Appalled with government surveillance without oversight? Sick of having your privacy invaded? Numb from stories about the NSA? If you are, you’ll have had many more bad days than good since June 2013.
But today, just perhaps, could be one of the better ones.
Why? Because somebody, somewhere, declared that Feb 11 is The Day We Fight Back Against Mass Surveillance and an awful lot of people are ready to agree. In a message addressed to “users of the internet”, the protest’s website declared:
In January 2012 we defeated the SOPA and PIPA censorship legislation with the largest Internet protest in history. Today we face another critical threat, one that again undermines the Internet and the notion that any of us live in a genuinely free society: mass surveillance.
In celebration of the win against SOPA and PIPA two years ago, and in memory of one of its leaders, Aaron Swartz, we are planning a day of protest against mass surveillance, to take place this February 11th.
Together we will push back against powers that seek to observe, collect, and analyze our every digital action. Together, we will make it clear that such behavior is not compatible with democratic governance. Together, if we persist, we will win this fight.
That sounds good to me – so how are the organisers urging us to push back?
In the days counting down to today the campaign’s home page was rather disappointingly reminiscent of Slashot’s profit meme, protesters were urged to do three things:
- Run website banners and change their profile pictures
- Talk about it on Reddit
- Um, something else (OK, it actually said “Be creative”)
Hearteningly some more substantial activities are on offer. The events page lists the real-world protests that are planned in a number of cities around the world.
The plan to make 11 February a protest against NSA surveillance was announced on 10 January, the eve of the first anniversary of the death of Aaron Swartz, and has the backing of some of the internet’s big beasts like Reddit, Tumblr, Mozilla and the Electronic Frontier Foundation.
Wikipedia, who ran an evocative black out seen by hundreds of millions of people during the SOPA protests, is not on board however.
The organisers of The Day We Fight Back are understandably keen to invoke Swartz’s memory and draw a parallel with the highly successful protest he organised, but I think today is very different.
I agree with the campaign’s motives and wish it the best, but I am, personally, struggling to get behind it.
OK, I admit I struggle to get behind anything where changing my avatar counts as ‘doing something’ but my arguments run deeper than that too.
Here’s why today is not the SOPA protest; The timetable for stopping SOPA was driven by the passage of a bill through the US congress and the goal was clear – stop the bill, stop SOPA, save the internet.
In its own words the anti-SOPA campaign melted the phone lines to Capitol Hill. Minds were changed, believers turned to sceptics.
If the phone lines melt today, no votes will be counted because no votes are at stake. The smell of molten plastic might snap a few congressmen into line but what are we asking them to do, exactly, once they are? Without a clear goal the protest becomes a tantrum.
The anti-SOPA campaign was also fighting to stop bad news that hadn’t happened yet. What was being fought against was well understood and everyone could agree on what was required to stop it. And, perhaps most important of all, the campaign’s adversaries were operating in daylight and within the law.
Last of all, SOPA might have been a problem for everyone but the solution at least was confined to the USA.
None of these things are true about the situation we’re Fighting Back against today.
Of course if I use this article to simply protest against the protesters, then I am doing no good either. So let me set out what I think today will be about for me, as well as what you can do.
Before Snowden, we knew little or nothing of internet surveillance by governments. Some suspected it was going on; throwing mud in China’s direction was very popular and there had been rumblings about a system called Echelon for years, but we didn’t really know anything.
Collectively we mistook not knowing it was there for it not being there at all.
Since then we have been fed a steady, relentless flow of information, week after week, about intrusive, pervasive, government surveillance. But each week’s revelation has come from the same whistleblower, and each story has been about the same people doing the same sort of things in the same sort of places.
It’s been groundhog day since PRISM and we’ve actually learned very little.
As illuminating as it is, much of the information from Snowden is old (some of it is as current as Windows Vista) and almost all of it deals with one government agency in one country. That suggests to me that our understanding of internet surveillance, while better than it was a year ago, is mostly incomplete.
I do not believe that the NSA is the only organisation, nor that the US is the only county, capable of tapping into internet cables. Nor do I believe that if the NSA dismantled its infrastructure today I’d be safe from government surveillance.
Surveillance by the NSA is the problem we know about, but illegal surveillance by anyone in any country now or in the future is the problem we have to address if we’re actually interested in making ourselves safer.
Who do we lobby to fix that situation and how will we ever know if we have succeeded?
The answer is that we don’t know and we never will. If that’s the case, the only sensible way to behave from now on is as if we haven’t won, even if it looks like we have.
Making ourselves safer is not only useful but a form of protest – one that actually impacts the organisations spying on us in a way that any number of catchy hashtags never will.
Fittingly, 11 February is also Safer Internet Day, a day its organisers hope will promote safer and more responsible use of online technology and mobile phones, especially among children and young people.
Their slogan is “Let’s create a better internet together” and that is a slogan I can get behind.
What we need from 11 February is not a day of noisy protest but a day of action that kicks off the difficult process of turning the internet from something that is easily spied on into something that isn’t.
The way to do that is to start using, or (better yet) contributing to, software, services and protocols that use encryption when data is on-the-wire or at rest. There are a thousand ways to do that but here are just a few suggestions:
A good place to start for anyone who wants to share less about themselves online is by taking our 3-Step Privacy Plan Diet.
Web users can encrypt more of what they do online by using tools like HTTPS everywhere or Tor.
Systems administrators can ensure that email servers talk to each other using TLS (Transport Layer Security), that email at rest is encrypted, that websites use HTTPS and Forward Secrecy and that their DNS is secured with DNSSEC.
If you’re interested in the bigger picture, the IETF (Internet Engineering Task Force) has a number of active working groups dealing with things like the future of HTTP and TLS.
There is also the pressing question of whether Covergence, DANE or anything else can offer a realistic alternative to the vulnerable system of Certificate Authorities we use today.
Encrypt everything
Us “senior citizens” wish we didn’t have to remember/change/encrypt/learn so many userIDs and passwords. Sigh….
If you really want to screw with the NSA give them false and out dated information by storing crap files on your electronic devices and encrypt everything let them figure it out and when they do the idiots will have egg on their faces. The NSA has no respect for anyone so time to shame them all for this illegal activity they call surveillance.
Ugh. Not very interesting. These guys are doing it better.
http://tracking.tenthamendmentcenter.com/issues/nsa-spying/
They’re trying to deal with unconstitutionality of the NSA spying on US citizens. That’s laudable but it’s a domestic issue for one country out of 200.
If the unconstitutional behaviour is ironed out but the NSA keeps on spying then 95.5% of the world’s population will be in the same position as they are today and the population of the USA won’t have done anything to prevent anyone else from spying on them.
There are some good points in this article, but it appears to be written on the premise that no more awareness is needed, only action. While I’d love for that to be the case, the vast majority of people in the US and elsewhere in the Internetified world at large are still blatantly ignoring this dragnet surveillance issue. Thus a day of making noise is a day of raising awareness that what’s going on isn’t good and that more people should start to pay attention.
The EFF is driving a campaign today, getting people to call their representatives. The link by the previous poster is calling for the same sorts of things.
My hope is that enough traction is gained in the undeniable epicenter of this whole affair — the USA — that other countries’ governments have to sit up and take notice too. We can’t change the world all in one go, but we can take concrete steps, one step at a time.
I did call my Senators and Congressman today. What did you do?
I didn’t get the idea Mark thinks we need ‘no more awareness’ at all. But I agree with him that the awareness we have is rather one-dimensional. It’s Snowden’s story, told in serial form, verse by verse and chapter by chapter.
As you concluded, your response was action…and Mark gave lots of things you can do as well 🙂
This article is wrong on at least one level: the US is the country that is able to collect more information than any other from the web.
Where are most large internet companies? Through which country do all South American Internet connections with the rest of the world pass? Which country has agreements with four other English-speaking countries to pass information to it? Which country has most online data storage (Google Drive, Microsoft etc.)?
I will also hazard a guess that undersea cables are to a large extent owned and/or operated by US companies.
HTTP 2.0 must encrypt everything – and not just “by default”, but by design. If possible, with perfect forward secrecy.
I didn’t say the USA can’t or don’t collect more data than anyone else I said we have to assume that countries other than the USA can tap internet cables too.
If you’re living in Russia and you’re worried about domestic spying of what you say on vkontakte I would imagine that knowing more data is stored in the USA than anywhere else is cold comfort and a USA-first approach to solving the problem certainly wouldn’t help.
Mark, I didn’t call you out on whether or not the US can collect more information than anyone else; the answer is obvious. I did fail to make clear what my concern was, so will rectify that now.
When you state “…illegal surveillance by anyone in any country now or in the future is the problem we have to address if we’re actually interested in making ourselves safer” you are basically arguing that we should ignore the elephant in the room because there are all these pesky mice around the place.
This is wrong. Deal with what you can deal with now, which is the biggest surveillance apparatus in history. Yes there are other things that need to be done, as I stated in my previous post – but for the moment make some noise about the people who have lied to Congress with impunity, the politicians who have lied to their voters with impunity, the media that have decided you can’t handle the truth, the businesses who have been complicit in the theft of your personal information.
I expect and hope that RSA will be out of business by the end of the year, as a result of their $10 million dollar bribe. Any other company that is shown to have been complicit in this unconstitutional activity should also face the wrath of consumers.