Citizen Action Monitor

How citizens can protect themselves from widespread domestic government surveillance of their digital data

“If the state asserts it has the right to get your data… they’re going to get it, if they can get it.”

No 463 Posted by fw, April 24, 2012

“…every time you use proprietary software, you have to ask yourself, “Why is this provided to me for free?” And now that Microsoft is involved with Skype, the question is: Doesn’t Microsoft have some sort of government leaning on them, say the U.S. government, to give them so-called lawful interception capabilities? And of course the answer is going to be ‘yes’, right? If you log into Skype on a computer you’ve never used before, you get all your chat history. Well, why is that? Well, that’s because Skype has it. And if Skype can give it to you, they can give it to the Feds. And they will. And everybody that has that ability will. Some will fight it, like Twitter. But in the end, if the state asserts it has the right to get your data, sometimes without you even knowing that that’s happening, they’re going to get it, if they can get it.”Jacob Appelbaum

In a recent exclusive two-part appearance on Democracy Now!, Jacob Appelbaum, a computer security researcher, explained in Part 1 why “We don’t live in a free country” and in Part 2, how citizens can protect themselves from widespread domestic government surveillance. Applebaum is a developer and advocate for the Tor Project, a network enabling its users to communicate anonymously on the internet.

What follows is an embedded video of Part 2. My abridged transcript, posted after the video, focuses exclusively on the Applebaum interview, with added subheadings, links and text highlighting.

Please note that the video, which is 23 minutes long, includes discussions with two other guests.

More Secrets on Growing State Surveillance: Exclusive Part 2 with NSA Whistleblower, Targeted Hacker, Democracy Now! April 23, 2012

ABRIDGED TRANSCRIPT

Applebaum on the Tor Project, dedicated to creating an anonymity network

I work for a nonprofit, the Tor Project, TorProject.org. It’s a nonprofit dedicated to creating an anonymity network and the software that powers it. It’s free software for freedom, so that everybody has the right to read and to speak freely. No logins, no payment, nothing. It’s run by volunteers. And I also work at the University of Washington, which technically is a government institution, as a staff research scientist in the Security and Privacy Research Lab.

How being targetted for government surveillance has impacted Jacob’s work and personal life

And how has it changed my work? Well, I don’t have important conversations in the United States anymore. I don’t have conversations in bed with my partner anymore. I don’t trust any of my computers for anything at all. And in a sense, one thing that it has done is push me away from the work that I’ve done around the world trying to help pro-democracy activists starting an Arab Spring, for example, because I present a threat, in some cases, to those people. And I have a duty as a human being, essentially, to not create a threat for people. And so, in a sense, the state targeting me makes me less effective in the things they even, in some cases, fund the Tor Project to do, which is to help people to be anonymous online and to fight against censorship and surveillance.

If you know you’re being targetted here are some precautions you can take

Well, I think one thing that is important is to know that if you’re being targeted, these people, they’re, you know, in the weapons industry. It turns out that they also have the ability to break into computers. So, if you’re being targeted, you have to take a lot of precautions. For example –

  • There’s a bootable CD called Tails, and the idea is you run Linux, and all your traffic routes over Tor, so you don’t have something like Adobe Flash trying to update itself, and then the NSA or someone else gets to perform what’s called a “man in the middle” attack
  • Instead of using Gmail, using something like Riseup. I mean, after their server was just seized, I think kicking them some cash is probably a good thing. They provide mutual aid for people all around the world to have emails that are not just given up automatically, or even with a court battle. They try to encrypt it so they can’t give things up
  • So people can make choices where their privacy is respected, but also they can make technical choices, like using Tor, to ensure, for example, that when data is gathered, it’s encrypted and it’s worthless. And I think that’s important to do, even though it’s not perfect. I mean, there is no perfection in this. But perfection is the enemy of “good enough.” You go to TorProject.org, https://www.torproject.org. And the “S” is for “secure,” for some value of “secure.” And you download a copy of it, and it’s a web browser, for example. And the program, all put together, double-click it, run it, you’re good to go.
  • I would really recommend using something like Jitsi instead of Skype. Every time you use proprietary software. Every time you use proprietary software, you have to ask yourself, “Why is this provided to me for free?” And now that Microsoft is involved with Skype, the question is: Doesn’t Microsoft have some sort of government leaning on them, say the U.S. government, to give them so-called lawful interception capabilities? And of course the answer is going to be yes, right? If you log into Skype on a computer you’ve never used before, you get all your chat history. Well, why is that? Well, that’s because Skype has it. And if Skype can give it to you, they can give it to the Feds. And they will. And everybody that has that ability will. Some will fight it, like Twitter.

“If the state asserts it has the right to get your data… they’re going to get it, if they can get it”

But in the end, if the state asserts it has the right to get your data, sometimes without you even knowing that that’s happening, they’re going to get it, if they can get it.

You have to solve privacy invasions with math

So we have to solve these privacy problems with mathematics, because it’s pretty hard to solve math problems with a gun or threat of violence, right? No amount of violence is going to solve a math problem. And despite the fact that the NSA has got a lot of people working on those math problems, you know, podunk cops in Seattle, for example, they’re not going to be able to do that, and the NSA is not going to help them. Now, they may have surveillance capability. They may have IMSI-catchers. They might have automatic license plate readers. They have an incredible surveillance state. They’re still not the NSA.

Precautionary measures, listed above, protect you by making your data “worthless”

And even if they are sharing information, what we want to do is make whatever information they would share worthless, especially if it’s encrypted. So if your browsing is going over Tor, at least if someone is watching your home internet connection, they don’t see that you’re looking at Democracy Now!‘s website. They don’t see that you’re checking your Riseup email. They see that you’re talking to the Tor network. And there’s a lot of value in that, especially because your geographic location is hidden. So when you log into Gmail—let’s say you still use Gmail—but you don’t want Gmail to have a log of every place you’ve been, you use Tor, and Gmail sees Tor, and anyone watching you sees Tor. And that’s really useful, because it means that they don’t get your home address, they don’t know when you’re at work. You make the metadata worthless, essentially, for people that are surveilling you.

The Electronic Frontier Foundation is fighting the good fight on behalf of citizens

The Electronic Frontier Foundation is like the legal version of Riseup, in my mind, you know? They’re really amazing. And they’re fighting these cases, such as NSA v. Jewel. And I think that it is incredibly important basically to point out—and when we want to talk about Congress for a second, I mean, the judiciary has some—

Congress needs people who actually understand the technology to ask the right questions

What really matters is that Congress needs to have people… who actually understand the technology questioning people like General Alexander, not people who are bamboozled and fooled by the word “email” or the word “network.” And that’s what we need to do is we need to have people that know speak to the people that don’t know. And that is Congress.

RELATED LINK

  • “We Don’t Live in a Free Country”: Jacob Appelbaum on Being Target of Widespread Gov’t Surveillance Democracy Now! April 20, 2012. Click on the linked title to access the video and a transcript of the interview with Applebaum. Watch the 6:51-minute YouTube video here. “We speak with Jacob Appelbaum, a computer researcher who has faced a stream of interrogations and electronic surveillance since he volunteered with the whistleblowing website, WikiLeaks. He describes being detained more than a dozen times at the airport and interrogated by federal agents who asked about his political views and confiscated his cell phone and laptop. When asked why he cannot talk about what happened after he was questioned, Appelbaum says, “Because we do not live in a free country. If we did, I could tell you about it.” A federal judge ordered Twitter to hand over information about Appelbaum’s account. Meanwhile, he continues to work on the TOR project, an anonymity network that ensures every person has the right to browse the internet without restriction, and the right to speak freely.
Fair Use Notice: This blog, Citizen Action Monitor, may contain copyrighted material that may not have been specifically authorized by the copyright owner. Such material, published without profit, is made available for educational purposes, to advance understanding of human rights, democracy, scientific, moral, ethical, and social justice issues. It is published in accordance with the provisions of the 2004 Supreme Court of Canada ruling and its six principle criteria for evaluating fair dealing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: