Privacy and Democracy
|Gary Bloom||Oct 16, 2018|
Privacy on the Internet (Pt 1) — an essential habit of democracy
(Pt 2 begins at the end of Pt 1)
There’s an old joke: “Just because you’re paranoid doesn’t mean they’re not all after you.” In these times of widespread surveillance, you don’t have to be paranoid to believe they’re all after you. As usual, I do the research to satisfy my own needs and curiosity. I do the essays to pass that information on to family, friends, and whomever is interested.
First up is my opinion why digital privacy (the Internet and cell phone use) is the foundation of democracy. Following, I’ll be suggesting the best Internet privacy-oriented apps and practices.
Privacy and Democracy
Bria Bloom recently posted an essay of her witnessing an interaction between a mother and the mother’s (about) ten year-old-daughter. The mother is playing with her daughter’s hair, treating it as if it belonged to a doll, while ignoring her daughter’s repeated requests to stop. The daughter and mother both persist, until her mother finally stops and calls her daughter a brat.
If you stop reading Bria’s essay at this point (because Facebook beckons), you’d probably think nothing of the incident — children and parents will be children and parents. But if you read further, Bria makes an unexpected connection: the insistent (pardon) manhandling of the daughter, despite her protests, is inadvertently training the daughter to accept that her body is not her own, that without consent, she should allow her body to be invaded by another’s behavior.
Bria’s interpretation startled me. When the above “training” is practiced by a sexual predator, it’s called something really creepy, “grooming,” getting a child used to accepting physical invasion — sexual invasion.
The Grooming of Americans
Without a huge conceptual jump, we can see this sort of grooming taking place with our constitutional democracy.1 Compare Bria’s remarks, further on:
This behavior can be especially dangerous when thinking about our society’s absence of a strong culture of consent…
with a phrase from the second paragraph of the United States Declaration of Independence:
Governments are instituted among Men, deriving their just powers from the consent of the governed…
“The U.S. Constitution is just a goddamned piece of paper!”
The above is attributed to then President George W. Bush, who supposedly uttered it in a meeting with Republican Members of Congress who were concerned about portions of the Patriot Act. It’s unlikely that Bush ever said that, but he would have been right. The Constitution is just a goddamned piece of paper. Democracy is not what’s on a piece of paper, democracy is a habit of behaving in a manner that expects that as citizens, we have rights, specifically, as designated in the Bill of Rights. Our democracy is in danger, because we are treating our government as if it’s not run by our public servants, but by our rulers. We are absent a strong culture of consent.
How we’ve been groomed to give up consent
What Bria’s essay implies is that changing someone’s behavior, for better or worse, nearly always comes from repetition. So it is with grooming by unwanted invasive behavior.
What happened to consent of the governed? — stories happened
The easy answer is that we (as citizens) are ready to suspend constitutional rights, quickly and passively, when we’re afraid, which usually occurs in time of war. Obvious examples include the internment of American citizens of Japanese decent, during World War II; the tactics of Senator Joseph McCarthy and the House Un-American Activities Committee during the Cold War scare; free speech zones during political protests; and the Guantanamo Bay detention camp during the never-ending so-called war on terror.
As the only animal that has a linguistic form of language, and language being the tool of abstraction (communicating about other than what’s in front of us), we primarily think and learn in the form of stories. Want to lose an election? Campaign on policies. Want to win an election? Campaign on anecdotes. Want charitable contributions following a natural disaster or to stop a war? Forget statistics about thousands who’ve died or are suffering, show an injured child. Want to raise money for your state’s government? Forget publishing the cost of keeping a licensing office open on Saturday, show a lottery winner’s new mansion. Finally, you want to run roughshod over the Fourth Amendment to the U.S. Constitution? Make a single event that occurred 16 years ago and counting your nation’s dominant story.2 Nevermind that homegrown terrorists are more common. Nevermind that, while 3000 were killed in the 9/11 attack, since, over 500,000 in the United States were killed in auto accidents. Nevermind that if you want to create worrisome but more effective stories around issues for Americans to change our way of life, consider our causal response to flu season, which should be considered dangerous enough for quarantines, but sick adults still go to work and sick children still go to school; consider gun-related deaths; consider climate change. There are countless perils in our daily lives that are far more common and deadly than the scary, but statistically small, events that make the news such as shark attacks, plane crashes, lightening strikes, and yes, terrorists attacks.
The repetition of the 9/11 story is told implicitly at airports, train stations, and border crossings, as a rationale to treat the entire populace as a herd of suspects, and those that fit a racial profile, even more so. This story is told in the form of security theater, a term coined to identify measures that create the illusion of enhanced security, but have either no effect or have a negative effect of saving lives.
The Costs of Security Theater
Some examples of the cost of security theater. From Wikipedia:
In 2007, the researchers studied the specific effects of a change to security practices instituted by the TSA in late 2002. They concluded that this change reduced the number of air travelers by 6%, and estimated that consequently, 129 more people died in car accidents in the fourth quarter of 2002. Extrapolating this rate of fatalities, New York Times contributor Nate Silver remarked that this is equivalent to “four fully loaded Boeing 737s crashing each year.”
The 2007 Cornell study also noted that strict airport security hurts the airline industry; it was estimated that the 6% reduction in the number of passengers in the fourth quarter of 2002 cost the industry $1.1 billion in lost business.
A 2010 Government Accountability Office (GAO) report found that the TSA’s $900 million Screening Passengers by Observation Techniques (SPOT) program, a behavioral-detection program introduced in 2007 that is aimed at detecting terrorists, had detected no terrorists and failed to detect at least 16 people who had traveled through airports where the program was in use and were later involved in terrorism cases.
The Ineffectiveness of Security Theater
…TSA agents failed to detect a threat in 67 out of 70 recent trials. Posing as passengers, U.S. Department of Homeland Security “Red Teams” were able to carry weapons and fake explosives (“simulant” threats) through security checkpoints without any trouble. Former TSA Administrator James Loy, who led the agency in its first year, called the leaked results an “abominable failure.”
Government & Corporations — a tag team of grooming us to give up consent
That most of us don’t often travel by jet or train, or cross the border, is irrelevant. The 9/11 story is told less directly but more consistently throughout our daily lives, through a partnership between our government and corporations such as Facebook, Google,3 and Verizon. It’s told as a means of grooming the populace to accept ongoing invasiveness into our private business, beliefs, and behavior. Whether or not some or all of it is intentional does not matter; the effect is the same.
On the intentional side, the NSA and CIA partially funded the Google search engine. Congress gave communications companies such as Verizon and AT&T retroactive immunity for granting the NSA the means to, without a warrant, wiretap all U.S. phone calls for three months. The U.S. government continues to renew laws that extend their reach into our private lives. And they are currently attempting to create regulations that would require, though our most secretive surveillance agencies can’t keep their own data secure, large tech companies to install backdoors (access) into major data platforms in the cloud. If you thought the Equifax data breach was fun, wait until the Russians get a hold of our personal records on DropBox, Microsoft Azure, Amazon Web Services (which the U.S. Government is going to use), Google Cloud, and Apple’s iCloud.
On the unintentional side, Google and Facebook, along with numerous smaller entities (Paypal shares your data with 600 companies), have groomed billions of us to be indifferent to constant surveillance, an indifference government agencies increasingly exploit. We shrug at Congress voting retroactive immunity for Verizon and AT&T for selling us out by allowing our entire citizenry to be wiretapped without a warrant. We shrug at the Director of National Intelligence lying to Congress about it. We shrug at the rubber stamp FISA court who, between 1995 and 2015, approved 38,365 FISA warrants while rejecting 12. In a country where a minority segment of the population goes apeshit over any perceived encroachment of the Second Amendment to the U.S. Constitution, not many give any shit over the constant encroachments of the Fourth Amendment to the U.S. Constitution.
I recall not many years ago reading that, while we’re all familiar with the FBI and the CIA, our really secretive spy agency was the National Security Agency (NSA). In my former naivety, I was shocked to learn of this, ultra-secretive, U.S. intelligence agency. As it turns out, the U.S. Government has not three, but seventeen intelligence agencies, many of whom operate without the need for warrants to, at least, passively spy on American citizens. Do you believe that any of these agencies will shut down because of overlap and/or irrelevance? The use-by date on their package may have long faded, but don’t expect them to notice the sour smell of their efforts. They will find “important work,” and as intelligence agencies, some of that work will likely include domestic spying.
A new story in the horror genre
Every Jason Bourne movie contains one or more scenes that demonstrate, if the enforcement agencies want to find you, they will. But those movies are old;4 they show surveillance by means of security cameras, cell phone records, and wire taps. Since we’re not disillusioned spies on the run, no one is going to make a similar effort to track us, but they won’t have to if we adopt the surveillance model of China. While I think the facial recognition that unlocks my iPhone X is cool, the Chinese intelligence community thinks that facial recognition to monitor every move of its citizens is cooler.
On the video, a Chinese official explains:
We can match every face with an ID card, and trace all your movements back one week in time. We can match your face with your car and match you with your relatives and the people you’re in touch with. With enough cameras, we know who you frequently meet.
The watchful eyes of those 17 intelligence agencies, the invasiveness of Facebook, Google, and others to learn what’s in our heads, who we’re in touch with, where we go, and what we buy grooms us to accept increasing surveillance until the Chinese model will arrive (if we’re not already there) like the gently-boiled frog in a pot.
Privacy is the cornerstone of democracy
If you didn’t have something to hide, you wouldn’t mind being watched.
Heard that lately? Perhaps, more than once? The premise of that argument is, even if you haven’t broken a law, the state expects to have authority over your private behavior. Unstated is that the authority stems from a concern that you might, in the future, break a law, and under authoritarian government control, that can mean just speaking out against their authority. Since anyone might do anything in the future, that argument can grant the state’s right to unlimited surveillance of its citizens. What should be shocking, but gets a big yawn from most, is that’s the situation we’re now in.
From computer security expert Bruce Schneier:
Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that’s why we should champion privacy even when we have nothing to hide.
The NRA is smart, the GOP is smart; Apple is stupid, Democrats are stupid
When the National Rife Association (NRA) uses (what many believe are) extreme measures to defend their interpretation of the Second Amendment to the Constitution, liberals whine a little, while the NRA gets relentless support from nearly every Republican office holder. Though the NRA claims they’re upholding constitutional gun rights for gun owners, the NRA is really a gun sellers’ organization. Gun manufacturers tout the Second Amendment so they can continue to make large profits.
When Apple makes relatively mild statements about protecting the privacy of their users, they neglect to mention the Fourth Amendment, and they get criticized by Democratic politicians as well as members of the GOP, for interfering with security (theater). Apple also gets criticized by tech pundits and Apple users, because Apple’s privacy statements are a “self-serving” marketing gambit.5 Let me repeat that: The NRAs support of the Second Amendment, primarily a gun-sellers organization, is not self-serving, it’s patriotic. Apple’s indirect support of the Fourth Amendment, because they might benefit from customer buy-in, is not patriotic, it’s self-serving. It’s a mystery why Democrats aren’t all-in behind the NRA. Assault weapons would be far more efficient for their perpetual circular firing squad.
If gun manufacturers can give suitcases full of campaign contributions to support their interests, Apple should be giving suitcases full of campaign contributions to support theirs. They should be giving money to organizations who defend privacy rights, such as the ACLU and their geek counterpart, the Electronic Frontier Foundation (EFF). If the ACLU, the EFF, and the politicians who actively support our rights to privacy are to be successful, they need the kind of financial, vocal, and habitual support that the NRA gets for gun rights and the ACLU gets for free speech rights.
Why privacy is the most important habit of democracy
First, it’s one that almost uniquely crosses the polar politics that have become the norm. Members of the Senate intelligence Committee, Senators Richard Burr and Diane Feinstein, typically vote opposite on social and economic issues but are two of the strongest proponents of domestic surveillance. Senators Rand Paul and Ron Wyden typically vote opposite on social and economic issues but are two of the strongest critics of domestic surveillance. Polls show that a majority of self-identified Republicans support surveillance when a Republican President is in office and are against it when a Democrat is President. The inverse is true for self-identified Democrats. In other words, neither liberals nor conservatives trust the government to surveil for just the good of the country. The protections of the Fourth Amendment is the only issue that roughly half the population from each political affiliation agrees with.6
Second, As Glenn Greenwald7 states in his Ted Talk and in his book, No Place to Hide, surveillance turns non-conformists into people who learn to suppress non-conformist thoughts. This doesn’t just interfere with political opposition to the norm, but chips away at all creative thinking, including art, and novelty in business:
…it is in the realm of privacy where creativity, dissent, and challenges to orthodoxy germinate. A society in which everyone knows they can be watched by the state—where the private realm is effectively eliminated—is one in which those attributes are lost, at both the societal and the individual level.
Third, surveillance mechanisms, such as computer keystroke monitors (used in many corporations) and employee movement monitors (used in Walmart and Amazon warehouses) not only turns employees into robotic workers, it makes robots their de facto bosses. This demeans them as humans, as thinking individuals. A constant psychological attack on your identity does not create citizens, it creates resentful people looking for scapegoats — looking for victims who have even less control over their lives.8
Some might argue that working a traditional assembly line is no different than my above examples of working in a surveilled warehouse environment. Not in my experience. For a time, I worked on an assembly line that churned out computer wafers that got cut into chips. Twelve-hour graveyard shifts — it sounds like a most tedious job, but weirdly, I enjoyed it. When I started, I worked the computer wafer polishing machine (a kind of fine sanding machine). I had to stick the heavy round metal plates that held the chips onto the rotating lid above my head, then close the lid over the polisher. Though I was often half asleep, it was a great workout that I got paid for.
What I enjoyed was working with others in getting the job done. In the minutes I had during polishing runs, if all was going well with my six machines, I’d help others on the line with their work. It was good while it lasted. The low-level managers apparently had little to do, so they designed a motivational procedure. We were given forms to track our work, designed to monitor each station’s contribution, in speed and quality. We’d be graded and in competition with each other. Kind of silly since our success was primarily dependent on the ability of the machines. Our contributions stemmed from helping each other, a contribution that was rendered self-defeating now that we were being surveilled, if indirectly, with the tracking forms.
Is Jeff Bezos the efficiency genius he thinks he is? In the Amazon warehouse you’re not even supposed to talk to co-workers because it slows you down. That’s how you turn humans into robots. I don’t doubt that these warehouse workers are more efficient for a time, but how long do they stay there? How much time is lost in training new workers? What’s the cost of surveillance?
Checks and balances, indeed, our democracy is structurally vulnerable
Our three branches of government were designed to provide the famous checks and balances. Great in theory — but, who knew? — our government is comprised of people not institutions. Today, we live in a country where, often, a single individual decides what the Bill of Rights and its amendments mean, what individual rights the Constitution protects. The interpreter of individual protections is the lone duty of the Supreme Court, a body of nine, which has morphed from a theoretical separation of powers to two political factions and one swing vote. With a lifetime appointment, as the owner of the swing vote, Anthony Kennedy is often the most influential American. Let me repeat that: all of our so-called guaranteed individual rights are often retained at the opinion (and they are opinions, otherwise, all votes would be unanimous) of a single 82-year-old white male.
So one person, appointed by a partisan president (as are all Supreme Court Justices) has been the deciding vote in extremely important influences on our culture: abortion, gay rights (including the right to marry), lethal injection, guns, and the election of George W.Bush in 2000.
On the Roberts Court, Kennedy often decides the outcome of a case. In the 2008–2009 term, he was in the majority 92 percent of the time. In the 23 decisions in which the justices split 5-to–4, Kennedy was in the majority in all but five. Of those 23 decisions, 16 were strictly along ideological lines, and Kennedy joined the conservative wing of the court 11 times; the liberals, 5.
In the 2010–2011 term, 16 cases were decided by a 5–4 vote, and Kennedy joined the majority in 14 of the decisions.
My point isn’t about Justice Kennedy. That he has so much influence on American culture is an accident of time and place. My point is that the words residing on our most important document means only what nine people, and often one person, says it means at a point in history. Because a president with particular beliefs, and a Senate with particular beliefs, select those nine people, and since citizens elect the president and Senate, the rights of citizens depend on the attitudes of citizens.
Authoritarianism is a language habit
Before George Orwell made Newspeak the symbol of thought control in his famous novel, Nineteen-Eighty-Four, our first president, George Washington understood how democracy can be undone by language habits.
He was aware that everything he did set a precedent, and he attended carefully to the pomp and ceremony of office, making sure that the titles and trappings were suitably republican and never emulated European royal courts. To that end, he preferred the title “Mr. President” to the more majestic names proposed by the Senate.
The rest of us don’t appear sufficiently wary of the trappings of monarchy. I find it odd that not only is our current president called, Mr. President, but all living former presidents (along with other former office holders) are. That level of life-long respect seems out of place in a democracy. If you’re not convinced, think about this: as long as he lives, Donald Trump will be called Mr. President.
Worse is the habit of referring to the president as Commander-in-Chief. The president is Commander-in-Chief of the Armed Forces, a title that’s relevant for only brief periods during his term, and a title never relevant without ”of the Armed Forces,” and a term never true as regards to the hundreds of millions of us not in the military.
Worst of all from a perspective of promoting authoritarian leadership, is when the president, or any elected official, is referred to as “CEO.” The country, states, cities9 are not businesses, and elected officials are not our bosses, they are our public servants.
How we use language influences how we think and how we create stories about ourselves, our culture, our country.
How change happens
Recently, I listened to a podcast by Preet Bharara, interviewing Jeh Johnson. Bharara served as U.S. Attorney for the Southern District of New York from 2009 to 2017. Johnson was General Counsel for the Department of Defense from 2009 to 2012 and followed that with a term as head of Homeland Security. Johnson oversaw the repeal of the U.S. military service’s official policy of ”don’t ask don’t tell,” which prohibited discrimination against gays in the service, while (in a pay no attention to the man behind the curtain gambit) disallowed being openly gay. Johnson believes that the repeal of don’t ask don’t tell, which marked the acceptance of gays in the most conservative institution in the U.S., the Armed Forces, led to the cultural normalization of homosexuality, and subsequently, to the trend towards marriage equality laws.
The above lesson, supposedly, is that cultural leadership matters, but did the military lead or follow? What’s missing from the above explanation is what led to the tolerance that precluded that of the U.S. military. What made that institution more tolerant? Again, from the above podcast: Bharara and Johnson concurred that some of the arguments against the integration of black and white soldiers were similar to the arguments against the integration of gays into the military, arguments that proved false. But there had to be lessons that preceded ethnic integration.10 There is no starting place for change, and there’s no red X that marks a the tipping point, a specific change that breaks the logjam. Changes beget changes, which keeps the change begetting going. Some changes are bigger than others.
Biological evolution moves in homeorhetic trajectories, funneling change along a new path. Likely, cultural evolution moves similarly, funneling down a path. Did washing machines make way for feminism? The pill? World War II (where women took over traditional men’s jobs). Betty Friedan? How about all of those events, and many more, made way for feminism. Similar cultural evolution has occurred with marriage equality laws and the legalization of marijuana — events in my youth, I would have thought impossible.
Looking back to democracy, no single event made way for democratic nations. The Magna Carta, supposedly the document on which the U.S. Constitution was modeled, went through 550 years of evolution before the U.S. Constitution was written.
It’s on us
Many concerned with the movement towards an authoritarian government, and with creeping surveillance, are hoping for government solutions. That’d be nice, but authoritarian politicians aren’t the ones to stem the flow towards authoritarianism, and few politicians have the courage to take a stand against security theater, lest they be blamed for any future incidence of terrorism.
So, should we give up? Only if we believe that politicians lead. I don’t. Politicians seldom lead anything; they follow public sentiment. Their talent lies mostly in jumping in front of the parade. Because half the population are women, politicians contend with women’s rights. Because each of us has a gay relative or friend, we’re moving to marriage equality. Because, illegal or not, so many consume marijuana in some form, we have a legalization movement. Even this guy is on board, literally on a board of directors. From the Washington Post:
John A. Boehner, the former Republican speaker of the House who once said he was “unalterably opposed” to decriminalizing marijuana laws, has joined a board of directors for a cannabis company with an eye on rolling back federal regulations.
The former Ohio congressman has been appointed to the board of advisers of Acreage Holdings, invoking the need for veterans to access the drug legally to explain his change of heart, Boehner said in a statement Wednesday. The company grows and sells legal weed and operates in 11 states.
Boehner’s acceptance of marijuana tracks with evolving beliefs about the drug and its uses among Americans and even Republican lawmakers, Erik Altieri, executive director for the Washington-based marijuana advocacy group NORML, told The Washington Post.
It’s fruitless to wait for a political lone wolf or two to save democracy. It’s up to us as individuals to maintain democracy, and I believe the most important individual action we can take is to discourage both government and corporate surveillance — without which authoritarian governments can’t maintain their hold. That means, take small actions and inform others of your actions, because most people are far more willing to take action when they know they’re not alone. So it’s not enough to take action, you must inform others that you are.
As the above examples illustrate, cultural evolution influences what our politicians support, who gets elected, who gets appointed to the courts, and even how the courts interpret laws. It’s on us.
What to do
No one is going to be successfully nagged to #deleteFacebook and switch their search engine to DuckDuckGo. If you haven’t yet, you’ll probably make that decision if and when there’s a mass exit. And I can count on my law degrees (none) how many I expect to stop carrying their smart phone. While fewer than I had hoped, there are ways to minimize the surveillance. I’ll be suggesting the best Internet privacy-oriented apps and practices. Sign up, below, to be notified.
Bibliography (aside from the links)
No Place to Hide, Glenn Greenwald
The Art of Invisibility, Kevin Mitnick
On Tyranny, Timothy Snyder
Take Control of Your Online Privacy, Joe Kissell
Post Privacy and Democracy, Patrick Held (For some reason, this is only available as an Apple iBook.)
NSA surveillance may be legal — but it’s unconstitutional Laura K. Donohue
1 Sticklers will point out that, technically, the USA is a Republic.
2 Not that we don’t have competing stories, such as the populist story on which Donald Trump won the election — immigrants and unfair trade are running our economy and culture.
3 The Google corporation is now Alphabet, but I’m going to stick with its popular name.
4 I’m told that there are most recent movies that depict modern surveillance capabilities.
5 Because Apple makes most of their money from selling devices, unlike Google and Facebook,, Apple doesn’t need to make all their money off user data.
6 To me, that this poll is three years old, makes it more reliable, because it’s not about whether or not one supports Trump.
7 Greenwald takes bizarre political turns in every few years. I advocate his views on only surveillance .
8 The advice: If you don’t like this job, get another one, ignores the realities of the employment environment.
9 our Mayor of Edmonds, population 40,000, sometimes gets called “CEO.”
10 I don’t use the term “race,” because it’s a cultural not scientific term.
Privacy and Democracy (Pt 2) — Apps
“We is faced with insurmountable opportunity.”
No matter how many times you’ve seen the exact scenario play out, the most exciting scenes from TV and movies continue to be when our heroes get backed into a hopeless situation — and then it gets worse. Not only does the velociraptor’s mate join the inevitable slaughter from the prey’s other side, from the darkness leap five crappy Jurassic Park sequels.
Of course, the heroes get miraculously saved. While there’s nothing surprising about these scenes – how could they be when they’re as common as peanut butter? — every damn time, from our comfortable distant seats, knowing full well that the threats are either computer-generated images or highly paid actors, our fight/flight hormones don their hero disguises and… remain seated. This plays out so often that there are probably script consultants who do nothing but write if you think you’re in trouble, now scenes. As it turns out, these same script consultants could have written the results of my research into corporate and government surveillance.
You’re trying to bring a modicum of digital privacy to your life, trying to get the degenerate memory of Facebook’s slutty affair with Cambridge Analytica out of your thoughts. You not only set additional privacy settings, to avoid Facebook’s more creepy grooming habits, you [opt out of sharing](https://www.eff.org/deep LinkedIn/2018/03/how-change-your-facebook-settings-opt-out-platform-api-sharing). And then it gets worse. In spite of the no-end to Facebook’s sleaze and [more sleaze](https://www.cnbc.com/2018/04/05/facebook-building–8-explored-data-sharing -agreement-with-hospitals.html), they may not be the sleaziest player. As Google tells it, “Google cares about your privacy,” from those who aren’t Google. Rather than take the easy way out by using DuckDuckGo, you respond by nailing down your Google privacy settings.
Facebook, Google, that’s the worst of it, is it not? You heard something bad stuff about your cell phone carrier, but there’s VPNs (virtual private networks) that will keep prying eyes from your search for the best sex toys for Rastafarians while high,, Amirite? And you’ve heard that VPNs are the cure. You think so, and then it gets worse.
Legendary filmmaker, Orson Wells, told us we’re born alone and we die alone. Maybe in his era; today, not even. Make that call, send that email, text your friend. You’ll be joined by Verizon, Comcast, AT&T, Charter, Sprint, Frontier, T-Mobile, Facebook, Google, NSA, FBI, ICE, your local law enforcement agencies, and foreign espionage interests. If you still feel alone, it’s on you.
Can you make yourself a little more alone? If you really really try. Let’s take a look.
No battle plan survives first contact with the enemy. _ Helmuth von Moltke
In theory, privacy services and supporting apps come in several levels: (1) Secure from both government surveillance and surveillance capitalism. (2) Secure from only government surveillance. (3) Secure from only surveillance capitalism. (4) Privacy theater — that is, marketed as a privacy service, but is either too flawed to be counted on or is a fraud.
How to change your privacy habits
If you’re trying to change a habit, willpower is usually futile. To change a habit, limit your choices or make certain choices more difficult. For example, if you’re trying to cut down on sweets, don’t keep any in the house. Make it so you’d have to go out to get ice cream. You’ve set your situation where the easy thing is to not consume sugar.
Privacy Services and Apps.
The best privacy-oriented apps take a similar approach, where the easy thing to do is to not disclose your private data, or in the Signal’s case, make it impossible — unfortunately, impossible, as we’ll see, the way Trump’s election was impossible. As with the U.S. Constitution, Signal does its part. As with the users of the U.S. Constitution, as we’ll see, you can’t count on the users of Signal to do their part.
Signal from Open Whisper Systems (OWS) is a messaging app that can be also be used for voice and video calls, and it’s designed to be the most privacy efficient app of any kind, currently available.1
While some of the big tech companies, such as Google, Microsoft, and Apple have fended off demands from law enforcement, they still can and do comply with specific subpoenas for user data they hold, if they can access it. Some of the data, such as iMessage content from Apple is encrypted, and law enforcement agencies have attempted to get Apple to give them the (software) key to Apple’s encryption, which, so far, Apple claims they’ve fended off. What makes Signal different is that it can’t give law enforcement, or anyone else, a key. In response to a grand jury subpoena:
… because of how the service is designed, OWS was only able to provide “the time the user’s account had been created and the last time it had connected to the service.”
Imagine a lock company: if OWS was that company, they’d sell you a lock where you’d have the only keys to open it. If Apple was that company, they’d sell you a lock, give you keys, retain the master key, and refuse to give the master key to surveillance agencies.
Among the large tech companies Apple’s approach to its users’ privacy is currently the best, but what happens if a change in laws requires Apple to hand over user data? Would Apple CEO Tim Cook be willing to go to jail over Apple’s users’ privacy? Would Apple’s next CEO be of the same mind?
Is there a catch to Signal? Messaging services such as Apple’s iMessage defaults to send messages to another Apple Messages app.(iMessage is Apple’s service, Messages are the iOS and MacOS apps that use iMessage.) That’s how it’s capable of encryption similar to Signal’s. However, if you send an iMessage to a non-Apple user (Windows, Android, Linux), it gets sent as a SMS (short message service), that is, as an old-fashion unencrypted text message by your telephone service.2 (SMS texts are displayed in green rather than blue bubbles in Messages apps.) In contrast, Signal on iPhone can send messages to only other Signal apps. Not a big major drawback as Signal is available for iPhone, Android phones, and PC, Mac, and Linux on the desktop. However, the receiver must have Signal installed to receive the message.
As I implied above, there’s one other little catch to tech’s best privacy service — it’s users. You can set your sent Signal messages to disappear faster than the campaign promises of a newly-elected politician. But, what if the receiver takes a screen shot of that newly-received message? And saves that screenshot to their iCloud storage. A search warrant would find an unencrypted photo of that message. You may have read about Paul Manafort’s alleged attempts at witness-tampering and how it was discovered. Either the FBI retrieved iCloud backups from less privacy-secure apps, or the receiver of Manafort’s message handed their phone to the FBI.
Android users can make Signal the equivalent of the Apple’s Message service by setting Signal as their default messaging app3 — Signal-to-Signal is encrypted, and Signal to non-Signal users are sent as non-encrypted (SMS) texts. Unfortunately, there are millions of iMessage users and thousands of Signal users.
Most Android users probably use an app from Facebook, WhatsApp and/or Facebook Messenger. WhatsApp uses Signal’s encryption, so WhatsApp is (in theory) similarly secure, except it’s now owned by Facebook, and Facebook is now harvesting WhatsApp user data. Guess who gave Signal the $50 million? The creator of WhatsApp, who left Facebook over Facebook’s decision to harvest WhatsApp user data.
If you still decide to use WhatsApp, here’s a tutorial on it’s privacy settings.4
What’s Google doing about Android messaging?
Google continues its traditional app-of-the-month-club by getting ready to abandon Allo, just introduced in September, 2016. Like WhatsApp, Allo includes Signal’s end-to-end encryption, but it’s turned off, by default. Being Google, apparently, even the option of disallowing surveillance capitalism was too much. They’ve stoped development on Allo in favor of a totally non-encrypted service called “Chat.” The goal is to create a multi-carrier service. An easy-to-surveil messaging service should make everyone happy except its users.
If you care about keeping your messages private, whether from commercial or government snoops, you have one absolute solution in Signal, and a compromise for Apple with iMessage.
As I stated, WhatsApp’s encryption future is in flux, and the only reason to prefer it over Signal is that (being a Facebook app) you’ll have far more messaging partners.
iMessage vs Signal holds a different trade-off. Because the decryption key is held on your device, not in the cloud, if you lose your device, unlike with Apple Messages, you will not be able to restore Signal messages from a backup.
Ratings 1 - 5 (higher is better)
Orwells: Privacy from government surveillance
Tim Cooks: Privacy from surveillance capitalism5
Signal (for all platforms): 5 Orwells, 5 Tim Cooks
WhatsApp (for all platforms): 4 Orwells, 2 – 4 Tim Cooks (Just remember WhatsApp effective encryption is in flux.)
iMessage (for Apple iPhone, iPad, and Mac: 4 Orwells, 5 Tim Cooks
Chat Google/cellular companies universal messaging service (platforms unknown): 1 Orwell, 1 Tim Cook.
I was so close to switching my personal mail from Apple iCloud to Protonmail. Encrypted servers buried in a Swiss mountain, run by MIT geeks, with an attractive non-geeky, interface, a free version, though with inadequate memory for regular use, but an inexpensive paid version with plenty of memory. But I didn’t. First, all my research has convinced me and that there’s no such thing as private email. Encrypted, buried in a mountain, can be secure when you send email to other Protonmail users. With the dominance of Gmail and Outlook, (and to a lesser degree, Fastmail, and iCloud), that’s unlikely to be often. Still, why not, I figured, be part of a a trend of gmail => protonmail.
Here’s why I don’t think that move will happen. Encrypted email on a server cannot have its content searched, only the From and Subject can be searched. That explains why Apple, so emphatic about user privacy, encrypts mail between servers, but does not encrypt mail on its server. Hence, I have a hard time believing that users spoiled by Gmail’s Google-competent search in their email will be content when they can’t track down that email from two years ago in their protonmail.6
Privacy from government
Regarding the PRISM surveillance program:
“The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012. … “98 percent of PRISM production is based on Yahoo, Google, and Microsoft”.
Privacy from provider surveillance
As there’s no reliable privacy-email service, I’ll skip to the grades.
Orwells: Privacy from government surveillance
Tim Cooks: Privacy from surveillance capitalism
Protonmail: 3 Orwells, 5 Tim Cooks
Gmail: 2 Orwells, 1 Tim Cooks
Outlook: 2 Orwells, 5 Tim Cooks
Apple Mail: 2 Orwells, 5 Tim Cooks
Fastmail: 2 Orwells, 5 Tim Cooks
It’s easy to change your default search engine from Google to DuckDuckGo. Directions are on the Website. Don’t expect any search privacy from the government.
Google: 1 Orwells, 1 Tim Cooks,
DuckDuckGo: 1 Orwells, 5 Tim Cooks
As with email, no browser will secure your privacy from a government agency that’s determined to find what you’re looking at, so I’d forego the often slow Tor: Tor (The Onion Browser) and go for
Safari on Apple devices with 1blocker7
Safari and Firefox: 1 Orwell, 5 Tim Cooks.
YouTube: It is the one Internet service that has no substitute. It may help to not sign in or sign out between uses.
YouTube: 1 Orwells, 1 Tim Cooks
Consider the companies that provide them.
All: 1 Orwells, 1 Tim Cooks
Generally, I’ve found Google Maps slightly more reliable in finding a better route, Apple a better predictor of travel time. Google owns Waze as well.
Google Maps: 1 Orwells, 1 Tim Cooks
Apple Maps: 1 Orwells, 4 Tim Cooks
While less embarrassing than in recent years, I don’t want anyone, even the NSA, to know that I’m a hometown fan of the Seattle Mariners. To read the baseball scores on the Web, in secret, my choices are to drive 3000 miles to eastern Canada, rent a room and jump on the Web from there, or switch on my VPN app and have my Internet surfing relay from a VPN computer in eastern Canada.
A VPN creates a tunnel from your computer device to a distant computer running VPN software. From your device to the VPN computer, your Internet use is private. However, your Internet use is transparent to the VPN service provider, so you do not want a free VPN service.
Virtual private networks, that was the plan. But since surveillance anxiety took off, many are now virtual profiteering networks; in this upside-down business, these providers advertise a free VPN service and sell the collected data. How did that happen? Any unemployed millennial living in his parents’ basement, whether in Moscow or Michigan, can set up a VPN with an old PC and free software. If you fall for one of the many free services, you probably have one of those. Don’t fall for free, and make sure the one you choose has a good reputation.
There are significant discrepancies in price, that doesn’t necessarily reflect quality. I’ll make it easy for you. TunnelBear is inexpensive. I pay $50 for an annual subscription for five devices. It’s reliable and easy to use. I set it on auto, and I’m done.
On my Phone, I tested several highly-regarded services, and despite their reputations, didn’t find much difference in connection speed. Thewirecutter.com reported that only one service works properly on iOS (iPhone and iPad), but after testing and reading enough geeky literature that should reward me with an honorary degree from MIT, and testing the apps on PIA’s own testing service, TunnelBear is equally secure while being more reliable.8
Very occasionally, my browsing stalls, so I switch it off and turn it back on periodically to check if it’s working again.
Some streaming video sites won’t work with a VPN. If you can’t stream Hulu or Netflix, turn off your VPN and you’ll probably be fine. Remember to turn it back on when you’re done watching.
A reliable VPN:
1 Orwells, 4 Tim Cooks
Aside from Apple and Costco, you’re probably screwed. For example, like most commerce sites that want to use the information you’ve provided, Amazon’s default is to use the provided information and deeply bury the setting to opt out.
I haven’t yet made this explicit; there’s a difference between security and privacy. While there’s overlap, in general, security is about keeping hackers from stealing your stuff; privacy is about keeping government and corporations from spying on you. Recall that my motivation in these two essays is to remind myself and others about our constitutional right to privacy and how that right serves democracy. And that even my concern for surveillance capitalism is how that practice accustoms us to regard mass government surveillance as normal.9
On to privacy apps and services. These are only my opinions, no guarantees.
You’ll get the best privacy without significant drawbacks from the following, in order of privacy competence:
Apple: iMessage, Signal
Android and Windows: Signal
Several paid services. I use TunnelBear
Apple: Safari with [1Blocker](1Blocker X by Salavat Khanovhttps://itunes.apple.com/us/app/1blocker-x/id1365531024?mt=8) (next version, just Safari) and Firefox with uBlock
Maps: Apple Maps
Email: Proton mail
1 It gets better. (1) Signal is open source, so the privacy claims can and have been be verified, and (2) they were recently given a grant of 50 million dollars, which led to the creation of a non-profit company, Open Whisper Systems. The grant allows Signal to be in it for the long run.
2 Remember when you purchased a number of text messages from you cellular company?
3 Apple users can use only iMessage as their default messaging app.
4 As Manafort’s folly tells us, if you back up WhatsApp data on iCloud, is not encrypted.
5 There are many who are more dedicated to minimize surveillance capitalism than Tim Cook, but you probably never heard of them.
6 Protonmail has a special app, Protonmail Bridge app, that runs on you desktop operating system, and allows you to download your email to your desktop computer. On your desktop, Proton mail is unencrypted and can be searched. However, a newly-created mail service that depends on future users continuing to have desktop computers is a service that’s too geeky for the future.
7 The next release of Apple operating systems in September will come with built-in privacy tools
8 I couldn’t connect in places that TunnelBear worked flawlessly
9 I have nothing to add to the many articles concerned with Internet security, other than to use a password app and, occasionally, print out paper copies of your investments, bank accounts, and other important financial records. Retro, I know. DuckDuckGo “Internet security” for more information.