The subject of privacy or government surveillance is a touchy one for many. For every person who uses a VPN, is careful about their social media (if they have one at all), and takes steps to protect themselves, there are a hundred more who shrug their shoulders and ask “What’s the big deal?”
Today I’m going through a few of the objections I hear to taking control of our privacy, and explaining why those objections are misguided at best. You may have heard some of these; in fact, you may have said them yourself. Take a look and see if any of these statements sound familiar.
- The government doesn’t have time to be sitting there looking at little old me.
- If they want to spy on my super-boring life, more power to them.
- There’s no point in trying to hide your data anymore; the government knows it all anyway.
- I’m not going to hide who I am! MOLON LABE! They can come GET SOME!
Many of the objections I hear to privacy fall under one of the four types above. But are those valid counterarguments to someone who says privacy matters?
Denial and Misunderstanding
The first statement above — and to some extent, the second — assumes some things about “the government” that aren’t necessarily true. When you ask one of these folks what they think the government does with their data, they can’t really answer it. When you ask them who they think views the data, or how it’s viewed and in what context, they can’t necessarily answer that either. That’s a problem, because it means that these folks are making decisions about how they’ll handle a situation without understanding it. Uninformed decision making is not okay. Granted, sometimes we all make decisions based on the information available (which may or may not be complete), but there’s a difference between saying, “I’ve done my due diligence,” and shrugging it all off because they’re too lazy, uncaring, or unsure about how to go about learning and understanding the situation.
You don’t need a computer science degree to comprehend how your data is used, or what it’s being collected for. Do some reading; do some logical thinking about why a government would want to know every detail about what its citizens believe, want, need, buy, love, hate, or anything else. Remember, information is power. Those of who you have taken my anti-infiltration class already understand where this is going: the more you know about a person, the more accurately you can not only predict their movements, but also influence their decisions. For those who claim to be against tyrannical or overly-powerful government, it’s a bit strange to be willing to give that same government the power to predict and influence how you’ll respond in a given situation.
How bad is it? There are games for smartphones that let you “live” a game life and be presented with various scenarios, such as you walking in to find your spouse “otherwise occupied” with someone else. What do you do? The game offers you several choices for your next action. Every decision you make in the game changes your experience…and provides predictive data for a psychological profile. The days when it was just about Google reading your email for marketing purposes are long gone.
Selfishness? Or Just More Misunderstanding?
Those who use the second statement to ignore the perils of a non-private society really miss a critical point here. It doesn’t matter if someone thinks their life is boring — the data they create and throw around like cash in a strip bar is useful. Just because the most exciting thing they’ve done in the last two years is host a Superbowl party doesn’t matter; even their mundane data creates a profile. Maybe that profile says that they are intellectually lazy, or that they prefer to ignore things they find difficult to understand. Maybe their data paints a picture of someone who finds validation in spoiling themselves, indulging in whatever they find good in the moment. All of these data points they so carelessly hand off to people can be used. Whether it’s a marketing company who can see that this person needs to keep up with the neighbors (and can use that to sell them more stuff), a government agency gauging whether they’re a political dissident (and deciding whether they need some extra attention), or a criminal who sees a sloppy, easy victim, these people’s data is gold. It doesn’t matter what the mark thinks it’s worth — to the people who need it/want it/use it, there’s always a value to it.
Laziness and MORE Misunderstanding
Then you have the “what’s the point?” folks. These people believe that the entire exercise of privacy is a waste of time. They point to the license plate readers, the surveillance cameras, the near-complete inability to do anything online without there being a trail of where you went and what you did, and they say, “It’s done; we live in a police state and there is no freedom.” One guy told me this right before going out and buying an Alexa. I guess his belief could be summed up with “If you can’t beat ’em, join ’em.”
The Misguided “Warrior”
These folks are possibly the most dangerous — and not in the Rambo-style way they think. These folks are all over social media, loudly announcing their belief system, their politics, even being quite clear about what they’re willing to do, how they’d go about it, and on and on. They see it as some point of pride to be “on a list,” as if it offers some sort of street cred to be targeted. The funny thing is, if you read about past resistance movements, you’ll hear about those who spent a decade underground. You’ll hear about those who only spoke of their exploits many years after the fact, if at all. You’ll hear about people whose codename is all that is known about them. Guess what you don’t hear about? The people who stood up and yelled, “HEY EVERYONE LOOK AT ME DOING RESISTANCE STUFF!” They’re dead. Or languishing in prison.
I get the attractiveness of it; for several years I was exactly that person, and I made a lot of mistakes because of it. You might be inclined, especially if you understand human motivation, to assume that those who are being loud and willfully ignorant about privacy do so because they manifest their need for validation with a need for public attention. That’s not always the case; sometimes it’s a misguided sense of “taking one for the team.” Whatever the reasoning, however, the effects are always the same: those folks make a target out of not only themselves, but everyone around them.
It’s Not About You
Here’s the one thing you may not have thought about. Let’s say you’re not involved in any real resistance work. You’re just living your life and doing your thing. The extent of your “resistance” consists of a bit of prepping and some trash talk on the internet. In fact, let’s say for argument’s sake that you’re right, and no one cares about your data. That’s not actually true, but for the purpose of this exercise we’ll say that it is.
What about all of the people who ARE engaged in resistance work? What about all of those who are infiltrating leftist groups? Working behind the political scenes? The ones who are smuggling supplies of various types into states where those supplies are illegal? What about the folks who live in those states?
The truth of the matter is that those who are lackadaisical about privacy make it just that much easier to identify the ones who desperately NEED it. If you’re not encrypting your data, it shines a brighter light on those who are. If encryption was the standard, and all of us were doing it, how do you pick out the ones who are actually encrypting because their lives and/or freedom depend on it?
There’s another point to consider as well. The Grugq, a world-renowned security researcher, puts it this way:
OPSEC is prophylactic, you might not need it now, but when you do, you can’t activate it retroactively.
The concept of privacy as a prophylactic brings another example to mind. Refusing to care about privacy because you don’t think it’s a big deal NOW, or saying that “if it gets really that bad then I’ll care” is like saying you and your significant other will start using condoms if she gets pregnant. In other words, it doesn’t work that way. Ignoring what’s happening on the privacy front doesn’t affect just you or the data you generate. In fact, it only makes it easier for data-hungry entities to grow ever larger and more powerful. And eventually, whether you like it or not, you’ll be forced to care — except you’ll already be screwed.
The bottom line is this: If you don’t care about your own privacy, that’s theoretically your decision to make. There’s just one problem — in doing so, you make that decision for a whole bunch of other people as well. Not caring about surveillance programs, refusing to encrypt your communications to the best of your ability, loudly announcing all over Facebook what you and your group are up to…all of these things involve risk. The risk, however, isn’t just to you. It’s to everyone else you work with, associate with, and in some cases even live with.
Mitigating the Risk
I’m not judging everyone with a social media account or smartphone. Many of us have them, and for some of us, it’s a sad, necessary evil due to business ventures we’re involved with, or other things that we need to be able to do. It’s growing increasingly difficult to operate without some of this technology — try buying a new car without some of these “extras.” As I talk about in class, everything comes down to 1) understanding the risks, 2) deciding whether you can mitigate that risk or need to get rid of the risk. For some folks, maybe they need to stop posting so many pics of themselves and their guns on Facebook, or changing from “all MOLON LABE all the time” to pics of baby goats and kittens. For others, maybe it involves deleting their social media entirely. For still others, it may mean learning how to compartmentalize certain areas of their lives. Compartmentalizing can certainly be done; just ask the family and neighbors of any one of a list of serial killers. They’ll tell you he was such a nice young man and they just can’t even imagine him doing all of that evil stuff.
You don’t have to go back to a flip phone or smash your laptop with a hammer. You might, however, want to learn how to encrypt with PGP/GPG, or how to use a VPN, or why you shouldn’t have a FitBit/Alexa/Nest/Ring/Google Home etc. Do something other than ignoring the problem. Take the steps that you can actually do, and start putting a bit of work in. If you’re not actively involved in certain activities in support of “the cause,” fine. But at least help out those who are. To twist a well-known phrase, the life you save might not be your own.