparency is the key first step.
We can't, as a society, decide if we agree with something if we don't even know what that "something" is.
A couple senators on the Intelligence committee have been saying for some time, rather loudly, that there is a "secret interpretation of the law" that should worry us all. Turns out that secret legal interpretation is what allows this massive gathering of phone record information and so forth.
Those senators had been asking to have the legal reasoning be declassified, but they weren't able to effect that change.
To me, if you can't even declassify the way our own laws are being interpreted, that's a huge question for our system. That's not about protecting troop movements or activities. It's about whether we as citizens get to know what the law says.
- How clear of a picture of your life can organizations build using data that is readily available? More specifically, how much can the government surveillance complex learn about your political associations without violating the letter of the law? Most people I have encountered seem to think that "meta-data" collection is harmless and we shouldn't be concerned because it's nothing new.
JVD: Metadata can provide a very clear picture of your life.
For example, if you're a woman and you call your doctor, then your boyfriend, then a women's clinic that provides abortions, it might be clear what is going on, even if you never listen to a conversation.
In addition, people don't seem to realize how much location information is involved in metadata, now that we are all carrying cellphones.
Check out this interactive map from a German politician who got six months of his phone metadata records. You can see him at specific parties, and walking along streets, to the block level. We're not always talking accuracy of miles anymore. With femtocells in large cities, you can get accurate to a floor or two of a building.
The cleverest post I've seen on this is called "Using Metadata to Find Paul Revere".
That said, the NSA and others say that to look at you in the first place, there needs to be some kind of reason to suspect you. That could have to do with your associations, for instance.
Depending on what population you're in, your associations could leave you open to having your records viewed. Suppose someone suspected of terrorism activity in another country has family in the U.S. and calls them regularly. Then suppose some of those people call others in their neighborhood, and you call them every Tuesday because you want to order some nice ethnic food. These contact chains can sweep up people pretty quickly.
But we don't know for sure what those rules actually are. Again, secrecy here is leaving people concerned.
JVD: (1) People should be aware that their digital tools give off a lot more information than they might think. It's especially important to mention location data here. Location, location, location.
(2) The government is able to access or take much of this information, following certain laws. The key thing here is to tell people about the "third party doctrine," which means that data about who you call, where you go, what you buy, and more can be accessed by the government without a warrant. That's because you've already shared it with a "third party," generally technology companies.
(3) Finally, I'd talk about the secrecy surrounding these procedures and laws. We just don't know exactly what the government can take, what it gets and when it can actually use it in investigations. People might not understand technology or legal issues, but they can generally understand that making the law itself a secret is a little disconcerting.
Did you find this story interesting? Be the first to like or comment.