Data and Goliath (65 page)

many companies are stepping up:
The Electronic Frontier Foundation is keeping a scorecard. Nate Cardozo, Parker Higgins,
and Kurt Opsahl (13 Mar 2014), “Update: Encrypt the Web report: Who’s doing what,”
Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what.

After Google learned that the NSA:
Sean Gallagher (6 Nov 2013), “Googlers say “F*** you” to NSA, company encrypts internal
network,”
Ars Technica
, http://arstechnica.com/information-technology/2013/11/googlers-say-f-you-to-nsa-company-encrypts-internal-network.

After Yahoo learned that the NSA:
Barton Gellman and Ashkan Soltani (14 Oct 2013), “NSA collects millions of e-mail
address books globally,”
Washington Post
, http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html.

both Yahoo:
Andrea Peterson, Barton Gellman, and Ashkan Soltani (14 Oct 2013), “Yahoo to make
SSL encryption the default for Webmail users. Finally,”
Washington Post
, http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/14/yahoo-to-make-ssl-encryption-the-default-for-webmail-users-finally.

and Microsoft:
Craig Timberg, Barton Gellman, and Ashkan Soltani (26 Nov 2013), “Microsoft, suspecting
NSA spying, to ramp up efforts to encrypt its Internet traffic,”
Washington Post
, http://www.washingtonpost.com/business/technology/microsoft-suspecting-nsa-spying-to-ramp-up-efforts-to-encrypt-its-internet-traffic/2013/11/26/44236b48-56a9-11e3-8304-caf30787c0a9_story.html.

Several large e-mail providers:
Some examples. Danny Yadron (3 Jun 2014), “Comcast to encrypt email for security,”
Wall Street Journal
, http://online.wsj.com/articles/comcast-to-encrypt-email-for-security-1401841512.
Mikey Campbell (13 Jun 2014), “Apple will soon encrypt iCloud emails in transit between
service providers,”
Apple Insider
, http://appleinsider.com/articles/14/06/13/apple-will-soon-encrypt-icloud-emails-in-transit-between-service-providers-.

Other companies are doing more:
Nate Cardozo, Parker Higgins, and Kurt Opsahl (13 Mar 2014), “Update: Encrypt the
web report: Who’s doing what,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what.
Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data
bind,”
New York Times
, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html.

Both iPhones and Android phones:
In late 2014, Apple modified its system so everything is encrypted. Android phones
had encryption capability since 2011, but Google made it the default in 2014 to match
Apple. David E. Sanger and Brian X. Chen (26 Sep 2014), “Signaling post-Snowden era,
new iPhone locks out NSA,”
New York Times
, http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html.
Craig Timberg (18 Sep 2014), “Newest Androids will join iPhones in offering default
encryption, blocking police,”
Washington Post
, http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/18/newest-androids-will-join-iphones-in-offering-default-encryption-blocking-police.

Google is now offering:
Google (3 Jun 2014), “Transparency report: Protecting emails as they travel across
the web,”
Google Official Blog
, http://googleblog.blogspot.com/2014/06/transparency-report-protecting-emails.html.

Yahoo secretly fought the NSA:
Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data
bind,”
New York Times
, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html.
Craig Timberg (11 Sep 2014), “U.S. threatened massive fine to force Yahoo to release
data,”
Washington Post
,
http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html.

Twitter unsuccessfully fought:
Kim Zetter (28 Aug 2012), “Twitter fights back to protect ‘Occupy Wall Street’ protester,”
Wired
, http://www.wired.com/2012/08/twitter-appeals-occupy-order. Tiffany Kary (14 Sep
2012), “Twitter turns over Wall Street protester posts under seal,”
Bloomberg News
, http://www.bloomberg.com/news/2012-09-14/twitter-turns-over-wall-street-protester-posts-under-seal.html.

Facebook is fighting a court order:
Vindu Goel and James C. McKinley Jr. (26 Jun 2014), “Forced to hand over data, Facebook
files appeal,”
New York Times
, http://www.nytimes.com/2014/06/27/technology/facebook-battles-manhattan-da-over-warrants-for-user-data.html.

none of the big e-mail providers:
Amicus curiae briefs were filed by three nonprofit organizations: EFF, ACLU, and
Empeopled LLC. Electronic Frontier Foundation (24 Oct 2013), “Brief of amicus curiae,”
United States of America v. Under Seal 1; Under Seal 2
[Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth
Circuit, https://www.eff.org/document/lavabit-amicus. American Civil Liberties Union
(25 Oct 2013), “Brief of amicus curiae,”
United States of America v. Under Seal 1; Under Seal 2
[Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth
Circuit, https://www.aclu.org/sites/default/files/assets/stamped_lavabit_amicus.pdf.
Empeopled LLC (24 Oct 2013), “Brief of amicus curiae,”
United States of America v. Under Seal 1; Under Seal 2
[Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth
Circuit, http://justsecurity.org/wp-content/uploads/2013/10/empeopled-lavabit-amicus.pdf.

On four occasions in the early 2000s:
Rebecca MacKinnon (2006), “‘Race to the bottom’: Corporate complicity in Chinese
Internet censorship,” Human Rights Watch, http://www.hrw.org/reports/2006/china0806/5.htm.

lobbying for legislative restrictions:
Thomas Lee (25 May 2014), “Mind your business: Slow flex of tech’s lobbying muscle,”
San Francisco Chronicle
, http://www.sfgate.com/technology/article/Mind-Your-Business-Slow-flex-of-tech-s-lobbying-5504172.php.
Joseph Menn (5 Jun 2014), “U.S. technology companies beef up security to thwart mass
spying,” Reuters, http://www.reuters.com/article/2014/06/05/us-cybersecurity-tech-idUSKBN0EG2BN20140605.
Reform Government Surveillance (2014), https://www.reformgovernmentsurveillance.com.

The EU has been trying to pass:
Zack Whittaker (4 Feb 2013), “Privacy groups call on US government to stop lobbying
against EU data law changes,”
ZDNet
, http://www.zdnet.com/privacy-groups-call-on-us-government-to-stop-lobbying-against-eu-data-law-changes-7
000
010721. James Fontanella-Khan (26 Jun 2013), “Brussels: Astroturfing takes root,”
Financial Times
, http://www.ft.com/cms/s/0/74271926-dd9f-11e2-a756-00144feab7de.html. David Meyer
(12 Mar 2014), “Web firms face a strict new set of privacy rules in Europe: Here’s
what to expect,”
Gigaom
, http://gigaom.com/2014/03/12/web-firms-face-a-strict-new-set-of-privacy-rules-in-europe-heres-what-to-expect.

a new Magna Carta:
Tim Berners-Lee (Dec 2010), “Long live the Web,”
Scientific American
, http://www.cs.virginia.edu/~robins/Long_Live_the_Web.pdf.

that imposes responsibilities:
Jemima Kiss (11 Mar 2014), “An online Magna Carta: Berners-Lee calls for bill of
rights for web,”
Guardian
, http://www.theguardian.com/technology/2014/mar/12/online-magna-carta-berners-lee-web.

the prevailing political philosophy:
Thomas Hobbes (1651),
Leviathan
, Printed for Andrew Crooke, http://www.gutenberg.org/files/3207/3207-h/3207-h.htm.

John Locke argued:
John Locke (1690),
Two Treatises of Government
, Printed for Awnsham Churchill, http://books.google.com/books/?id=LqA4nQEACAAJ.

Madrid Privacy Declaration (2009):
The Public Voice (3 Nov 2009), “The Madrid Privacy Declaration,” International Conference
of Data Protection and Privacy Commissioners, Madrid, Spain, http://privacyconference2011.org/htmls/adoptedResolutions/2009_Madrid/2009_M1.2.pdf.

Rebecca MacKinnon makes this point:
Rebecca MacKinnon (2012),
Consent of the Networked: The Worldwide Struggle for Internet Freedom
, Basic Books, http://www.owlasylum.net/owl_underground/social/ConsentoftheNetworked.pdf.

15: Solutions for the Rest of Us

Law professor Eben Moglen wrote:
Eben Moglen (27 May 2014), “Privacy under attack: The NSA files revealed new threats
to democracy,”
Guardian
, http://www.theguardian.com/technology/2014/may/27/-sp-privacy-under-attack-nsa-files-revealed-new-threats-democracy.

I’m going to break them down:
Sociologist Gary Marx cataloged 11 different ways people resist surveillance; I’m
going to be drawing on his taxonomy in this section. Gary T. Marx (May 2003), “A tack
in the shoe: Neutralizing and resisting the new surveillance
,
”
Journal of Social Issues
59, http://web.mit.edu/gtmarx/www/tack.html.

Privacy enhancing technologies:
R. Jason Cronk (25 Nov 2013), “Thoughts on the term ‘privacy enhancing technologies,’”
Privacy Maverick
, http://privacymaverick.com/2013/11/25/thoughts-on-the-term-privacy-enhancing-technologies.

Privacy Badger:
Jon Brodkin (2 May 2014), “EFF ‘Privacy Badger’ plugin aimed at forcing websites
to stop tracking users,”
Ars Technica
, http://arstechnica.com/information-technology/2014/05/eff-privacy-badger-plugin-aimed-at-forcing-websites-to-stop-tracking-users.

and others:
Electronic Privacy Information Center (2014), “EPIC online guide to practical privacy
tools,” http://epic.org/privacy/tools.html.

Remember that the private browsing:
Sara M. Watson (24 Sep 2014), “Ask the Decoder: How private is private browsing,
really?” Al Jazeera, http://america.aljazeera.com/articles/2014/9/24/private-browsing.html.

Microsoft’s BitLocker:
Microsoft Corporation (21 Aug 2013), “BitLocker overview,” http://technet.microsoft.com/en-us/library/hh831713.aspx.

Apple’s FileVault:
Apple Corporation (Aug 2012), “Best practices for deploying FileVault 2,” http://training.apple.com/pdf/WP_FileVault2.pdf.

I recommended TrueCrypt:
James Lyne (29 May 2014), “Open source crypto TrueCrypt disappears with suspicious
cloud of mystery,”
Forbes
, http://www.forbes.com/sites/jameslyne/2014/05/29/open-source-crypto-truecrypt-disappears-with-suspicious-cloud-of-mystery.

a chat encryption program:
Nikita Borisov, Ian Goldberg, and Eric Brewer (28 Oct 2004), “Off-the-record communication,
or, Why not to use PGP,” ACM Workshop on Privacy in the Electronic Society (WPES’04),
Washington, D.C., https://otr.cypherpunks.ca/otr-wpes.pdf.

Google is now
offering encrypted e-mail:
Stephan Somogyi (3 Jun 2014), “Making end-to-end encryption easier to use,”
Google Online Security Blog
, http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html.

TLS—formerly SSL—is a protocol:
Tim Dierks and Eric Rescorla (17 Apr 2014), “The Transport Layer Security (TLS) Protocol
Version 1.3,” Internet Engineering Task Force Trust, Network Working Group, http://tools.ietf.org/html/draft-ietf-tls-rfc5246-bis-00.

You can make sure it’s always on:
Electronic Frontier Foundation (2014), “HTTPS Everywhere,” https://www.eff.org/Https-everywhere.

go on the Internet to find out:
Here’s a good guide. Electronic Privacy Information Center (2014), “EPIC online guide
to practical privacy tools,” http://epic.org/privacy/tools.html.

very annoying to use:
Peter Bright and Dan Goodin (14 Jun 2013), “Encrypted e-mail: How much annoyance
will you tolerate to keep the NSA away?”
Ars Technica
, http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away.

The standards bodies that run the Internet:
Here’s the Internet Engineering Task Force’s statement on security and pervasive
monitoring. Jari Arkko and Stephen Farrell (7 Sep 2014), “Security and pervasive monitoring,”
Internet Engineering Task Force, https://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring.

various proxies can be used:
Mirimir (2014), “Advanced privacy and anonymity using VMs, VPN’s, Tor, etc,”
IVPN
, https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-1.

The program Onionshare:
Andy Greenberg (21 May 2014), “Free app lets the next Snowden send big files securely
and anonymously,”
Wired
, http://www.wired.com/2014/05/onionshare.

cell phones in a refrigerator:
Most modern refrigerators are not metal boxes, and don’t make good Faraday cages.
Check the details of your model before trying this yourself.

hire someone to walk behind your car:
John Farrier (16 Apr 2014), “What is a job that exists only in your country?”
Neatorama
, http://www.neatorama.com/2014/04/16/What-Is-a-Job-That-Exists-Only-in-Your-Country.

face paint to fool facial recognition:
Robinson Meyer (24 Jul 2014), “Anti-surveillance camouflage for your face,”
Atlantic
, http://www.theatlantic.com/features/archive/2014/07/makeup/374929. Joseph Cox (14
Sep 2014), “The rise of the anti-facial recognition movement,”
Kernel
, http://kernelmag.dailydot.com/issue-sections/features-issue-sections/10247/anti-facial-recognition-movement.