Someone asked me last week if encryption tools like PGP were becoming common in activist communities. Answering honestly, and considering my own sparing use of encrypted communications, I said that I didn’t think it was too common–but it is impossible to give a definitive answer. Anecdotally, we know that PGP is perceived to be difficult to use and is completely useless if not adopted by those that you are communicating with. Worse, it can draw unwanted attention to communications and is even illegal in some countries.
It is profoundly inconvenient to take privacy seriously. But this inconvenience has more far-reaching consequences than we tend to realize.
Two weeks ago, Julian Assange pointed out the obvious in a widely publicized video.
Given that Gmail, Blackberry, and iPhone are the most consumed (and arguably the most consumer friendly) tools, they are the models for which many surveillance technologies are being developed.
Having data exposed will not ruin the lives of most. And perhaps that is why many have lowered their privacy expectations, “government or corporations might mine my data, but I have nothing to hide.” The dominance of this laisse faire approach to privacy protections in communications means that companies haven’t been forced to provide default encryption. The onus of encryption, security, and privacy protection falls largely on the individual. And even once the hurdles of motivation are surmounted, the available options are limited.
Setting up a PGP system takes time and know-how and slows down communication. Free services that take privacy seriously — like RiseUp — often don’t have the funds to develop a slick interface a la Google, and are less convenient to use as a consequence.
Our collectively lowered privacy expectations are troubling, not in the least because popular complacency has powerful consequences for a minority. Those whose privacy is both tantamount and laden with risk, get stuck with the responsibility of advocating for privacy standards as a public good. (Often at the expense of inviting even greater risk.)
Breaches of personal data troves and information surrounding activism regularly involve threats to political viability or physical safety.
When activists do proactively use niche tools like PGP and services like RiseUp to ensure that the content of their digital communications are not available to the highest bidder, their activities and internet traffic stick out. “Why are they so insistent on keeping their communications private? They must have something to hide.”
In addition to building the capacity of activists to communicate securely, we need to take our online privacy seriously, and expect more from the companies that are central to our everyday Internet lives. Privacy should not be the exception.
I used to definitely have the attitude that I had nothing to hide but obviously with the widening restrictions on seemingly normal everyday actions (such as sharing links online) it does feel like at some point we will all have something to hide. Hopefully if this the grip does start to tighten and it’s publicised enough it will give a boost to ensuring encryption technology can reach a more public audience. I will be very interested in seeing what Assange is going to come up with.
Enjoyed the article, thanks.
Thanks for the comment, Ian. As individuals, we can take steps to standardize basic security measures. The Electronic Frontier Foundation helped build HTTPS Everywhere, which forces (for sites that have certificates) SSL encryption when you surf the web. A lot of protections, particularly in the US, stem from the expectation of privacy. Talking to friends about the fact that authorities need a warrant to open your physical mail, but in “warrantless wiretapping” could read your email without one, can go a long way in turning the tide of expectations around online privacy. By changing these expectations, legal precedent is easier to set and companies will be required to take privacy more seriously (for commercial and legal reasons). It’s a long road, but shaking that view of “I have nothing to hide so I don’t care” is the first step.