Friday, March 25, 2011

Effing Great

I think I've written about this before, but the EFF is my hero. I've been a member since 1999-ish, and have enthusiastically followed their efforts since the early 90's, when they defended Steve Jackson Games against a criminal overreach by the FBI during an early government fishing expedition for electronic crime.

I don't have as much time as I would like to closely follow EFF these days, but every time I check in, I'm amazed at what they're up to. The organization has shifted radically over the past twenty years, and change is kind of built into its DNA. You can probably best summarize the role of the EFF by unpacking its name, the Electronic Frontier Foundation. They operate at the cutting edge of electronic technology, and work to make sure that we're writing good laws about these new technologies and enforcing them well. Because technology changes so rapidly, so does the EFF and its focuses. Back in the late 1990's, nobody knew what a "blog" or "blogger" were; by the mid-oughts, blogs were a significant mode of expression, and the EFF focused a significant portion of their activism on giving good tools to bloggers; these days, blogs have become proportionally less relevant, and the EFF focuses more on social media and the unique set of issues that they're raising.

Because technology affects almost every aspect of our life, the EFF's portfolio can seem sprawling at times. They still put in a lot of effort against their early-90's mainstay causes: upholding fourth and fifth amendment rights in digital contexts, and defending digital media against government censorship. Now, though, the EFF is at least as focused on private corporations as on the government, and just as concerned about privacy as it is against free expression. All good causes, and I'm glad they're fighting for them.

One of the (many, many) perks of moving to the Bay Area has been closer proximity to the EFF. While they were briefly based in DC towards the beginning, they realized a long time ago that their advocacy required close coordination with the companies who were developing the technology that drives these legal questions, and so they relocated to San Francisco. Their offices are based in the Mission, and while (understandably) by far most of their activities take place online, they do occasionally hold real-life events. I try to attend these whenever I can, as they're a great way to learn about the most pressing issues of the day.

The latest event was an interesting talk that was given in conjunction with the Intersection for the Arts, a San Francisco non-profit. Before the lecture started, the folks from Intersection chatted a bit about their organization and what it's up to. They've recently relocated from the Mission to the first floor of the San Francisco Chronicle building. I was saddened to hear that, as part of the blows striking old-fashioned print media around the country, the Chronicle has scaled back their offices significantly enough that they now only occupy one of the three floors of their building. The Intersection has moved in, along with several other cultural organizations.

The main show at the Intersection now is an interesting piece that's now in its seventh year. It was created by an American citizen who was detained by the FBI for many months on suspicion of involvement in the 9/11 hijackings. He was innocent, and finally walked after one day where he underwent, and passed, nine consecutive polygraph tests. During that time the government combed over every aspect of his life, and his friends' and family's lives, and even after he was declared innocent and released, the government asked him to keep them informed of all his travel and activities. Eventually, he started documenting every single aspect of his daily life, and turned it into an ongoing and ever-evolving art installation. Predating the rise of the social networks, it's a slightly funny, slightly eerie contemplation of privacy and surveillance.

And so, obviously, there's a clear tie-in with a lot of what the EFF is working on, today and always. Two activists spoke, covering a lot of interesting ground. They started off with some fairly remedial ideas - the PATRIOT act, Freedom of Information Act requests, the "back door" that lets the government collect data from private companies instead of wiretapping you. They quickly moved on to more detailed topics, though, and I was amazed by a lot of it. In no particular order:

When you enter the country, even if you're an American citizen, customs agents can search and seize your digital devices - laptop, cell phone, digital camera, and so on. The courts have ruled that this is a "routine" matter, and so it doesn't require any special suspicion, warrants, or the like. If anything strikes them as interesting, they can copy your entire hard drive, or whatever; read stuff already loaded on your computer like emails; and/or hold the device for a "reasonable" amount of time, which apparently is currently set at around two weeks, before giving it back to you. Again, none of this requires a warrant or any specific cause for suspicion.

Their talk made me even happier about Twitter, and even more disturbed about Facebook. Twitter recently received a secret order from the Department of Justice ordering it to turn over all records related to some individuals who were suspected of having links to WikiLeaks. Most of the time when this happens, companies play ball: they don't want trouble, so they just turn everything over. (The "privacy policy" checkbox you clicked when you joined any network or web site almost certainly granted them the right to do this, though you didn't notice it at the time.) Twitter, though, decided that it didn't think the requests were valid. Now: because of the nature of the order, Twitter was forbidden from even disclosing that it had RECEIVED the order. Eventually they were able to bring the EFF on as counsel; the EFF, in turn, was gagged from disclosing that there was a case or that they were involved. They've been litigating this case for months, and only now has the judge finally unsealed their request to unseal the case. (!) 

As they pointed out, these are among the most disturbing aspects of the post-PATRIOT-act world that we live in. America is a democracy, and we the people are ultimately responsible for the government we elect and create. How are we, as an informed populace, supposed to make decisions about the actions taken by our government, when we don't even know what they're doing? There's an institutionalization of government secrecy that has a potentially chilling effect on the basic functioning of our democracy.

A large part of what the EFF does is file Freedom of Information Act requests. FOIA is one of the best tools available for extracting information about what the government is up to. These tend to be protracted affairs, as they often won't get all the documents they want, or else they'll be heavily redacted. If that happened to you or I, we'd be stuck; when it happens to the EFF, they can litigate and try to get more.

There's been a lot of interesting information trickling in from FOIA requests. Among them:

Among the major social networks, Facebook has a reputation as being the most "cooperative" in responding to "emergency" requests from the Department of Justice.

There's wide disparity between how individual government agencies handle data. For example, when DHS was preparing for Obama's 2008 inauguration, part of it was dedicated to monitoring social networks. (Interestingly, the particular networks that they were interested in were ones with particular demographic bents, lining up with particular racial minorities, making this a fascinating, 21st-century example of racial profiling.) Part of that conversation, though, was a discussion about how to handle that data. They were trying to figure out how to anonymize it, how soon they could get rid of data that wasn't connecting to any plots, and so on. On the other extreme, the Department of Justice notoriously gathers tons of information on tons of subjects and holds on to it indefinitely.

Sometimes, a FOIA request will result in getting the same document from multiple agencies. When this happens, it's lots of fun to compare the document and see which parts one agency thought were worthy of redaction while the other agency thought they were okay.

One of the activists talked about the status of the PATRIOT act. As we know, it was passed in a rush after the 9/11 attacks; it's hundreds of pages long, and many lawmakers have admitted to not reading it before voting on it. It weakens many of the protections that were put in place during the 1970's after Americans became rightfully alarmed at the degree to which the government was spying on its people. It weakens the separation of powers, lowers the bar for starting an investigation, expands the range of actions that can be taken against American citizens without a court order, and so on. They played a YouTube clip of Obama from the 2008 campaign, where he addresses the problems with the Bush presidency's calculus (which demanded that greater security required surrendering rights), and eloquently describes how America should cherish its tradition of liberty. Audible, rueful snickers could be heard from the audience as we watched the clip. Needless to say, things haven't turned out as we've hoped. The Obama administration, and in particular their Justice Department, has continued the Bush-era arguments for surveillance and monitoring of civilians.

There is some unexpected hope, though. When the PATRIOT act came up for re-approval, the House tried to push it through without a vote, and enough Democrats and Republicans rebelled against them that they weren't able to do so. To be clear, they weren't voting against the PATRIOT act itself, but were demanding that it be debated on the floor. This means that we have our first good opportunity in a decade to make fixes to this law. (Yes, there are some aspects of PATRIOT that are worth keeping, where it modernizes law to correspond with currently available technologies; but that modernization ought not be an excuse for an expansion of government powers at the expense of citizen liberties and privacy.) They urged us to call our congresspeople and demand that they not vote for PATRIOT unless it is changed to safeguard civil liberties. On a parallel track, EFF is organizing a one-day White House phone-in where they're trying to get as many people as possible to call Obama's office on the same day to ask that he veto PATRIOT re-authorization unless it restores separation of powers and oversight.

A good chunk of the night focused on practical tools that everyone can take. The EFF described these as "good hygiene": they won't make your data perfectly safe and private, especially since the government always has this back-door available to private companies, but if enough people follow these tips, it will raise the bar for privacy throughout the country.
* Always use HTTPS whenever you can. HTTPS protects against random people eavesdropping on your conversations, especially when you're accessing public Wi-Fi like in a cafe. The EFF has released a Firefox plugin, called "HTTPS Everywhere", that automatically switches you to the HTTPS version of Web sites when available.
* Encrypt your data. Modern operating systems have encryption capabilities built-in, so you can choose to electronically scramble your files. That way, even if your data is taken (whether by a thief or by a US Customs agent), they won't be able to read it without your password.
* Similarly, encrypt your communication. Pidgin and other IM clients support OTR, which keeps random people on the Internet from eavesdropping on your chats.
* Only take the data that you need. When traveling out of the country, for example, take a blank laptop. Once you arrive at your destination, download your (encrypted, secure) data from an (encrypted, secure) remote computer. Do your work, upload any new data, and then clean your laptop before you return to our country.

All too often, people take an attitude of, "Well, I don't have anything to hide, so I don't need to care about any of this." Many people DO care about their privacy, though; they may care as a matter of principle, or for reasons of modesty, or out of embarrassment, or just because it's nobody else's business. And of course, activists worry about the slippery slope that these cases put us on, leading to a more Orwellian future. By practicing good data hygiene, we raise the bar for everyone, and also make it less tempting for anyone (identity thieves, industrial spies, criminals, or rogue government agencies) to go on fishing expeditions.

I'm not nearly doing justice to this event; it was utterly fascinating, and covered a lot more ground than I've listed here. There should be a video up at this page sometime in the future, and if you have a spare hour or so, it will be richly rewarded by helping you be a more aware, and hopefully more active, citizen in our digital world.

No comments:

Post a Comment