Authors: Bruce Schneier
The idea is that a new Magna Carta, one more focused on the institutions that abuse
power in the 21st century, will do something similar. A few documents come close.
The Madrid Privacy Declaration, signed by about 100 organizations in 2009, is still
the most robust articulation of privacy rights in the modern age.
S
urveillance is both a technological and a legal problem. Technological solutions are
often available to the user. We can use various privacy and anonymity technologies
to protect our data and identities. These are effective, but can be thwarted by secret
government orders. We need to fight the political battle as well.
Political solutions require group effort, but are generally limited to specific countries.
Technological solutions have the potential to be global. If Microsoft designs its
Windows operating system with ubiquitous file encryption, or if the Internet Engineering
Task Force decides that all Internet traffic will be encrypted by default, then those
changes will affect everyone in the world who uses those products and protocols.
The point is that politics can undermine technology, and also that technology can
undermine politics. Neither trumps the other. If we are going to fix things, we need
to fight on both the technological and the political fronts. And it’s not just up
to governments and corporations. We the people have a lot of work to do here.
DEFEND AGAINST SURVEILLANCE
Law professor Eben Moglen wrote, “If we are not doing anything wrong, then we have
a right to do everything we can to maintain the traditional balance between us and
power that is listening. We have a right to be obscure. We have a right to mumble.
We have a right to speak languages they do not get. We have a right to meet when and
where and how we please.” If a policeman sits down within earshot, it’s within your
rights to move your conversation someplace else. If the FBI parks a van bristling
with cameras outside your house, you are perfectly justified in closing your blinds.
Likewise, there are many ways we personally can protect our data and defend ourselves
against surveillance. I’m going to break them down into categories.
Avoid Surveillance.
You can alter your behavior to avoid surveillance. You can pay for things in cash
instead of using a credit card, or deliberately alter your driving route to avoid
traffic cameras. You can refrain from creating Facebook pages for your children, and
tagging photos of them online. You can refrain from using Google Calendar, or webmail,
or cloud backup. You can use DuckDuckGo for Internet searches. You can leave your
cell phone at home: an easy, if inconvenient, way to avoid being tracked. More pointedly,
you can leave your computer and cell phone at home when you travel to countries like
China and Russia, and only use loaner equipment.
You can avoid activating automatic surveillance systems by deliberately not tripping
their detection algorithms. For example, you can keep your cash transactions under
the threshold over which financial institutions must report the transaction to the
feds. You can decline to discuss certain topics in e-mail. In China, where automatic
surveillance is common, people sometimes write messages on paper, then send photographs
of those messages over the Internet. It won’t help at all against targeted surveillance,
but it’s much harder for automatic systems to monitor. Steganography—hiding messages
in otherwise innocuous image files—is a similar technique.
Block Surveillance.
This is the most important thing we can do to defend ourselves. The NSA might have
a larger budget than the rest of the world’s national intelligence agencies combined,
but it’s not made of magic.
Neither are any of the world’s other national intelligence agencies. Effective defense
leverages economics, physics, and math. While the national security agencies of the
large powerful countries are going to be able to defeat anything you can do if they
want to target you personally, mass surveillance relies on easy access to our data.
Good defense will force those who want to surveil us to choose their targets, and
they simply don’t have the resources to target everyone.
Privacy enhancing technologies, or PETs, can help you block mass surveillance. Lots
of technologies are available to protect your data. For example, there are easy-to-use
plug-ins for browsers that monitor and block sites that track you as you wander the
Internet: Lightbeam, Privacy Badger, Disconnect, Ghostery, FlashBlock, and others.
Remember that the private browsing option on your browser only deletes data locally.
So while it’s useful for hiding your porn viewing habits from your spouse, it doesn’t
block Internet tracking.
The most important PET is encryption. Encrypting your hard drive with Microsoft’s
BitLocker or Apple’s FileVault is trivially easy and completely transparent. (Last
year, I recommended TrueCrypt, but the developers stopped maintaining the program
in 2014 under mysterious circumstances, and no one knows what to think about it.)
You can use a chat encryption program like Off the Record, which is user-friendly
and secure. Cryptocat is also worth looking at. If you use cloud storage, choose a
company that provides encryption. I like Spideroak, but there are others. There are
encryption programs for Internet voice: Silent Circle, TORFone, RedPhone, Blackphone.
Try to use an e-mail encryption plug-in like PGP. Google is now offering encrypted
e-mail for its users. You’ll lose some search and organization functionality, but
the increased privacy might be worth it.
TLS—formerly SSL—is a protocol that encrypts some of your web browsing. It’s what
happens automatically, in the background, when you see “https” at the beginning of
a URL instead of “http.” Many websites offer this as an option, but not as a default.
You can make sure it’s always on wherever possible by running a browser plug-in called
HTTPS Everywhere.
This is not meant to be a comprehensive list. That would take its own book, and it
would be obsolete within months. Technology is always changing; go on the Internet
to find out what’s being recommended.
I’m not going to lead you on; many PETs will be beyond the capabilities of the average
reader of this book. PGP e-mail encryption, especially, is very annoying to use. The
most effective encryption tools are the ones that run in the background even when
you’re not aware of them, like HTTPS Everywhere and hard-drive encryption programs.
In Chapter 14, I discussed some things companies are doing to secure the data of their
users. Much more is going on behind the scenes. The standards bodies that run the
Internet are sufficiently incensed at government surveillance that they’re working
to make encryption more ubiquitous online. Hopefully there will be more options by
the time this book is published.
Also remember that there’s a lot that encryption can’t protect. Google encrypts your
connection to Gmail by default, and encrypts your mail as it sits on its servers and
flows around its network. But Google processes your mail, so it has a copy of the
keys. The same is true for anything you send to any social networking site.
Most metadata can’t be encrypted. So while you can encrypt the contents of your e-mail,
the To and From lines need to be unencrypted so the e-mail system can deliver messages.
Similarly, your cell phone can encrypt your voice conversations, but the phone numbers
you dial, the location of your phone, and your phone’s ID number all need to be unencrypted.
And while you can encrypt your credit card data when you send it over the Internet
to an online retailer, that company needs your name and address so it can mail your
purchases to you.
And finally, encryption doesn’t protect your computer while in use. You can still
be hacked, either by criminals or governments. But, again, this is likely to be targeted
surveillance rather than mass. All this means that while encryption is an important
part of the solution, it’s not the whole of it.
The current best tool to protect your anonymity when browsing the web is Tor. It’s
pretty easy to use and, as far as we know, it’s secure. Similarly, various proxies
can be used to evade surveillance and censorship. The program Onionshare anonymously
sends files over the Internet using Tor. Against some adversaries, web proxies are
adequate anonymity tools.
There are more low-tech things you can do to block surveillance. You can turn location
services off on your smartphone when you don’t need it, and try to make informed decisions
about which apps may access your location and
other data. You can refrain from posting identifying details on public sites. When
Snowden first met journalists in Hong Kong, he made them all put their cell phones
in a refrigerator to block all signals to and from the devices, so they couldn’t be
remotely turned into listening devices.
Sometimes surveillance blocking is remarkably simple. A sticker placed over a computer’s
camera can prevent someone who controls it remotely from taking pictures of you. You
can leave the return address off an envelope to limit what data the post office can
collect. You can hire someone to walk behind your car to obscure your license plate
from automatic scanners, as people do in Tehran. Sometimes it is as easy as saying
“no”: refusing to divulge personal information on forms when asked, not giving your
phone number to a sales clerk at a store, and so on.
Some sorts of blocking behaviors are illegal: you’re not allowed to actually cover
your car’s license plate. Others are socially discouraged, like walking around town
wearing a mask. And still others will get you funny looks, like wearing face paint
to fool facial recognition cameras or special clothing to confuse drones.
Distort Surveillance
.
I have my browser configured to delete my cookies every time I close it, which I
do multiple times a day. I am still being surveilled, but now it’s much harder to
tie all those small surveillances back to me and ads don’t follow me around. When
I shop at Safeway, I use a friend’s frequent shopper number. That ends up distorting
the store’s surveillance of her.
Sometimes this is called obfuscation, and there are lots of tricks, once you start
thinking about it. You can swap retailer affinity cards with your friends and neighbors.
You can dress in drag. In Cory Doctorow’s 2008 book,
Little Brother
, the lead character puts rocks in his shoes to alter the way he walks, to fool gait
recognition systems.
There is also safety in numbers. As long as there are places in the world where PETs
keep people alive, the more we use them, the more secure they are. It’s like envelopes.
If everyone used postcards by default, the few who used envelopes would be suspect.
Since almost everyone uses envelopes, those who really need the privacy of an envelope
don’t stand out. This is especially true for an anonymity service like Tor, which
relies on many people using it to obscure the identities of everyone.
You can also, and I know someone who does this, search for random names on Facebook
to confuse it about whom you really know. At best, this is a partial solution; data
analysis is a signal-to-noise problem, and adding random noise makes the analysis
harder.
You can give false information on web forms or when asked. (Your kids do it all the
time.) For years, well before consumer tracking became the norm, Radio Shack stores
would routinely ask their customers for their addresses and phone numbers. For a while
I just refused, but that was socially awkward. Instead, I got in the habit of replying
with “9800 Savage Road, Columbia, MD, 20755”: the address of the NSA. When I told
this story to a colleague some years ago, he said that he always gave out the address
“1600 Pennsylvania Avenue, Washington, DC.” He insisted that no one recognized it.
You can also get a credit card in another name. There’s nothing shady about it, just
ask your credit card company for a second card in another name tied to your account.
As long as the merchant doesn’t ask for ID, you can use it.
Deception can be extremely powerful if used sparingly. I remember a story about a
group of activists in Morocco. Those who didn’t carry cell phones were tracked physically
by the secret police and occasionally beaten up. Those who did weren’t, and could
therefore leave their phones home when they really needed to hide their movements.
More generally, if you close off all the enemy’s intelligence channels, you close
off your ability to deceive him.
Break Surveillance.
Depending on the technology, you can break some surveillance systems. You can sever
the wires powering automatic speed traps on roads. You can spray-paint the lenses
of security cameras. If you’re a good enough hacker, you can disable Internet surveillance
systems, delete or poison surveillance databases, or otherwise monkey wrench. Pretty
much everything in this category is illegal, so beware.
Some of these methods are harder than others. Some of us will be able to do more than
others. Many people enter random information into web forms. Far fewer people—I’ve
only ever met one who did this—search for random things on Google to muddle up their
profiles. Many of these behaviors carry social, time, or monetary costs, not to mention
the psychological burden of constant paranoia. I rarely sign up for retail affinity
cards, and that means I miss out on discounts. I don’t use Gmail, and I never access
my e-mail via the web. I don’t have a personal Facebook account, and that means I’m
not as connected with my friends as I might otherwise be. But I do carry a cell phone
pretty much everywhere I go, and I collect frequent flier miles whenever possible,
which means I let those companies track me. You’ll find your own sweet spot.
We should all do what we can, because we believe that our privacy is important and
that we need to exercise our rights lest we lose them. But for Pete’s sake, don’t
take those silly online surveys unless you know where your data is going to end up.