Julia Angwin talking:
Just by going online and choosing to use free services, and that we really have given it up, right, for security for free services. And so I decided, OK, I’m going to withdraw that choice and see if I can still live in the modern world, because theoretically I can opt out. And so, I was successful at some things I did. I stopped using Google search.
what I didn’t like about Google search was that they keep all of my search records, right? If you’re logged in, like I mostly was—my records were dating back to 2006, every search I had conducted, and it was all logged in there in my history. You can find it in yours also. And it’s really disturbing to look at, because you see that every single thought that goes through your head, you basically google it. So, in the morning, it was like I googled the weather, then I googled my breakfast. I mean, I didn’t—it seemed to me that I was—there was nothing in my head that didn’t come out into a Google search.
You can clear your history, but Google also saves history on their end tied to your IP address. And so, the thing is, even when you log out, they are—their business is keeping records and analyzing data. That’s what they do. They offer that data to advertisers as a way to convince them to advertise on Google. And so, I decided that basically I just didn’t want that record. I was also mad Google wouldn’t let me download it myself, because I thought maybe I would learn something about myself by, like, watching my crazy mind jumping around, but I can’t get it, right? They have it, but I can’t download it.
They have a section of their website where you can take some of your data—it’s called the Data Liberation Project at Google—and so you can liberate some of your data, like your contacts and some of your—you can download some of your emails and several things. So they do have some of that, but the search, which is actually, I think, the bulk of their business, is not part of the Data Liberation Project. And I asked them; they said they didn’t know when they would ever add it. So, I don’t know.
So I went to DuckDuckGo, which doesn’t save any history. So they’re just a privacy-protecting search engine. They’re a small startup near Philadelphia. And, you know, at first it was hard to adjust to a new search engine, because they don’t fill out your sentence, right? Google knows what you’re thinking. I mean, that’s the whole point. They already watched my mind for all those years; they know. So, I had to work a little harder, right? I had to actually finish my sentences and actually tell them that I lived in New York, because otherwise they would give me results for London or something, because they actually didn’t know. But in the end, I started to feel that I was controlling my destiny more, because I knew exactly what I wanted, whereas Google was guessing for me, and I didn’t necessarily want them to guess all the time.
a couple who met on an online chat forum, which was supposed to be private, and then it turned out, in fact, that it wasn’t. So this was a really sad story. These two people—it was one of the stories that is the promise of the Internet, right? Two people across the world, one in Australia, one in Arkansas, who never would have met, but shared a similar disease and met on a forum for patients, that was a password-protected forum for patients to talk about their diseases. And they were having a really kind of emotional conversation on this forum, when they got a notice from the forum operator that there had been a break-in. And so, this big media-monitoring company, Nielsen, which I think most people know, has a social-media-monitoring business where they try to monitor online buzz and sell—they sell that to big companies who want to know what their products are being talked about. And so, theoretically, we don’t know why Nielsen broke in, but probably they were trying to figure out what patients were talking about to sell that to somebody who is interested in what patients talk about. And so, these people were really horrified to find out that Nielsen was breaking in, but the notice also said, “Oh, by the way, in case you don’t know, this website is also selling your data.”
if the website itself had decided to bring legal action against Nielsen, they may have had a case. But those cases are hard to bring. There’s a lot of grey area. And Nielsen immediately apologized, said, “We’re not going to break in again.” And so, no legal action was brought.
They were talking about depression, yes. And what—I think the thing that was interesting, talking to them, they were more upset about the website selling their data than they were about Nielsen, because, OK, a break-in happens, but they were not aware that in the fine print of that site, they were being monetized, right? And I feel like that’s the issue of privacy these days, is so often we think of privacy as intrusion, but in fact it’s something we authorize in the fine print.
the problem with the cellphone was I was trying to figure out how can I protect my privacy with a cellphone, because you carry it with you everywhere. It’s the world’s best tracking device. I’m sure that when you were at the CIA, you would have loved to have your targets carry these things. And we actually pay to carry them.
It’s sort of like incredible. So, the thing is that they’re always transmitting stuff that you’re not aware of. They have to talk to the cell tower to give you a signal. They often are sort of talking to wi-fi connections nearby. The apps can be sending data. And so, I realized that I really didn’t have that much control over what it was transmitting, even when I wasn’t using it. So I realized the best protection I could have was to get a cellphone that wasn’t tied to my identity. So I basically went and bought something for cash, prepaid, with a fake name, and—which is legal—and carried that around. Now, the problem is, this is a thin veneer of privacy, because I go to all the same locations, I call all the same people, so somebody who looked at that data would be able to tell. But basically I thought, well, at least they should work a little harder to get me.
Information is power, right? So, the more information that you give to the government, the more power they have over you, right? And similarly commercially, the more power—information you give to the cellphone company or to Google, the more power they have over you. One thing that I had been investigating in my years at The Wall Street Journal was, there are a lot of companies that are trying to figure out ways to show different prices to people online based on the personal information they have about them. So, essentially, we’re going to get to a world where they’re going to know that I have five more dollars in my pocket than you, and my price is going to be $5 higher, because that’s the data that they have. And so you lose in a negotiation, generally, when you have less information than the other person.
free wi-fi is something that I have actually turned off on my phone, because what is happening with free wi-fi is that people are using the wi-fi signal on your phone to sort of track you. So there’s shopping malls and retailers who actually ping the wi-fi on your phone to see you as you’re walking by, because they want to get into the tracking business. I mean, everybody wants to be in the surveillance business. We’re just lucky our neighbors are not yet doing this. But they will be. And so, the wi-fi signal is basically a—is a democratized tracking technique. Anyone could do it. I could drive around with a signal to pick up wi-fi. So I’ve essentially stopped using wi-fi altogether.
some people accuse me of being too paranoid, possibly, and so I thought, “OK, fine. I’m going to look and see: What did the most repressive surveillance regime that we know of in the modern world have on their citizens, and how does that compare? Am I overdramatizing this situation?” So I went to the East German secret police, Stasi archive, and I obtained, through their equivalent of a Freedom of Information Act request, a few files, which I got translated. And I looked at them, and, you know, there were handwritten dozens of pages. But in totality, they were not really as robust as like an average Facebook profile, and certainly not anywhere near as revealing as my Google search results. And, by the way, it was interesting to learn that they only had files on one-quarter of the population, which took them a lot of work to surveil those one-quarter. Now we’re in a situation where, clearly, the government and institutions have files on everybody. So, really, the question is: How can we prevent our regime from using that in a way to repress us? And that is, I think, the question, is really one of oversight.
Daniel Jaye is an interesting guy. He actually invented sort of the way that we’re tracked online by advertising technology. So if you’ve ever had an ad follow you around on the Internet—which most people have had that experience, right?—he’s the one who came up with that idea. And so, he came up with it back in—right around the dotcom boom. And then for—nobody was interested at that time, but then, around 2007, it really regained—it had a resurgence. What’s interesting about him is he thought it was going to be privacy protecting, because you are only identified by like a little number—123456, this person has gone to these websites. But what—he has actually kind of turned against it, because he finds that his innovation is now being used to connect people to their actual identities. People like Facebook and Google actually often, if you have an account with them, when they track you on other websites, know who you are. And so, he is concerned that his anonymous creation is actually becoming less anonymous.
corporate surveillance and government surveillance. corporate surveillance can seem more benign, and sometimes it is. But I think the one lesson I feel like I’ve taken, the biggest lesson, from the Snowden revelations has been how aggressive the government is about going to these private companies for data, because, to them, this is incredible. Google has so much more, right? They want it. Google has so much more than the government.
the government actually does have limits on their collection. Now, they don’t always obey them, as we have seen from some of their violations mentioned in the FISC. The foreign intelligence court has dinged NSA. But, ultimately, they do have to obey some laws, and—whereas Google has everything. They have every map you’ve ever looked at. They have every, you know, search. They have your email content. So, we have seen that the government comes to them repeatedly with requests, secret court orders for the documents. And then we’ve also seen some occasions where they’ve hacked in to different parts of the Internet to try to get that data other ways.
we’re one of the only Western nations without a baseline privacy law that basically puts some baseline limit on what commercial data gatherers can do. Most Western countries have—at least offer citizens the ability to see their files, correct them, and sometimes remove them.
before ubiquitous surveillance, which, by the way, I would just point out, was only 10 years ago, none of us probably, I hope—I mean, I didn’t, at least—have a police file. Right? They didn’t have a reason to track me, so they didn’t have my information. And that was a situation I was really happy about. Now, of course, all sorts of governments, from state and local to the federal, can sweep up tons of information and then sort of trawl through it for people that might be doing suspicious things.
I tell the story in my book of one man who is a boiler repairman in—near Boston. And he basically showed up one day and found that his driver’s license had been revoked. He saw a notice. He went to a court hearing. They said, “Show up at this hearing. We’ll tell you why.” And they—when he went there, they said, “Our facial recognition technology has identified you as looking too similar in your photo to another person, so we think you guys have done identity theft. Prove who you are.” Right? So he had to prove that he was who he was. And so, this is sort of—the presumption of guilt is reversed, right? He has to prove his innocence to get out of the lineup.
going back a year or two, that kid in Pennsylvania. The school had given kids laptops. And they were very excited, and they went home, and he’s home in his room. But the school—they said, to protect the students so that you wouldn’t think that they were stealing laptops—they would always turn the cameras on, if you took the laptop home, so that they could say, “Oh, he wasn’t really stealing the laptop; he was actually using it.” But in fact what they were doing, well, he was eating—I think it was Mike and Ike jelly beans. They took that to mean that he was popping drugs. They called in his parents, and they said, “You know, he’s using drugs.” They were frightened. They said, “What are you talking about? How do you know he’s using drugs?” He’s a kid. I think it was an elementary school. And they start to show photographs. But they recognize this is their boy’s room that he’s in. And they see he’s putting things in his mouth, which is his favorite candy. But these photographs—and this is a few years ago, and then all the kids realized they are being filmed in their bedrooms by the school.
that was a horrifying story of, once again, where is the presumption of innocence, where you’re called in for taking drugs. So, the thing about the camera is that it can be remotely activated. That’s what happened to those kids. And unfortunately, there’s like criminal hacking gangs out there who want to trick us into downloading some—clicking on a link that installs some software that can remotely activate our camera. And what they’ve been doing is basically filming people in their rooms and then trying to blackmail them, saying, “I have naked pictures of you. Send me money.” And so, basically, in the tech community, that I am—hang out with the hackers, they all have stickers over their camera, because they know how easy it is to download this free software that can remotely activate your camera. And then you take it off when you want to use the camera. But, essentially, everyone should have a sticker over their camera.
the thing about kids is there’s this myth that they don’t care about privacy. People tell me this all the time. “My kids don’t care about privacy.” And what I say to them is: “You are their threat model. You are the NSA to them. They want privacy from you. What you don’t realize is they don’t care about the same issues you care about, but they do have a privacy issue, and it’s you.” And so, the way I convinced my kids was essentially to show them that they could have secrets from me. This was the selling point. They actually mostly wanted secrets from each other, right? “Oh, little brother is going to find out my stuff.” So they really enjoyed the fact that it also seemed like fun. I showed them this tool they could put on their web browser that shows how many tracking technologies were on a different—any given website. And to them, it was like a video game. “Oh, I got a website with 40 trackers!” You know? And then I taught my daughter to build strong passwords so that her brother couldn’t break into her account. She actually ended up starting a password business where she sells strong passwords for a dollar. She’ll make them for you.
So what a strong password these days is really long, for—and basically not already used on another site. So many sites have been hacked that the password hacking community have every password that’s already been used. So you basically need something new, which is, by the way, really hard to think of. So all our brains are overtaxed with this password question. So what my daughter solves that problem by picking random words out of the dictionary. We have a dictionary where every word is numbered. It’s called diceware, this method. And she rolls dice. She picks the words randomly. So then I have five dictionary words that I string together, so my passwords are 30 characters long. And then I can remember them, though, because they’re dictionary words. They’re still not words I would ever choose, but they’re most likely not in any of those password files that have been hacked already.
So what she does is she gives you the password “unsalted,” and then you are supposed to “salt” it with numbers, exclamation points, capitalization, as you wish.
remember password. You must write them down. You’re unlikely to have somebody break into your house, find the piece of paper with your password on it, and then figure out which account it goes to. So, the myth that we can’t write our passwords down is really unhelpful and is actually creating password insecurity.
I find that young people, when I talk to them about privacy, are very interested. And the data also shows that young people are more willing to adjust their privacy settings. They are less likely to download an app if they’re concerned about the privacy of that app. And so, interestingly, the young people, I think, because they are very tech savvy and tech literate, understand they want to control their data. The rise of Snapchat is a very good example of that, right? They want their chats to sort of disappear into the ether.
Snapchat it’s a way to sort of blow up your communications. After you send them, you can blow them up, and they sort of disintegrate after a certain amount of time.
So, maybe they like the perception of privacy. The problem we have with a lot of these tools is we don’t have good standards of auditing, and so it’s hard to know whether companies that say they’re doing something to protect your privacy are actually doing it. And that’s one thing I recently wrote an op-ed about, which is that I think that we also kind of need the equivalent of like organic food standards, which is like something needs to meet a minimum threshold before it can market itself as private.
these companies, Google and Yahoo they might well be outraged, actually, because they—you know, what’s interesting about all these companies is they’re all in a race to hoard as much data as possible. And so, to them, this is sort of their information has been stolen from them, and it’s hurting their reputation with their customers. So I kind of believe that they are upset. I think they were perfectly happy to cooperate with the secret court orders. It doesn’t appear that there has been—I mean, there was one fight Yahoo had with the FISA court, and maybe those fights are unwinnable. But we don’t know how hard they have fought on the legal battles. But I think most of these companies are pretty outraged about the hacking into their technology. You know, Microsoft, amazingly, came out with a statement saying that “the new biggest threat that we’re defending ourselves against is no longer Chinese hackers; it’s the NSA,” which is, you know, shocking for Microsoft to say that.
– source democracynow.org
Julia Angwin, Pulitzer Prize-winning investigative journalist, currently at ProPublica and formerly with The Wall Street Journal. Her new book is called Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance.