Volume 49, Issue 2: March/April 2015

Privacy and Democracy: What Geeks Understand that the Left Doesn’t

Cartoon by Bruce MacKinnon, February 9, 2015 (Artizans).

In the wake of Edward Snowden’s revelations about the all-encompassing scope of surveillance and eavesdropping by Western states against their own people as well as foreigners, the response of the Left has been remarkably complacent. There have been tepid calls for “political solutions” — without any explanation of what these might be or how they will be achieved. At worst, people have responded with a selfish, individualist attitude that they personally “are not worried” or can’t be bothered because they personally have “nothing to hide.” As Snowden has eloquently said, none of us should be complacent about surrendering our rights, because you never know when you might need them. Our failure to respond in any significant way to the crisis of surveillance, collectively or individually, is a surrender of our hard-won privacy rights.

The Left has produced very little clear thinking about privacy and its importance to democracy, including the freedom of dissent, freedom of association, and freedom to organize. Far from valuing privacy, except when tactically useful, the traditional Left, particularly the Leninist Left but including many anarchists, has been hostile to privacy, considering it an expectation produced by bourgeois individualism that would be overcome in any socialist utopia. Maoist and Stalinist regimes were explicitly hostile to privacy, and Communist states engaged in egregious violations of privacy through mass surveillance and eavesdropping, precisely because this was an effective means of controlling dissent.

Orwell and the gay rights movement are two notable exceptions to the general indifference of the Left on the matter of privacy. Orwell unambiguously showed the ways in which ubiquitous surveillance functioned as a technology of control and stunted both the individual and the society in which they lived. He understood that a vital and democratic socialism could only flourish through creativity and democracy, which required the very dissent and thinking of difference that surveillance was designed to snuff out. In the gay rights movement, fierce debates took place on whether privacy was fundamental or only tactically useful in relation to state oppression. This was an important demarcation line within the LGBT movement of the 1970s and early ’80s and one of the only moments in the history of the Left when the issue of privacy surfaced as a central question of theory and praxis, a history taken up by Tim McCaskell in these pages.

Otherwise, it is not among the Left but among the libertarian and anarchist geek culture of the late 20th and early 21st century that we find the most explicit analyses of the importance of privacy and of the radical threat posed by the ubiquitous surveillance enabled by the Internet, whose potential and dangers geeks grasped far more readily than the traditional Left or the average consumer. (Likewise, geeks, along with the anti-GMO, anti-biopiracy and food security groups, have a far keener analysis than most Leftists of the importance and dangers of the regime of intellectual property rights that contemporary capitalism has created as a major new domain of economic rent and exploitation.)

Surveillance suppresses legally permissible dissent

Bulk surveillance is actually very ineffective at finding and foiling terrorist threats, as recently documented at length in the New Yorker: after 14 years of invasive mass surveillance in the United States, the only thing that has been thwarted is a single $3,000 donation to a Somali terror group. Where surveillance is most effective is not in preventing violent terror threats, but in monitoring and controlling peaceful democratic dissent that authorities deem threatening to vested interests. This includes peaceful organizing like the civil rights movement in the United States, LGBT rights activists in the 1970s and ’80s, pacifists, environmental groups, or groups like Idle No More. In this issue, Tia Dafnos surveys the myriad government agencies and programs set up to monitor Indigenous activism — the modern incarnation of Canada’s history of criminalizing Indigenous advocacy and associations — and Lorne Browne exhaustively details the history of surveillance and criminalization of communist and labour organizing in Canada in the 20th century.

Through surveillance and eavesdropping, authorities map social relations, organizing relations, people’s thinking and personal characteristics, and much more. As Glenn Greenwald writes, …historically mass surveillance has had several constant attributes. Initially, it is always the country’s dissidents and marginalized who bear the brunt of the surveillance, leading those who support the government or are merely apathetic to mistakenly believe they are immune. Even innocuous information may help abusive, overweening authorities target and discipline people they decide they don’t like. The worst effect of bulk surveillance, however, is probably self-censor-ship, which is part of its purpose. Greenwald again:

…history shows that the mere existence of a mass surveillance apparatus, regardless of how it is used, is in itself sufficient to stifle dissent. A citizenry that is aware of always being watched quickly becomes a compliant and fearful one. This effect was clearest in Eastern Bloc countries, but mass damping of dissent through surveillance works in bourgeois democracies as well, as many studies have confirmed. In late 2014, PEN found that 75 per cent of writers surveyed in liberal democracies have censored themselves because of fear of surveillance (compared to 80 per cent of writers in the rest of the world). When social change depends on the organizing work of marginal forces, surveillance can have a dramatic impact on the ability of ordinary people to effect change.

Mass surveillance radically undermines social possibility and the foundations of democracy through eliminating privacy and privacy rights. Privacy is essential to freedom of association and the right to organize, it is essential to the ability to think unorthodox thoughts, to share these thoughts with trusted others, essential to bonds of intimacy and trust. Without all of these, both democracy and our lives as self-realized individuals are radically undermined.

In times gone by, one could have conversations that were both private and ephemeral — within the walls of one’s house, or out in the fields and woods. Today, most conversation has shifted to the Internet and other technologies where conversation is neither private nor ephemeral. Rather, it is eavesdropped, recorded, and archived for unknown future uses, leaving a residue of risk, mistrust, and social suspicion everywhere. This radical shift in power relations between people and the state has occurred without significant resistance or debate, except from politically engaged geeks.

Some Left activists talk about a political solution as if some legislative solution can work in the absence of a technical solution. We do need political and legislative solutions, but there is little reason to hope effective curbs are forthcoming. The USA Freedom Act, which in its original form would have ended bulk surveillance in the United States, was gutted by the House Rules Committee colluding with the Obama administration, even though the draft bill had been approved by the House Justice and Intelligence committees. Nevertheless, it went on to defeat because it was considered to restrict surveillance too much. Furthermore, even if reforms are enacted, where the power technically exists, governments will go “right to the edge of the box” of the law, as one former NSA director said, to use that technical power. And as we have always seen, intelligence agencies are almost impossible to subject to effective scrutiny. As Greenwald writes, Expecting the U.S. [or Canadian] government to operate a massive surveillance machine in complete secrecy without falling prey to its temptations runs counter to every historical example and all available evidence about human nature. This would apply to any state apparatus, including a non-capitalist one. So we need to also implement technical solutions to make bulk surveillance impossible and target surveillance very expensive, subject to due process. That means strong encryption for the masses.

Why encryption protects democracy — but only when we all use it

Encryption that individuals only use when they think they have “something to hide” is practically useless as a solution to the problem of bulk surveillance. Encryption is most useful when it is ubiquitous because that is a form of “direct action” that protects the privacy rights we have won from the state over the centuries, and erodes the ability of states and large corporations to practice social control through surveillance and eavesdropping. Encryption is not just about protecting sensitive information like passwords and banking info, it is also about protecting the ability to make choices, it is about protecting spaces for new possibilities to emerge, it is about restoring a hitherto normal and ubiquitous level of privacy that we have lost. But this is only true if you do it wherever you can. In other words, everything that transits on the Internet or over the phone should be encrypted end-to-end, all the time. That way, when a human rights activist living under an oppressive regime uses encryption, this will not register as a suspicious act in and of itself. Encrypting everything becomes an act of solidarity with those people. Of course, governments will be able to target specific individuals and obtain data they want to, but ubiquitous encryption will make this expensive and applicable only on a case-by-case basis, as it should be.

In short, “I don’t use encryption because I have nothing to hide” is a fatuous, selfish argument and a misunderstanding of the purpose of encryption technology because:

  • You don’t know or decide what anyone else considers of interest or “worth hiding” nor do you know what future authorities may decide is “worth hiding.” It was a great idea to be openly gay in 1926 Berlin, but this choice didn’t stand you in good stead 10 years later. You never know when you will need your rights!
  • If authorities take an interest in you, much more of your “innocuous” activity than you suspect can be used against you and still more can feed into “confirmation bias” when authorities have already developed a prejudice about you.
  • Encryption used only for “special occasions” does nothing to thwart bulk surveillance as a technology of control of whole populations and does nothing to protect those, like human rights activists under oppressive regimes, whose safety may depend not only on the privacy but also the obscurity of their communications.

Canadian Dimension has compiled a brief guide to how we can use technology to defend privacy.

Privacy on the internet is hard to do. While it is important for all of us to protect our freedoms of association and conscience by keeping private communication possible, it is also important to recognize that technological solutions are not foolproof, and that the best protection for anyone is for all of us to protect each other by practicing privacy and working for political change. We can thwart bulk surveillance. We can also protect ourselves from opportunistic threats, or loss of hardware (phones, thumbdrives, etc.) containing confidential or sensitive information. On the other hand, targeted surveillance and targeted hacks are nearly impossible to prevent without vast resources, skill, and expertise.

Here are 5 easy things anyone can and should do to protect their privacy and security, and our collective privacy and freedoms:

  • Use at least one private messaging system as a primary means of communicating with friends, family, and acquaintances. I am partial to to Signal (iOS version) or TextSecure / RedPhone (Android version). It is cross-platform, easy to use, already has a large install base, is open source (meaning anyone can review the code), it is built on solid design principles, is actively developed by well known and respected developers, has been widely vetted, and is federated (meaning anyone can run a TextSecure server that can talk to other TextSecure servers). These are all good things, and any good solution should have most or all of these attributes. (Note that Signal/TextSecure’s text messaging protocol features more modern encryption protocols than the voice protocol. There are other messaging platforms that are very nicely done and are open, like Peerio, but for now, very few of them have many users, so they will not be practical. Pick something that can be practical a lot of the time, or you’ll never user it. Many people want to encrypt email. The standard for many years has been PGP, or the open source version GnuPG, which you can get for most platforms (for Mac OS, Windows, and the Chrome browser. However, the PGP protocol is now old, a pain to use, and does not have modern features like perfect forward secrecy. Email’s protocol is even older and was never designed with privacy in mind: even if you use PGP, metadata is exposed. Google and Yahoo are developing solutions for Gmail and Yahoo Mail that will solve some of the usability problems, but not the problems with the protocols. Still, if you want to encrypt email, this is how to do it.
  • Use a good password manager like LastPass or 1Password to generate and remember strong, distinct passwords for every app and website you use. For your master password, make sure you understand what a good password is, and choose one at least 14 characters (preferably 18 or more) for your master password. Write this on paper in a couple of obscure locations that you will remember, in case you forget, because you won’t be able to recover it. Don’t save your master password electronically anywhere!
  • Make sure you turn on full disk encryption in Windows or Mac OS-X using the system settings. iPhones and iPads are encrypted by default; make sure your passphrase is very good, since you can use TouchID to unlock the device most of the time. On most Android devices you still need to opt in to device encryption, and you should definitely do this. Pick the longest good password that will not completely annoy you when you have to enter it. If backing up your disk to the cloud (which you should, to prevent data loss!) be sure to use a dependable application like Arq or Boxcryptor to ensure that your data cannot be read by your cloud storage provider (or anyone else but you). Make sure to keep the password secure yet retrievable (see #2 above), because without it, you could lose all your data in the event your hard drive fails and you need your backup.
  • Use a VPN (virtual private network) service like Private Internet Access to protect yourself from your ISP’s snooping. ISPs have some of the worst track records of snooping on their users, both for profit, and for sharing data with government without judicial warrants. Make sure you choose a VPN service with a no logging policy. In many jurisdictions, including Canada, VPN providers are legally required to log and retain connection IPs. The United States and some European countries do not require this. However, a service in the United States and some European countries might be required, upon request by law enforcement agencies, to give access to your VPN traffic without notifying you. If this is a concern for you, you can check out this list of VPN providers in other jurisdictions.
  • If you do not use standalone programs, but do almost everything in the browser (as increasingly many people do), then consider using a cheap Chromebook as your primary desktop or laptop. Chromebooks easy to use, require no maintenance, and are very secure against compromise by malicious websites, links, or attachments. You can add to your security by using browser add-ons like uBlock, an ad blocker; HTTPS everywhere, which makes sure you are connecting to websites securely (if they support it); or, for advanced users, uMatrix, which gives you fine-grained control over scripts and other resources loaded by websites. Finally, be sure to go into your browser’s settings and set all plugins to “click to play” to prevent malicious plugins from running automatically in your browser.

Surveillance capitalism and the surveillance state

One of the most important revelations in the Snowden leaks has been the depth of collusion between private corporations and the state surveillance apparatus. This cooperation is uneven — some companies have a much better track record of fighting warrantless surveillance than others — but ubiquitous. Telephone and Internet service providers have perhaps the worst record of complicity, something that Christopher Parsons details in these pages. Yet after Snowden, many tech companies have found their economic interests threatened at home and abroad by the perception that they do not have their clients’ privacy interests at heart. Further, the much sought-after engineers who work in the technology industry tend to have a libertarian outlook firmly opposed to an intrusive state and have been outraged by the degree of intrusiveness of state surveillance. As a result, following Snowden, companies like Google, Facebook, Apple, Twitter, Yahoo, and Whatsapp have aggressively moved to encrypt their customers’ data and prevent bulk surveillance.

Protester holds a placard bearing a message from Edward Snowden to Chelsea Manning. Held in London on Manning’s 27th birthday (December 17, 2014), the protest called for Manning’s freedom.

Yet many of these companies operate businesses built upon the bulk surveillance of billions of their own users: Google, Yahoo, Facebook and a range of faceless data brokers monitoring purchasing and financial habits have amassed data on citizens to a degree that the Stasi (East Germany’s notorious security service) could only dream of. As these private, unaccountable, virtual spaces have replaced the public square, this is almost as much a threat to privacy and freedom of association as state surveillance. Not only has the commons of public discourse shifted into realms controlled by private entities, but many of these same companies have pioneered new technology and legal regimes of intellectual property through digital rights management and stiff anti-piracy penalties. That’s why Cory Doctorow has argued that as technology and software become ever more pervasive and essential to our lives, it is urgent that we retain a level of control and common ownership over these devices, software, and network infrastructure. This is one reason the opensource movement in software is a genuinely political movement of broad importance, not merely a niche issue (most of the infrastructure of the Internet is built on open-source software). The fight for net neutrality is also an essential if we are to prevent the Internet from becoming a completely privatized space. While the U.S. Federal Communications Commission has just introduced regulations to ensure net neutrality — preventing paid “fast lanes” on the Internet that would privilege wealthy, established corporations — in Canada, the CRTC is hostile to net neutrality and Stephen Harper believes the telecoms oligopoly should decide what’s best.

Technology alone not enough to save us from Harper’s scary surveillance vision

Canada has already become a hostile environment for privacy and the open Internet. The most recent Edward Snowden revelations, in January of this year, show that Canada is responsible for leading global surveillance programs such as “Levitation,” which hoovers up information about file downloads by Internet users worldwide, which it shares with its “Five Eyes” partners the U.S., U.K., Australia and New Zealand.

Last fall, the government passed Bill C-13, lowering warrant thresholds. In amendments to the CSIS Act and Bill C-51, the new “anti-terrorism” bill, Harper is also proposing a raft of changes granting CSIS and security forces broad powers to commit illegality, violate the charter of rights, and conduct self-warranted surveillance without effective judicial or parliamentary oversight. At the same time, Canada’s judiciary is more hostile to privacy rights than the U.S. bench and can’t be counted on to stop excesses of surveillance. Recently, Canada’s Supreme Court authorized warrantless searches of cellphones, while the U.S. Supreme Court just banned the very same thing.

Technology cannot save us from these threats if this technology is itself criminalized. Early this year, U.K. Prime Minister David Cameron pledged that, if re-elected, he would make it illegal to communicate in any way not legible to the state. FBI director James Comey has called for something similar in response to the spread of mass encryption technology that the government cannot decrypt, like iPhone and Android disk encryption, Apple’s iMessages, or Facebook’s Whatsapp.

The threat of criminalizing privacy cannot be combated except through movements and political organizing. Groups like the Electronic Frontier Foundation, the Electronic Privacy Information Centre, and the Freedom of the Press Foundation in the United States, or Open Media and Citizen Labs in Canada, have been campaigning effectively on privacy rights and intellectual property proliferation. But this analysis needs to be taken up by the broader Left and social movements and turned into a political priority. In an age when police forces are increasingly militarized, the fight against terrorism and the policing of political dissent have been explicitly lumped together by governments — the New York City police chief explicitly proposed a special police unit armed with machine guns to fight terrorism and peaceful protesters alike — the stakes are high, but as history demonstrates, they are highest for those who are most marginalized, and for brave dissenters working for progressive social change.