Monthly Archives: February 2014

Appearance on NPR’s “Fresh Air”

I spoke with NPR’s Dave Davies on February 24, sharing an excerpt from Dragnet Nation and explaining why in the current climate of  indiscriminate tracking, privacy is becoming a luxury good.

Read a summary, or listen to the full interview below.

Wall Street Journal Interview

On February 21, I spoke with The Wall Street Journal‘s Simon Constable about protecting kids’ privacy online.

Click here for more recent talks and appearances.

Privacy Tools: Protecting Your Kids Online

Dragnet Nation cover artIn the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers.

The following excerpt appeared in The Wall Street Journal on February 21, 2014.

If you search for my kids online, you’ll find barely a trace of them. Not only do I not post any information or photos of them, I have also taught them to erase their own digital footprints.

My children, whom I will call Woody and Harriet, are 6 and 9. They use fake names online—always. They use software to block online tracking, and instead of Googling homework assignments, they use a search engine that doesn’t store any data about their queries. They have stickers that cover their computer cameras. Harriet, my older child, uses an encryption program to scramble her calls and texts to my cellphone, using passwords that are 20 characters long.

Why go to such extremes at such a young age? Because if I don’t do anything to help my children learn to protect themselves, all their data will be swept up into giant databases, and their identity will be forever shaped by that information.

They won’t have the freedom I had as a child to transform myself. In junior high school, for example, I wore only pink and turquoise. But when I moved across town for high school, I changed my wardrobe entirely and wore only preppy clothes with penny loafers. Nobody knew about my transformation because I left no trail, except a few dusty photographs in a shoebox in my parents’ closet. Try that in the age of Facebook.

Even worse, if my children leave their data lying around, they will face all the risks of what I call our “dragnet nation,” in which increased computing power and cheap data storage have fueled a new type of surveillance: suspicionless, computerized, impersonal and vast in scope. Criminals could use my kids’ data to impersonate them for financial fraud. Extortionists could seize control of their computers’ Web cameras and blackmail them with nude photos. And most terrifyingly, their innocent online inquiries would be forever stored in databases that could later place them under suspicion or be used to manipulate them financially.

Persuading my kids to care about privacy wasn’t easy. To them, “privacy” was just a word that meant “no.” Privacy was the reason they couldn’t post videos on YouTube or sign up for kids’ social networks. Privacy is the reason I complained to their teachers about posting pictures of them on a blog that wasn’t password-protected. So I began my family privacy project by explaining to my daughter how strong passwords would let her keep secrets from me—and her nosy younger brother.

We began by using a password methodology known as Diceware, which produces passwords that are easy to remember but hard for hackers to crack. Diceware is deceptively simple: You roll a six-sided die five times and use the results to pick five random words from the Diceware word list, which contains 7,776 short English words. The resulting passwords look something like this: “alger klm curry blond puck.”

Harriet loved building strong passwords. Soon I began paying her to build passwords for me too. Eventually she branched out and started selling strong passwords to friends and family members for $1 each.

Excited by her successful business venture, Harriet soon became curious about some of the other experiments I’ve tried to reclaim my online privacy. She loved the fake identity that I created for some of my online accounts (“Ida Tarbell,” borrowing the name of a turn-of-the-century, muckraking journalist) and decided to use a fake name for her online accounts as well.

Harriet was also entranced by the encryption tools I used to turn my text messages and emails from plain text into huge blocks of code that could only be read by the intended recipient. So I set up an encryption app called Silent Circle so that she and “Ida” could exchange encrypted texts and phone calls.

Harriet also got interested in a program called Ghostery that I use to block online tracking. She particularly liked Ghostery’s logo—a cute little blue ghost that sits at the top right corner of her Web browser. So I installed Ghostery on her own computer, an old netbook that we got free when setting up our high-speed Internet connection. She began to view Ghostery as a videogame, with the goal being to find websites with the most trackers. “Mommy, I found one with 41 trackers!” she crowed, running into my room toting her computer.

Harriet even started to like DuckDuckGo, a privacy-protecting search engine whose logo is a cheerful duck in a bow tie. I set it up as her default search engine, and she happily showed the duck off to her friends.

To keep outside snoops away from the family iPad, we found an app from Brian Kennish, a former Google engineer who quit to build privacy-protecting software. His powerful Disconnect Kids app captured all the traffic leaving our iPad and blocked any contact with a list of known mobile tracking companies. I thought the app’s invisible whirring was quite clever, but Harriet was disappointed that it lacked a videogame aspect: She couldn’t see how many trackers it was blocking.

After Harriet had used Disconnect Kids for a while without breaking any of her other apps, I decided to install Disconnect Kids on my own iPhone. Sure, it was a kids’ app, but I had been struggling to block ad tracking on my phone—and this was the best solution I’d seen yet.

Now, whenever I glance at Disconnect Kids’ dancing green robot on my iPhone, I remember that my kids and I face the same online challenges. After all, what’s the difference between privacy-protecting software for kids and adults when all of our data is being swept up equally indiscriminately?

How the Stasi Spied on Social Networks

Stasi Social Network Analysis (Text)
The East German secret police, known as the Stasi, were an infamously intrusive secret police force. They amassed dossiers on about one quarter of the population of the country during the Communist regime.

But their spycraft — while incredibly invasive — was also technologically primitive by today’s standards.  While researching my book Dragnet Nation, I obtained the above hand drawn social network graph and other files from the Stasi Archive in Berlin, where German citizens can see files kept about them and media can access some files, with the names of the people who were monitored removed.

The graphic appears to be shows forty-six connections, linking a target to various people (an “aunt,” “Operational Case Jentzsch,” presumably Bernd Jentzsch, an East German poet who defected to the West in 1976), places (“church”), and meetings (“by post, by phone, meeting in Hungary”).

Gary Bruce, an associate professor of history at the University of Waterloo and the author of “The Firm: The Inside Story of the Stasi,” helped me decode the graphic and other files. I was surprised at how crude the surveillance was. “Their main surveillance technology was mail, telephone, and informants,” Bruce said.

Another file revealed a low-level surveillance operation called an IM-vorgang aimed at recruiting an unnamed target to become an informant. (The names of the targets were redacted; the names of the Stasi agents and informants were not.) In this case, the Stasi watched a rather boring high school student who lived with his mother and sister in a run-of-the-mill apartment. The Stasi obtained a report on him from the principal of his school and from a club where he was a member. But they didn’t have much on him — I’ve seen Facebook profiles with far more information.

A third file documented a surveillance operation known as an OPK, for Operative Personenkontrolle, of a man who was writing oppositional poetry. The Stasi deployed three informants against him but did not steam open his mail or listen to his phone calls. The regime collapsed before the Stasi could do anything further.

I also obtained a file that contained an “observation report,” in which Stasi agents recorded the movements of a forty-year-old man for two days — September 28 and 29, 1979. They watched him as he dropped off his laundry, loaded up his car with rolls of wallpaper, and drove a child in a car “obeying the speed limit,” stopping for gas and delivering the wallpaper to an apartment building. The Stasi continued to follow the car as a woman drove the child back to Berlin.

The Stasi agent appears to have started following the target at 4:15 p.m. on a Friday evening. At 9:38 p.m., the target went into his apartment and turned out the lights. The agent stayed all night and handed over surveillance to another agent at 7:00 a.m. Saturday morning. That agent appears to have followed the target until 10:00 p.m. From today’s perspective, this seems like a lot of work for very little information.

And yet, the Stasi files are an important reminder of what a repressive regime can do with so little information. Here are the files:

Translation credit: Yvonne Zivkovic and David Burnett

Vann Center for Ethics talk

On February 10, I gave a talk at the Vann Center for Ethics at Davidson College, called “The Ethics of Privacy and Security in the Digital Age”:

“Dragnet Nation: The Ethics of Privacy and Security in the Digital Age” Presented by Julia Angwin from Vann Center for Ethics on Vimeo.

“The New Frontiers of Privacy Harm”

In January, I spoke on a panel entitled “Is Commercial Tracking Harmful?” at a conference held at the Silicon Flatirons Center at the University of Colorado School of Law. Follow this link for a report summarizing the conference.

Twitter