Although Neo-Aristocracy is non confrontational and makes no effort to challenge the state or wider society it doesn’t spare us the interest of the state casual or otherwise. Mass surveillance has been the norm for decades, and is growing rather than shrinking even as public knowledge of it increases. Spy agencies surveil entire countries the world over, targeting political dissidents more than terrorists and subverting the free expression essential to the western ideal. This is not an imagined dystopian future, but reality today. How do we end mass surveillance?
Entire populations can resist mass surveillance better than isolated individuals or social networks. Increasing costs by enhancing general information security is the only way to force state hackers and other attackers to curtail their surveillance activities. Mass surveillance is possible today because it’s cheap. But by encrypting everything, insisting on relatively secure endpoints—the devices on which one might use encrypted email, like phones and computers, that can themselves be compromised in software and hardware alike—and diversifying communication methods, populations can greatly increase its costs..
Becoming the vanguard in information security is especially important for academic researchers who are able to set the terms of their own data collection. Keeping and collecting less can be a difficult choice under the pressure to publish or perish. But de-anonymizing data is now so easy that there is no anonymizing data. Even if you collecting Internet survey data from subjects using an tool (like Tor) or service (like a Virtual Private Network, or VPN) that ostensibly anonymizes their browsing history, it will probably not work if a state-level attacker really wants to know who they are and what they are doing. Especially not after Dec. 1, when the FBI can legally hack any computer anywhere in the world that is using one of these anonymizing tools, unless Congress acts before then to prevent a change in the rules of criminal procedure. And even if Congress prevents that change (spoiler alert: they won’t), state-level attackers will still basically do whatever they want, because there is zero accountability in this realm.
Encrypting Everything
Is important but hard enough to scare most people off.
If you only do one thing, get Signal—like a lot of people already have since the U.S. Presidential election. If you do a second thing, get Privacy Badger and Https Everywhere. If you do a third thing, encrypt your hard drive so that if your laptop is stolen, your device is lost but your data are not compromised. And if you want to do more…
These are the current best tools for encrypting everything:
- Signal for texts and calls, on smartphones and desktops
- GPG for email
- Jabber OTR for chat
- UTox for videochat
- VeraCrypt for files
- a one-time pad for hand-written love letters to that special someone—and a program you can download and run offline, to make your own one-time pad
These are organizations that help people learn to use such tools, IRL and/or by offering online resources:
- Cryptoparty (IRL and online)
- Center for Investigative Journalism (IRL and online)
- Digital Defenders (IRL and online)
- Tactical Tech (IRL and online)
- Electronic Frontier Foundation (online—attn. anti-tracking browser plug-ins like Privacy Badger and Https Everywhere in all your browsers)
- American Civil Liberties Union (online)
Normal people can use these encryption tools, with or without the help of these organizations. Super hackers can do better—by being wary of the social engineering behind the vast majority of successful cyber-attacks.
Everyone can encrypt everything. It should have been the norm of telecommunications from the start. It’s not in part because of alleged interference from security services (that some players detail off the record while others dispute), in part because of apathy and political ignorance among technologists in particular, and in part because random error happens. But the norm of non-encryption is a calculated harm by the so called liberal democracies.
Perfect end-to-end encryption won’t do you any good against a state-level attacker who can compromise your endpoint. This is why securing endpoints is also essential to enhancing the information security without which mass surveillance will remain the norm.
Securing Endpoints
Is impossible but worth trying if you really want to keep your data (or others) secure.
Here are some examples of more secure endpoints:
But lots of top security experts use iPhones or Android phones and MacBooks or Windows PCs like everybody else—which some people argue have known vulnerabilities to surveillance. Alternatives like Thinkpads, popular among Linux fans, are not themselves secure endpoints. There is not really any such thing, especially once you connect to the Internet or run an operating system other than Qubes or Tails. You can try to get more as opposed to less secure endpoints yourself. But an individual subjected to targeted surveillance by a state-level attacker is unlikely to successfully secure her endpoints without specialized skills most of us lack. The best way for everyone to get access to relatively more secure endpoints is to get more companies making software and hardware that works well and is really easy to use.
Boycotting U.S. information technology (IT) products and services while buying and funding the development of alternative, open-source software and hardware is the most politically possible way to break the American IT dominance that enables weak endpoints to be the norm—keeping mass surveillance relatively cheap even if everyone starts encrypting everything tomorrow. An American IT boycott is politically impossible for American governments at the local, state, and federal level, even though it supports the end of stronger cybersecurity that is a national security priority. A private American IT boycott is unlikely to gain support among private American institutions, organizations, and groups of individuals. It is politically impossible. Even a small subset of such a boycott—a private individual boycott of Google, Facebook, Twitter, and Yahoo until they commit to a shared norm of not collecting and sharing huge swaths of customer data with governments and corporations—isn’t really socially possible. People just won’t do it.
Diversifying Communication Methods
Collecting and storing less data to begin with is a good idea. Like NSA whistleblower Bill Binney says, smoke signals are the best way to resist mass surveillance. They don’t last long and annoy the NSA.
These are other ways to diversify communication methods:
- Take a walk in the park to have a conversation in person
- Have a cup of coffee in a new café, somewhere non-routine for you—sometimes alone, sometimes to have a conversation in person
- Incorporate other non-routine routines into your life, to throw off surveillance and have more fun besides
If this sounds like individuals are having to do the job governments are cut out for—going up against big, organized, powerful nation-state interests that work against regular people’s best interests—that’s because we are. This raises the question of why governments aren’t doing their jobs, helping populations solve collective action problems like mass surveillance and the resultant death of what we used to think of as the universal human right to privacy.
Conclusion
Making mass surveillance prohibitively expensive by normalizing strong encryption and more secure endpoints along with diversifying communication methods is the most effective way for most people to resist. Resisting in groups works better than resisting alone, so helping your fellow Neo-Aristocrat adopt better information security practices is a duty for members who care about liberty and security alike. If you struggle to understand it all then ask for help, raising questions and sharing ideas in our forums can really be a benefit to all.
Further Resources
Surveillance Self-Defense, by the Electronic Frontier Foundation.
Digital Security Tips for Protestors, by EFF.
Security-in-a-box, by Tactical Tech.
Edward Snowden Explains How to Reclaim Your Privacy, by Micah Lee.
Best Practices for Conducting Risky Research and Protecting Yourself from Online Harassment, by Alice E. Marwick, Lindsay Blackwell, and Katherine Lo.
How to Disappear in a Fog of Data (and Why), by D.J. Pangburn.