In this interview, Jacob Appelbaum shares some wise words regarding personal information security. He may have been speaking within the context of the various Occupation protests, but his advice certainly applies to non-activists as well. With that in mind, I would like to share some of the steps that I take to protect my communications and mitigate surveillance. But first, I need to address some of the misunderstandings that people commonly hold about privacy.
The misconception that only people with something to hide require privacy bothers me the most. Privacy will obviously help someone hide something, but, for the most part I think, we need privacy to protect the integrity of ourselves as individuals and that of our relationships. For example, we share personal information with friends and family to extents which we limit according to intimacy. We share more with the people with whom we relate to more closely. And we typically share such information on a reciprocal, equitable basis so each party has equal footing, at least in healthy relationships. Therefore, we use privacy to make our personal information privileged, thereby making those with whom we share it, friends and family, special people in our lives. When a person or organization spies on you, they get to know you on a unilateral, inequitable basis. As such, they have the power to take advantage of you, not only because they probably have the physical means, but because you lack the equivalent information about them.
Of course, that logic won’t sway folks who don’t believe that they are the subject of surveillance. People commonly think that believing otherwise would make them paranoid or delusional on the grounds that they live lives too uninteresting to get Wenlock’s attention. The cost of surveillance, on a per target basis, keeps decreasing, so holding such a belief makes one realistic, as the construction of the Utah Data Center exemplifies. Yet, for people who still believe in immunity through innocuous mediocrity, Appelbaum presents a sound argument:
The people who that say that—if they’re not cops, they’re feeling unempowered [sic]. The first response people have is, whatever, I’m not important. And the second is, they’re not watching me, and even if they were, there’s nothing they could find because I’m not doing anything illegal. But the thing is, taking precautions with your communications is like safe sex in that you have a responsibility to other people to be safe—your transgressions can fuck other people over. The reality is that when you find out it will be too late. It’s not about doing a perfect job, it’s about recognizing you have a responsibility to do that job at all, and doing the best job you can manage, without it breaking down your ability to communicate, without it ruining your day…
In other words, you don’t have to believe that you’re a target. Rather, not taking precautions imposes vulnerability on your associates because your personal information also includes their personal information (to the extent that they’ve shared it with you). Furthermore, it doesn’t matter if you and your friends faithfully abide by the law. Who says that the state’s agents will interpret correctly the information about you that it collects? Everybody makes mistakes, after all. And non-state entities, who don’t necessarily care about your behavior with respect to the law, also engage in surveillance, whether it’s Google, Facebook, or your employer. Any trust you may have put into those entities becomes irrelevant when the data they’ve collected gets compromised by a malicious third party.
Sometimes along the lines of an “eat, drink, and be merry, for tomorrow we die” attitude, people will argue that given the insurmountable power of the state, we have no real means to protect the privacy of our communications. Indeed, vulnerabilities will always exist. But, where we might lack the means to completely protect ourselves, at least we can establish an expectation of privacy, which may provide some legal protection. At the very least, it’s important to demonstrate respect for your associates by exercising due diligence. That’s why, despite the weak physical protection they offer, we put our postal mail in paper envelopes. Equivalent technologies exist for e-mail and other internet communications (which provide much better security), yet few if any of my associates use or even know about them. So, if you don’t feel that using an envelope signals paranoia, or that they’re too useless to even bother with, I encourage you to employ some, if not all, of the following measures for your internet communications.
With varying discipline, I do the following:
- From my PC, I cryptographically sign my e-mails with OpenPGP using the Thunderbird e-mail client with the Enigmail add-on. From my Android smartphone, I do the same with K-9 Mail and APG. Although I doubt that any of the recipients of my messages ever try to verify them, I get a small amount of geeky joy every time I sign an e-mail. Doing so also gives me an opportunity to include at the bottom of my e-mail messages a note explaining that I signed the e-mail and that I am happy to show others how to verify it. I would prefer to encrypt my e-mails as well, but if the people I e-mail won’t verify my signatures they certainly won’t have public keys to share with me.
- I retain the ability to have encrypted instant message conversations using OTR. On my smartphone I use Gibberbot and on my PC I use Pidgin with the appropriate plugin. I’ve had better luck showing off Gibberbot (and its iOS counterpart, ChatSecure) to friends and getting them to use it than OpenPGP, but my battery doesn’t last long enough to let me run Gibberbot without a recharge half-way through my day. So, my friends and I have resolved to use it for sensitive discussions only, but that’s a significant limitation. At what point does a conversation become sensitive enough to warrant switching apps? Can’t an eavesdropper build a thorough profile from seemingly innocuous conversations?
- Similarly, I have Tor installed on both my PC and my smartphone (as Orbot). However, because it’s slow, I rarely use it to browse the web. Still, I enjoy contributing to the Tor network as a node. Also, the Hidden Service feature is convenient for getting around the limitations of a dynamic IP address.
Of those measures, the first is probably the most convenient and effective. I believe that the reason for people’s reluctance to adopt it come from their reluctance to use an e-mail client in the first place. Gmail’s web interface, for example, offers a great experience without having to install or configure anything. That’s too bad. Sealing an envelope really isn’t that hard.