The Logistics of Surveillance

August 31, 2014,
New York, NY.

The Fourth Amendment ensures that people feel secure that their physical mail and personal possessions are safe from unwarranted search and seizure, so why are the same rights not afforded to e-mail?

1384549_93705926

Founded in 1950, the Stasi (East Germany’s secret service) was known as one of the world’s most wide-reaching and repressive secret services. At its height, the organization employed thousands of people to run a network of informants who would report on people deemed “suspicious.”

The amount of manpower required was incredible: mail had to be individually steamed open and phone conversations had to be manually listened to. there were no computers to pick out phrases of interest and certainly no storage system that could siphon up the audio of every cellphone call into and out of entire countries [0].

Technology facilitates the creation of large intrusive databases while simultaneously enabling the existence of advocacy groups such as the Guerrilla Open Access Movement, which calls for an end to academic journal paywalls. As far as individual activism goes, the Internet has revolutionized how we advocate for change. Now, individuals can effect change on a grander scale than was ever possible thanks to distributed systems and the falling cost of getting online.

To get news on Arab Spring or the riots in Ferguson, we no longer have to depend on the mainstream media. Now, we can ferret out the best sources of news, which are often people on the ground who, thanks to this new technology, can broadcast to millions in real-time from their cellphones.

The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU), two organizations to the fore of the dragnet surveillance debate, were both founded and active long before the Internet became a ubiquitous part of both our business and private lives. (The EFF was founded in 1990, the ACLU in 1920.) These organizations promote norms such as a free and open internet and frame the ensuing surveillance debate, ensuring that fear and ignorance are not motivating forces for unjust or unconstitutional behavior.

Some governments want to harness the internet as a tool to crack down on dissent. “Only criminals want anonymity online,” they tell us, even though victims of domestic abuse or LGBTQ teenagers both extensively use anonymous online message-boards for support. “If you have nothing to hide, you have nothing to fear,” they tell us, even though both the founding fathers and the United Nations have continually affirmed the human right to privacy. “Phone metadata isn’t intrusive,” they tell us, even though much can be inferred by someone calling an abortion clinic late at night or a suicide hotline from the Golden Gate Bridge.

In particular, the gathering of metadata directly violates a US citizen’s right to privacy and infringes on their ability to associate freely, without fear of retribution. The staffers of Diane Feinstein, a congresswoman who has continuously dismissed the notion that metadata is intrusive, refuse to give in to activists’ calls for Feinstein to release her call-sheets, documents listing who the congresswoman talked to, and which are made up exclusively of metadata. They believe, rightly, that this is private information, so why does the congresswoman continue to ignore the legitimate concerns of US citizens?

The ostensible reason for intrusive surveillance is that such monitoring ultimately makes us safer. It is important, however, to distinguish between what provides physical safety versus the perception of same. But as the numerous attempted terrorism plots since 9/11 prove security theaters at airports do not, in fact, do a particularly good job of keeping weapons and illicit objects off airplanes. In tests between November 2001 and February 2002, screeners missed 70% of knives, 30% of guns, and 60% of fake bombs [1]. Airport security provides the appearance of safety, but this is ultimately a mirage. As security expert Bruce Schneier has noted:

“The way to prevent airplane terrorism is not to keep objects that could fall into the wrong hands off of airplanes; a better goal is to keep those with the wrong hands from boarding airplanes in the first place.” [2]

While it’s hard to argue with the alleged objective of national security, it’s become apparent in the last year or two that the US government wants more than to just secure its own safety. When NSA slides with stated motives like “collect it all, know it all, process it all, exploit it all, partner it all, sniff it all” become public, it becomes apparent that the US government wants to go further than ensure its own security, it wants to create a system worldwide where no communication or action takes place online without it being “collected”, exploited”, and sniffed” for the benefit of the USA.

Collect

In short, the NSA wants an end to private internet usage to the economic and diplomatic benefit of the USA and its allies.

The Snowden leaks, for example, revealed that the NSA engages in what can only be described as economic espionage: electronic eavesdropping and e-mail interception of Brazilian oil giant Petrobas to the benefit of the Canadian oil and mining sector. During the fifth Summit of the Americas, a conference where economic accords are negotiated, a 2009 letter from Assistant Secretary of State Thomas Shannon to then-NSA chief Keith Alexander stated that “the NSA gave us deep insight into the plans and intentions of other Summit participants.”

Clearly, neither of these examples have anything to do with counterterrorism objectives.

As mass surveillance continues to be an issue to the fore of public consciousness, perhaps in the next few years we as a society will decide that the privacy infringements are a cost we are willing to pay in a more secure society. At the very least, however, this will require public debate that is both rigorous and well-informed.

If the NSA is allowed to eliminate anonymity online, the results will be catastrophic. Around the world, journalists, lawyers, doctors, activists, and human rights workers would be unable to do their jobs. Doctor-patient confidentiality would be eradicated, journalists would no longer be able to guarantee source anonymity, and the safety of activists working to subvert oppressive regimes would be in jeapordy.

We have a responsibility to the 3 billion internet users who will come online in the next 6 years. We have to act as responsible stewards, ensuring that future users have access to an open and trustworthy internet. Overzealous legislators can’t be allowed to dismantle the internet of today in their misguided attempts to ensure national security.

Tommy Collison is an activist and writer studying at New York University. He tweets as @tommycollison.

[0] https://firstlook.org/theintercept/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/
[1] https://www.schneier.com/blog/archives/2006/03/airport_passeng.html
[2] Schneier, Bruce. “Beyond Fear: Thinking Sensibly About Security in an Uncertain World.” Copernicus, 2003.

Thoughts on the Outing of the NYU Secrets Admin

Background: NYU has two main newspapers — the print Washington Square News and the digital NYU Local. NYU Secrets is a Facebook page where anonymous “secret” updates were posted, written by members of the NYU community. The page is curated by an anonymous administrator, and given that NYU is a decentralized, campus-less university, the NYU Secrets page did serve as something of a community.

Today NYU Local This Is The Man Behind NYU Secrets:

The founder and administrator of NYU Secrets is senior Aristotelis “Aristo” Orginos. A frequent Redditor, Orginos also participates in the Men’s Rights movement.
[...]
Outside his duties as administrator, Orignos posts in the Reddit group r/mensrights. The men’s rights movement argues that men are oppressed and disadvantaged by women, a view that lends itself to bitter misogyny in some circles and has led the Southern Poverty Law Center to describe the movement as a hate group.

The discussion that the NYU Local article prompted has centered on two main areas: whether the admin being an MRA makes him a bad fit for NYUS admin, and whether or not the journalist had any right to out his identity. I’m more interested in the latter question, because it has to do with journalism ethics.

The NYU Secrets page, which has 30,000 likes, is a public page. The identity of the admin, who periodically would comment on secrets and make announcements, was of much interest and debate. To my knowledge, the page isn’t sanctioned by NYU but the administration has been known to follow the page and look into particular secrets. Considering that the topic of cheating on finals comes up, this doesn’t surprise me.

But the NYUS admin has no fundamental right to privacy. Whether or not his identity remained a secret seemed largely contingent on how good his operating security was. I’m sure I’m not the only one who did some digging to find his identity and satisfy my curiosity. It’s the classic game of cat-and-mouse — the admin wanted to remain anonymous, the NYU Local journalist wanted to find out his identity. Hackers and infosec types play these sorts of games all the time.

The NYU Secrets guy has no fundamental right to keep his identity anonymous. The journalist owes him nothing, and certainly has no responsibility not to publish. Questions of whether or not the journalist should have done it is a totally different question, but even there I’m leaning towards the school of thought that says, hey, they had a good story and they’re rightfully getting attention for it.

In debating this on Facebook the afternoon, I was asked why I held the above views considering I’m so privacy-conscious. Of course people don’t have a fundamental right to privacy — it’d be a different question if the journalist posted the contents of the admin’s e-mails, or his medical records. Those are details the NYU Secrets guy, since he’s a private citizen, does have a fundamental right to keep private.

To briefly touch on whether a supporter of such an odious movement deserves to edit a page famed for diversity and inclusion, I largely agree with the NYU Local journalist:

“But the fundamental problem with a college secrets page remains the same: in filtering the voices of a diverse student population through a single anonymous administrator, the results are necessarily limited by what that anonymous administrator (in this case, a white man) chooses to publish. We’re drawn in by the illusion of vox populi, the voice of the people, when in fact what we see is “10-20%” of that voice, as curated by one person with their own biases — intentional or not.”

Open Information

August 16, 2014
New York, NY.

Recently, two friends separately suggested I get in contact with Jonathan Stray, a journalist and computer scientist currently teaching at Columbia. In reading up about him, I came across this post from November 2011 on a digital system of communication and collective knowledge.

I found it interesting mostly because one of the things I want to do this semester is think more deeply about the opinions and beliefs I hold, figure out why I hold them. In the activist/crypto circles I’ve started moving in, it’s sometimes easy to get lost in the echo chamber of what I call the “fuck the police” mentality. If I hold beliefs strongly, I want to be able to give them depth and defend them.

This piece from Jonathan Stray is a good, nuanced look at how technology can enhance collective knowledge (I still can’t talk about digitized collective knowledge without thinking of Douglas Adams, though):

Taking inspiration from Michael Schudson’s essay “Six or seven things that news can do for democracy,” I want to ask what the digital public sphere can do for us. I think I see three broad categories, which are also three goals to keep in mind as we build our institutions and systems.

1. Information. It should be possible for people to find things out, whatever they want to know. Our institutions should help people organize to produce valuable new knowledge. And important information should automatically reach each person at just the right moment.

2. Empathy. The vast majority of people in the world, we will only know through media. We must strive to represent the “other” to each-other with compassion and reality. We can’t forget that there are people on the other end of the wire.

3. Collective action. What good is public deliberation if we can’t eventually come to a decision and act? But truly enabling the formation of broad agreement also requires that our information systems support conflict resolution. In this age of complex overlapping communities, this role spans everything from the local to the global.

PGP + E-mail Signature

A few days ago, free software enthusiast and EFF activist Parker Higgins blogged his thoughts on how to make e-mail encryption more ubiquitous. PGP has a lot of faults, but I agree in large part with what he’s trying to achieve: putting your PGP fingerprint in your e-mail signature.

This system isn’t perfect, and in particular is not a very secure way to distribute your fingerprint. But it could be a good nudge to people who might be considering learning about email encryption while flagging you as somebody who might be able to help, and especially if you post to publicly archived mailing lists, it’s a way of getting your fingerprint tied to your emails in lots of places.

I went ahead and implemented it for my e-mail signature, in the hope that going forward, somebody who wants to know more about encryption will see my signature and reach out to me. That isn’t to say that this is anywhere near a perfect solution (how is a series of letters and numbers a “fingerprint”?) but I believe it’s the best we currently have.

What’s Next

Greenwich Village,
August 12, 2014.

Happy to report that I’m back in NYC for the fall semester. I had a lot of fun in SF this summer, but ultimately I think that New York’s where I’m starting to carve out a life for myself. The city feels alive in a way that San Francisco hasn’t yet managed, even in the Mission district. Maybe it’s the more ubiquitous subway, or maybe it’s because New York lives life at 1.5x.

This semester looks like it’s gearing up to be a good one — three media classes (one on privacy, one on propaganda and war, and one introduction to journalism) and one history of mathematics. I’m taking that last one to fulfill requirements, but getting better at math is something that’s been on my bucket list for a while. As with last semester though, I think the most memorable and noteworthy events are going to happen off my timetable. I’m not going to jinx anything by talking about it before it’s confirmed, but a couple interesting people in the civil liberties/digital rights/open government spheres may well be speaking at NYU next year.

In terms of figuring out what interests me, this summer was fantastic. I got to spend time with people working on great projects, tinker on some new ideas, and perhaps most importantly, attend the Hackers on Planet Earth conference. In particular, the HOPE conference was great because of its intersectionality: hackers, journalists, activists and lawyers all rubbed shoulders for three days. I don’t know what I want to do with my life, but I’m starting to get the idea that it’ll involve these groups. When you’re 20, it’s hard to see what you’re supposed to be doing, so I’ve been working on positioning myself near cool people doing cool things. “Cool” is a word I choose in part because it’s hard to define — I only have a vague idea of what I want to do, so zeroing in on the stuff that piques my curiosity seems to be a decent start.

Last week, I was asked to speak at a fundraiser for Gillette Children’s hospital, where I had treatment a handful of times while growing up (more info: On Giants). As I talked about how my first year of college had been such a positive experience in part thanks to the surgeries, I realized that a lot has changed since I first wrote Consider This, a series of essays I wrote in August 2012 about growing up with a physical disability. With that in mind, my current project is to write and publish a follow-up essay of sorts, given that, since then, I graduated high school and finished my freshman year at college in America, 3,000 miles away from where I’d grown up.

I don’t have many specific details decided yet, but my tentative timeline is to have this published by the end of September. As always, I’ll update this blog with news.

Accuracy

So is the Times‘ apparent shift good news? In one sense, it certainly is. Reporting that uses plain language to describe government abuses is better than reporting that does not. But the fact remains that it took the paper a decade to come to this conclusion, and the Times appears to have done so only after they were reassured that the torturers will not face justice.
NY Times and Torture: A Decade Too Late?

I recently subscribed to a bunch of new media accuracy blogs, and one of the best ones is Fairness & Accuracy in Reporting (fair.org). For the most part, they’re nonpartisan and balanced — which is good not because balance is always right, but because partisan blogs tend to include ad hominem attacks and lean on clichés.

As I said to someone recently, I think I’m more of an open access/open government advocate than an anti-surveillance activist. As much as I think SecureDrop could be one of the most important tools of the decade, I think it’s important because the government knows too much about us without oversight or much information in return: congresspeople can anonymously prevent a motion from reaching the stage of a Senate vote, and CIA director John Brennan lied to the public and the Senate. I think governmental accountability is imperative in a democracy, and I think organizations like Sunlight Foundation (and, yes, Wikileaks) are using technology in hugely important ways to provide some measure of accountability.