Someone asked me last week if encryption tools like PGP were becoming common in activist communities. Answering honestly, and considering my own sparing use of encrypted communications, I said that I didn’t think it was too common–but it is impossible to give a definitive answer. Anecdotally, we know that PGP is perceived to be difficult to use and is completely useless if not adopted by those that you are communicating with. Worse, it can draw unwanted attention to communications and is even illegal in some countries.
It is profoundly inconvenient to take privacy seriously. But this inconvenience has more far-reaching consequences than we tend to realize.
Two weeks ago, Julian Assange pointed out the obvious in a widely publicized video.
Given that Gmail, Blackberry, and iPhone are the most consumed (and arguably the most consumer friendly) tools, they are the models for which many surveillance technologies are being developed.
Having data exposed will not ruin the lives of most. And perhaps that is why many have lowered their privacy expectations, “government or corporations might mine my data, but I have nothing to hide.” The dominance of this laisse faire approach to privacy protections in communications means that companies haven’t been forced to provide default encryption. The onus of encryption, security, and privacy protection falls largely on the individual. And even once the hurdles of motivation are surmounted, the available options are limited.
Setting up a PGP system takes time and know-how and slows down communication. Free services that take privacy seriously — like RiseUp — often don’t have the funds to develop a slick interface a la Google, and are less convenient to use as a consequence.
Our collectively lowered privacy expectations are troubling, not in the least because popular complacency has powerful consequences for a minority. Those whose privacy is both tantamount and laden with risk, get stuck with the responsibility of advocating for privacy standards as a public good. (Often at the expense of inviting even greater risk.)
Breaches of personal data troves and information surrounding activism regularly involve threats to political viability or physical safety.
When activists do proactively use niche tools like PGP and services like RiseUp to ensure that the content of their digital communications are not available to the highest bidder, their activities and internet traffic stick out. “Why are they so insistent on keeping their communications private? They must have something to hide.”
In addition to building the capacity of activists to communicate securely, we need to take our online privacy seriously, and expect more from the companies that are central to our everyday Internet lives. Privacy should not be the exception.