Lessons Learned From Don’t Spy On Us: Your Guide To Internet Privacy
With 500 attendees and some big names from the data privacy and human rights fields, the Don’t Spy on Us Day of Action was a fascinating afternoon of discussion, debate, and practical advice on how to keep our personal data private from snooping governments. I learned a lot, and I’ve condensed the most important parts of what I’ve learned into five main points.
I’ve also included five things you can do right now to make a difference, both for yourself and for other internet users.
1. Online Privacy Isn’t Just About Protecting Our Data
While keeping our personal data private online is important, the Don’t Spy On Us campaign and others like it emphasize the bigger picture. The speakers didn’t include just security experts; there were a number of human rights advocates and important figures from the press, and discussion ranged from governmental privilege and judicial oversight to the nature of democracy, international cooperation, self-determination, and social relations.
Bruce Schneier (@schneierblog), a security and cryptography expert that we’ve interviewed before , discussed our right to have control over our public face and the people who see it (for example, you can act differently around your family and your friends). But being constantly surveilled violates that right, because you no longer have any control over which information is being shared or who has access to it.
As Carly Nyst (@carlynyst) pointed out, privacy is the ability to choose who has your information and what they do with it. Mass surveillance is dependent on neither of these things being possible.
There was also a great deal of discussion about governmental transparency in surveillance programs, and a number of experts emphasized the need for judicial oversight of the digital intelligence community. At the moment, most of the oversight is political, and oversight committees often include former intelligence officials.
Of course, the government isn’t the only group that’s to blame; Cory Doctorow (@doctorow) pointed out that companies are doing a lot of spying on behalf of the government by turning over vast amounts of data (the recent Vodafone law enforcement disclosure report provides evidence for this).
Jimmy Wales (@jimmy_wales) discussed how he and his friends had e-mail discussions when they were teens to explore their politics and views, which sometimes ranged into the radical. Could they have been identified as extremists and targeted for further surveillance? What else might a paranoid government do if they felt that discussions like these were a threat? If people are afraid of punishment for sharing their opinions because of government monitoring, the argument goes, the right of free speech has been violated.
“Privacy is the ability to choose who has your information and what they do with it.”
As you can see, there’s a huge variety of issues that all tie into online privacy—and this is just a small sample.
2. Privacy Is An International Issue
While this event focused on information privacy and security in the UK (and, to a lesser degree, in the US), it quickly became clear that it needs to be addressed on an international level. Caspar Bowden (@CasparBowden), a privacy expert and former chief privacy advisor at Microsoft, repeatedly pointed out that the American government uses different standards when surveilling American citizens and foreigners or immigrants, and made the claim that this was a violation of the European Human Right Convention.
And with the NSA’s cooperation with GCHQ, it’s clear that countries are willing to share information and, effectively, gather masses of data on behalf of other countries, further convoluting the oversight issue. Carly Nyst pointed out that agreements between governments on intelligence-gathering tactics are often completely shrouded in secrecy, making any sort of oversight difficult, if not impossible.
It’s easy to focus on what’s happening wherever you are, but it’s important to take an international perspective and make your voice heard in many places around the world.
3. Economics Is Our Best Bet For Making A Difference
One of the most common themes of the day was what we can do to take a stand against mass surveillance, and there were generally two points made: first, that the most important action that we can take as concerned citizens is political. Second, in the words of Bruce Schneier, “the NSA is subject to the laws of economics.”
Earlier in the day, Cory Doctorow stated that it costs less than a penny to add someone to the NSA’s or GCHQ’s monitoring lists—at the moment, it’s more economically feasible for these agencies to collect data on everyone because it’s so easy. And while political statements are extremely important, we can also fight back on the economic front by making it more difficult, and thus more expensive, to put millions of people on watch.
Even if it costs a few pennies to add someone to a surveillance list, that’s going to make a huge difference in the long run. And when it becomes expensive enough, it will become more economically efficient for governments to only surveil people who are under suspicion of committing a crime.
“The NSA is subject to the laws of economics.”
So how do we make it more expensive? In short, encryption (keep reading to find out which encryption tools were recommended at the hands-on session of the afternoon). By encrypting our traffic and communication online, we make it much more difficult for intelligence agencies to monitor what we’re doing. Of course, no encryption protocol is perfect; eventually, encryption can be broken. But going through that effort costs a lot more than simply adding an IP address to a list. And when it becomes more economically efficient to monitor only people who are under suspicion of nefarious activities, mass surveillance will stop.
4. DRM And Copyright Laws Are Big Issues
One of Doctorow’s primary areas of advocacy centers around digital rights management (DRM) and copyright law. DRM allows companies to manage how users access their software; for example, the DRM on a Kindle book prevents you from opening it on someone else’s Kindle. The DRM on Netflix prevents you from streaming video unless you have the proper access codes on your computer. And Firefox now packs DRM from Adobe, meaning Adobe has gained some measure of control over how you use your browser.
So why is DRM such a big deal? Because it makes security research and testing much more difficult, and often illegal. Even when security flaws are found, people can be nervous about reporting them, meaning that known security risks could go unreported. In addition to this, DRM functions by giving some control of your computer over to the rights holder; and if someone can impersonate the rights holder, they now have some of that control.
“It should no longer be acceptable for our devices to betray us.”
—Dr. Richard Tynan (@richietynan)
Fighting against DRM is a great way to show that this betrayal isn’t acceptable, and to show that consumers are willing to take action to take back control of their devices.
As I was preparing this article, Chris Hoffman’s great piece Is DRM a Threat to Computer Security? was published. Go check it out for a great explanation of DRM and the trouble it causes.
5. “Nothing To Hide, Nothing To Fear” Is Still A Common Argument
“If you have nothing to hide, you have nothing to fear” is a very common line when discussing privacy issues, both from the people who support the programs and those who don’t fully understand them. It might sound like a reasonable argument. But upon reflection, it’s just not true.
Adam D. Moore sums it up nicely in three points in Privacy Rights: Moral and Legal Foundations: first, if we have a right to privacy, then “nothing to hide, nothing to fear” is irrelevant. When we lose control of who has access to our information and what they do with it, our rights are being violated, and that’s never a good thing.
Second, even if people aren’t engaging in illegal activities, they may be taking part in activities or hold beliefs that aren’t accepted by the dominant culture in which they live—whether they hold a different religion than the majority one, hold radical political beliefs, or practice any sort of alternative lifestyle—and want to hide them. If someone’s interest in Marxism, polygamy, or Islam was leaked to the public, they could face character defamation. This is especially of concern when there’s no telling who will come into power next—reading about Sikhism at the library isn’t a crime today, but what if it is tomorrow? And you’re on record as having done it?
And, finally, if having nothing to hide means having nothing to fear, then why are politicians and intelligence agencies so averse to total transparency for their agencies? Bruce Schneier framed this argument as a power imbalance: privacy increases power, while transparency reduces it. By violating citizens’ right to privacy and refusing to be transparent, government agencies are increasing the power imbalance between citizens and their government.
As discussed above, privacy is a much more complicated issue than just keeping one’s activities a secret: it relates to human rights on a broad scale. And the “nothing to hide, nothing to fear” argument is inadequate for addressing the complex issues that are at stake in the mass surveillance battle.
What Can You Do?
In addition to a large amount of political discussion, attendees of the Don’t Spy On Us event received some really useful pieces of advice, both on how to protect themselves from snooping and on how to make a difference in the fight against uninhibited mass surveillance.
1. Show your support.
This is absolutely crucial. Sign up with the organizations listed below, get your name on petitions, and speak out. Follow privacy advocates on Twitter (I’ve tried to link to as many as possible throughout this article), post their articles on Facebook, and tell your friends and family about the important issues at stake. Concerted action by the internet denizens stopped SOPA and PIPA (remember the Wikipedia blackout?).
We can stop PRISM and TEMPORA, too. There are a lot of people out there working to defend our right to privacy, but they need as much help as they can get.
- Open Rights Group
- Big Brother Watch
- Privacy International
- Article 19
- Don’t Spy On Us
- Electronic Frontier Foundation
“This will only stop politically. This is a political issue.”
There are a lot of others out there—leave your suggestions in the comments! And don’t forget to take every chance you can to show your congressional or parliamentary representatives that you care about your privacy and that mass violations and infringements on our rights, both from governments and private companies, are unacceptable.
2. Use encryption tools.
There’s a wealth of knowledge on MakeUseOf about how to use encryption to improve your security. If you’re looking to started with encryption, I recommend checking out How the Tor Project Can Help You Protect Your Online Privacy , Encrypt Your Gmail, Hotmail, and Other Webmail: Here’s How , and 5 Ways to Securely Encrypt Your Files in the Cloud . And if you’re still not convinced that you need to use encryption, don’t miss Not Just for Paranoids: 4 Reasons to Encrypt Your Digital Life .
And there are tons more. Just run a search from the menu bar and you’ll find what you’re looking for. You can also check out this great handout from the Day of Action, courtesy of The Occupied Times (click to download the PDF):
3. Throw a cryptoparty.
As I mentioned earlier, the more people that are using encryption, the more secure we’re going to be. Once we reach a critical mass, surveillance will need to become more targeted to be cost-effective. And one of the best ways to share the importance of encryption, as well as make it easy for people to start using the proper tools, is to throw a cryptoparty.
There’s an official group that runs big parties around the world, but you don’t need to go that big. Just throw your own cryptoparty! Have your friends over, tell them to bring their devices, and help them install encryption tools. That’s all there is to it! To make it more fun, don’t make crypto the focus of the party, but just do it in the background (or during half-time of a World Cup game, maybe). Install things like HTTPS Everywhere, OTR-compatible IM tools, PGP e-mail tools, and secure messaging apps.
If people are interested in heavier-duty things, like encrypting their hard drives or cloud storage, help them out with that, too. But don’t pressure anyone into anything—the point of a cryptoparty is to have fun and improve privacy and security. In that order.
4. Stay up to date.
Read news about privacy regularly—following the people I’ve linked to on Twitter will help a lot, but make sure to subscribe blogs like Cory Doctorow’s Craphound blog, The Privacy Blog, and Privacy International’s blog, too. Again, please share your favorites in the comments!
It’s also a good idea to stay up to date on general tech news, because that’s often the best place to find out about any new vulnerabilities (such as when our own Tech News Digest reported on the mysterious disappearance of TrueCrypt .)
5. Support open-source tools.
While there are certainly closed-source tools that will help you protect your privacy, point #4 above makes it easy to see why open-source software is likely to be more secure. If a program is DRM- and copyright-protected, there are parts of it that are invisible to you, which means no one can be looking for bugs or even intentional security holes. When you can, use open-source alternatives to popular software . It shows companies that transparency is valued by consumers.
And don’t just use the software: contribute to open-source projects , too!
Fight Back, Encrypt, Share
Online privacy and mass surveillance are very complicated issues, which is why there are entire organizations dedicated to educating the public about fighting back. It might feel hopeless at times, or like it’s not worth doing, but the fight back against the mass infringement on our rights is worth the time and effort. Encrypting your browsing or your e-mail doesn’t take much, but if even 30% of people did it, we’d make a huge statement that would be impossible to ignore.
Please share this article, and get more people thinking about their online rights and privacy. And fill up the comments section with links for others to learn more, sign petitions, get involved, and make a difference.
It’s going to take a lot of cooperation to do this, so let’s start right here!
Image credits: Alec Perkins via The Day We Fight Back, Mohamed Nanabhay via Flickr, Electronic Frontier Foundation via Flickr, Wüstling via Wikimedia Commons, TaxCredits.net via Flickr, YayAdrian via Flickr, Paterm via Wikimedia Commons, Electronic Frontier Foundation via Flickr, Per-Olof Forsberg via Flickr, CryptoParty via Wikimedia Commons, Andrew via Flickr.