How To Protest In Trump’s Expanded Surveillance State
Above photo: From Pinterest.
Trump plans to follow the UK’s lead in extending domestic snooping powers.
From Tor’s hidden dangers to the right secure chat apps, here’s how to stay under the radar
WELCOME to the new normal. Even before Donald Trump was elected, the US was already in a “golden age of surveillance“.
As Edward Snowden revealed in 2013, the US government’s surveillance powers had expanded dramatically under the Obama administration. Trump has repeatedly signalled that he intends to make much greater use of these capabilities – perhaps inspired by British legislation that has given the UK government unprecedented power to snoop on its citizens.
In both cases, such powers were ostensibly introduced to combat terrorism. But there’s very little evidence that greater spying powers actually catch terrorists, many of whom already know how to evade spooks. On the other hand, there is mounting concern among privacy advocates and human rights campaigners that such powers will stifle domestic dissent and enable political witch-hunts.
“It’s not the government you have now that’s the issue,” says Harry Halpin of the World Wide Web Consortium. “It’s the government you might have in the future. In the US, everyone said, well the NSA isn’t so bad, Obama is such a rational guy. Now we have Trump wanting to create a database of Muslims.”
So how will the state’s creeping expansion of its eavesdropping capabilities affect the right to protest? The UK’s Investigatory Powers Act – known as the “snoopers’ charter” – goes far beyond what even the US has made legal, granting government authority to force internet service providers (ISPs) to collect information on their users, and the ability to hack into devices on very broad warrants.
Most people are not against the idea of targeted surveillance to bring down terror plots, for example, says Adrian Kennard who runs Andrews & Arnold, a small, privacy-oriented ISP in the UK. The problem is, the UK’s targets are not “targeted” at all – the focus could be “everyone in Manchester”, Kennard says. “Or they might decide to target everyone connected to a BT broadband line.”
Trump is certain to take inspiration from the UK, says Danny O’Brien of the Electronic Frontier Foundation in San Francisco. The US and UK are already planning to weaken the protections on cross-border access to data, he says, allowing UK law enforcement to seize communications from Google and Facebook without a US warrant – and vice versa.
Whether or not he pushes for new rules, Trump is very unlikely to roll back any existing measures. No one else will, either. Overreach in other spheres could plausibly be reversed in future, but powers of surveillance are in political terms nearly impossible to roll back: not only are they seductive, but no government wants to be accused of being soft on security.
Legal challenges to such powers are being mounted on both sides of the Atlantic. But the bottom line is that online privacy looks set to be fatally eroded.
So what’s really so bad about Donald Trump and UK prime minister Theresa May riffling through your computer and your communications? After all, if you’re not a terrorist, you have nothing to fear, right?
This view is desperately naive, says Halpin. “If you think you have nothing to hide, you probably do,” he says. “And if you think you haven’t broken any laws, I promise that you have.”
One concern is that poorly framed or antiquated laws can be used as a pretext to prosecute or harass anyone who falls foul of powerful interests – much as they have previously been used to prosecute hackers.
In the US, one such law could be the arcane Computer Fraud and Abuse Act, created in 1986, which makes it a federal crime to access a computer in a manner that “exceeds authorized access”. Companies have occasionally used the CFAA to bring civil suits against competitors, but the real threat goes far beyond that, because it can criminalise violations of websites’ terms of service – even something as trivial as lying on a dating website, says Esha Bandari, a lawyer with the American Civil Liberties Union, which is challenging the law.
Whether violations are pursued is “at the mercy of prosecutors’ discretion,” she says. Just because they haven’t exercised that discretion until now doesn’t mean they won’t: “That makes the law open to discriminatory enforcement,” she says.
In this light, what is dangerous about bulk data collection is that it makes fishing expeditions possible, says Jim Killock from the UK’s Open Rights Group. All this data is kept somewhere, forever. “They can search and process that data to get new and interesting material, and decide whether you’re a suspect for something. It’s quite chilling,” he says.
Is this possible to avoid? “The answer is not to have the data in the first place, so there’s nothing to store,” says Ben Laurie, head of security at Google DeepMind, who is also a director at the Open Rights Group. Security experts point to the Tor network, which anonymises and encrypts your trail through the internet. But it might not be so simple. “Under the IP act, using Tor will put a target on your back,” says Killock. Trump’s proposed CIA boss has called the use of encryption a “red flag”. Once flagged, bulk hacking powers include a provision to break into your device and slurp up its contents.
A “virtual private network” might seem a better idea, but only if you are choosy about which one you use: not all will keep your data away from governments. Switzerland, for example, might be a good place to stash money, but has a data-sharing agreement with the US. VPN providers based in the Netherlands or Germany offer stronger protection under their national privacy laws.
And even the most secure VPN is going to do little good if the computer you are using is open to attacks. The Apple ecosystem is generally more likely to protect privacy; while Google’s security is excellent, its implementations vary by hardware. That makes an iPhone a better bet for security than an Android device.
The software you use matters, too. Secure chat services may not be that secure. Whether or not Telegram was really hacked by Russian authorities, Halpin says his group has also broken the protocol. WhatsApp also appears vulnerable. “I recommend people use Signal,” he says. “It’s the most reliable and secure peer-reviewed text messaging app.”
“Trying to evade snooping by using Tor or encryption might put a target on your back”
As for email, Halpin suggests using RiseUp.Net, if you are concerned about snoopers. “They have no history of complying with requests for email. Lots of high-risk people go there,” he says.
The rest of us could do worse than Gmail. “Google has been resistant to court orders it finds overreaching,” claims Laurie.
Even if civil society has trouble mobilising against a surveillance state, all is not lost. Even now, Halpin says the W3C and other groups that run the infrastructure of the internet are teaming up with companies like Apple and Google to bake these security enhancing protocols in by default. “Making encrypted software easier for the average person to use is a civic responsibility,” he says. The real resistance may just be getting started.
This article appeared in print under the headline “What’s the worst that could happen?”