I was reading Arthur R. Miller's fantastic article from the November 1967 issue of The Atlantic. Miller is a lawyer and civil procedure professor at New York University. Some two years before the invention of the internet, he wrote about the dangers of unchecked government surveillance on the American public. Miller's focus has long been privacy and computers, so he's no fly-by-night on the subject. With the NSA/PRISM scandal, his words 46 years ago ring eerily true today.
There are a few problems with digital data snooping. You can most certainly build a profile on anyone in America or anyone using American network infrastructure. However, there's no guarantee that data is accurate, or even complete. The problem is that we as human beings tend to consider computers as being infallible. This form of observation bias can greatly distort the truth.
Data can also mean different things in different contexts. A stamp of depression on your medical record could mean a prescription refill to your doctor. To law enforcement, it could flag you as a potential danger to society. Especially in the wake of mass shootings by mentally ill individuals. Police have access to a whole host of information on you. Arrests still stand on your record even if you're found not guilty by the courts. You may be innocent, but to the cop on the roadside you'll always be "positive CNI, flag victor." This could prevent you from getting jobs, or crossing borders. There's really a lot of information on you that could be damning in the wrong hands. Which is why the "nothing to hide" argument is dead wrong and downright dangerous.
Miller suggests a number of safeguards to protect public privacy. First off, government data should not be in the hands of intelligence agencies. An independent bureaucracy should established to act as gatekeeper for all government data requests. Even then, requests should be very limited in scope, with strict limits on who has access to them. He asks congress to implement laws preventing public and private data from being accessed by the government without cause. Government should also open its database to the public. Allow all citizens full access to their specific file and establish a process for them to correct errors within these files. Lastly, he asks congress to legislate mandatory digital locks to prevent government and private officials from making unauthorized access to your data.
That was almost fifty years ago. Which of these suggestions has the US government implemented? None, really. The NSA was having a field day with the data of US and foreign citizens without any checks or balances. The USA PATRIOT Act allowed for it under the guise of defending America from terrorism. In fact, they say it stopped several attacks. However, they were typically vague on the details. Problem is, the terrorists know they're being watched. Unless they're grossly incompetent, they will take active steps to cover their trail. The only people surveillance states really hurt are the innocent American and foreign citizens who were unknowingly being profiled.
The US government is calling NSA leaker Edward Snowden a traitor, citing the leaks as "extremely damaging" to national security. The only thing the leaks damaged was the credibility of the Obama administration. Especially after the president campaigned on easing the PATRIOT Act to deal with Bush era privacy concerns. Since then surveillance has ramped up considerably, making the administration look hypocritical. Perhaps Mr Obama needs to take Mr Miller's recommendations seriously.
Now, you may be reading this and wondering how the heck can you protect yourself. I'll be blunt, you can't. There's no such thing as fool proof security. Everything you send over the internet is potentially up for grabs. Even the most mundane data can be valuable to the right people. Your texts, your banking information, that secret project your company is working on, what websites you've been to, who your friends on Facebook are. All of it. Especially when you're dealing with a hacker with limitless resources and ISP level data mining. At that point, even encryption doesn't matter. Any code is breakable if it's worth breaking.
What you can do is limit your online footprint. There's all sorts of tools out there. There's anonymous browsing via the Tor network. You can even get Linux distros with it built in. A friend of mine developed the NinjaStik, which is a custom, Tor enabled distro on USB key. Tor works across multiple points to hide where data came from, but it doesn't hide what data is. So it's not the be all, end all.
VPN services work like Tor but enrypt the data. However, your VPN provider may still be subject to data requests on its customers. Paid services tend to take security more seriously but even they can succumb to government pressure.
You can also transition your information away from Big Data. Use your own email server instead of Gmail, and install encryption extensions. Use Diaspora* for social networking instead of Facebook and Twitter. Install the DoNotTrackMe browser extension to prevent advertisers from tracking your browsing habits. Install HTTPS Everywhere to force encryption on all websites that support it. All this makes it harder for private companies to form a digital profile on you. That means the government has to work harder to get your information, which may not be worth it to them. Make yourself the user, not Big Data's product.
The final thing you can do, if you're an American citizen, is contact your congressional representative and let them know you don't approve of snooping. Phone them and let them know your vote depends on theirs. A call or letter says way more than a Twitter campaign ever could. Then go sign the StopWatching.Us petition by Mozilla to force the government to reveal the full extent of the program. If you're outside the US, sign the EFF's petition to pressure big data to be more transparent and demand a public investigation into the scandal.
There are a few problems with digital data snooping. You can most certainly build a profile on anyone in America or anyone using American network infrastructure. However, there's no guarantee that data is accurate, or even complete. The problem is that we as human beings tend to consider computers as being infallible. This form of observation bias can greatly distort the truth.
Data can also mean different things in different contexts. A stamp of depression on your medical record could mean a prescription refill to your doctor. To law enforcement, it could flag you as a potential danger to society. Especially in the wake of mass shootings by mentally ill individuals. Police have access to a whole host of information on you. Arrests still stand on your record even if you're found not guilty by the courts. You may be innocent, but to the cop on the roadside you'll always be "positive CNI, flag victor." This could prevent you from getting jobs, or crossing borders. There's really a lot of information on you that could be damning in the wrong hands. Which is why the "nothing to hide" argument is dead wrong and downright dangerous.
Miller suggests a number of safeguards to protect public privacy. First off, government data should not be in the hands of intelligence agencies. An independent bureaucracy should established to act as gatekeeper for all government data requests. Even then, requests should be very limited in scope, with strict limits on who has access to them. He asks congress to implement laws preventing public and private data from being accessed by the government without cause. Government should also open its database to the public. Allow all citizens full access to their specific file and establish a process for them to correct errors within these files. Lastly, he asks congress to legislate mandatory digital locks to prevent government and private officials from making unauthorized access to your data.
That was almost fifty years ago. Which of these suggestions has the US government implemented? None, really. The NSA was having a field day with the data of US and foreign citizens without any checks or balances. The USA PATRIOT Act allowed for it under the guise of defending America from terrorism. In fact, they say it stopped several attacks. However, they were typically vague on the details. Problem is, the terrorists know they're being watched. Unless they're grossly incompetent, they will take active steps to cover their trail. The only people surveillance states really hurt are the innocent American and foreign citizens who were unknowingly being profiled.
Uncle Sam is watching you. cover of The Atlantic Nov 1967. Drawing by Ed Sorel |
Now, you may be reading this and wondering how the heck can you protect yourself. I'll be blunt, you can't. There's no such thing as fool proof security. Everything you send over the internet is potentially up for grabs. Even the most mundane data can be valuable to the right people. Your texts, your banking information, that secret project your company is working on, what websites you've been to, who your friends on Facebook are. All of it. Especially when you're dealing with a hacker with limitless resources and ISP level data mining. At that point, even encryption doesn't matter. Any code is breakable if it's worth breaking.
What you can do is limit your online footprint. There's all sorts of tools out there. There's anonymous browsing via the Tor network. You can even get Linux distros with it built in. A friend of mine developed the NinjaStik, which is a custom, Tor enabled distro on USB key. Tor works across multiple points to hide where data came from, but it doesn't hide what data is. So it's not the be all, end all.
VPN services work like Tor but enrypt the data. However, your VPN provider may still be subject to data requests on its customers. Paid services tend to take security more seriously but even they can succumb to government pressure.
You can also transition your information away from Big Data. Use your own email server instead of Gmail, and install encryption extensions. Use Diaspora* for social networking instead of Facebook and Twitter. Install the DoNotTrackMe browser extension to prevent advertisers from tracking your browsing habits. Install HTTPS Everywhere to force encryption on all websites that support it. All this makes it harder for private companies to form a digital profile on you. That means the government has to work harder to get your information, which may not be worth it to them. Make yourself the user, not Big Data's product.
The final thing you can do, if you're an American citizen, is contact your congressional representative and let them know you don't approve of snooping. Phone them and let them know your vote depends on theirs. A call or letter says way more than a Twitter campaign ever could. Then go sign the StopWatching.Us petition by Mozilla to force the government to reveal the full extent of the program. If you're outside the US, sign the EFF's petition to pressure big data to be more transparent and demand a public investigation into the scandal.
Subscribe to:
Post Comments (Atom)
0 comments for this post