Encryption, After the Election

in Writing on Trump, 2016 election, Encryption, Computers

You may know that I’m a big proponent of strong encryption – “tin foil hat” stuff, if you want. I think it’s important that we, collectively, secure our private data, since the 0s and 1s of data have become the modern analog of 18th century “papers and effects”. To this end, I would like to offer some advice and spark discussion about how best to secure our collective data and promote the ideal of freedom in our technical era.

This is not about who was elected on Tuesday; this is an issue that has been around much longer, and will have implications that will reach far beyond one four year term. This is also probably going to be a long read, and I hope you will do more than skim it, because I value your thoughts and ideas.

  1. Know your rights. Whether you live in the United States, the United Kingdom, Brazil, Liberia, or Hong Kong, you have rights that pertain to your liberties and your data, and whether or not you may be compelled to divulge your data. These rights can be complicated: for instance, in the United States, you may be compelled to unlock a phone if it is locked with your fingerprint, but not if it is locked with a password; in the United Kingdom, refusing to provide a password to authorities is a criminal offense. The Electronic Frontier Foundation provides resources to guide you, and there are many other resources available online.
    https://www.eff.org/issues/know-your-rights

  2. Use strong passwords and change them often. This is a slippery slope. It’s easy to remember one password and to use it for all or most of your digital accounts. However, that means that if any of your accounts are compromised, all of your accounts are compromised. Try separating vital information like banking or email from non-vital information by using different passwords for different types of accounts, if using completely different passwords is difficult. Do not keep a plaintext (unencoded) spreadsheet of your accounts and passwords online. If you need a memory aid, use a small, physical notebook and try to obscure the contents (i.e. by adding random characters or words every few characters). This is not perfect, but it will help protect you. Using password generators/safes like LastPass and KeePass (the latter of which is open source) is an alternative, but remember: all of your passwords are only as safe as your master password.
    https://xkcd.com/936/
    https://xkcd.com/792/
    http://keepass.info/
    https://www.lastpass.com/

  3. Use secure messaging. Look into GnuPGP if you need to send sensitive emails, and join Signal (an end to end encrypted messaging app for texting). Signal is dead simple and PGP, while it’s more complicated, is being supported in many, many more applications and the algorithms that underlay it are currently the gold standard for encryption.
    https://whispersystems.org/

  4. Turn on two factor authentication. Two factor authentication (2FA) is a method of ensuring that an account login attempt was made by an authorized user, and not just someone who guessed the correct password (or beat you into giving it to them, which is called “rubber hose cryptanalysis”). Google made 2FA a mainstream thing, but it is supported, in some way or another, by many, many services. Go turn it on now.
    https://support.google.com/accounts/answer/185839?hl=en

  5. Support TOR. So far, everything I’ve suggested has been either common sense or designed simply to secure your personal data. TOR is different. The Onion Router (TOR) is a project that aims to provide anonymous browsing to individuals all over the world – even those who live under oppressive regimes that censor the internet. TOR has been criticized by politicians, national security and law enforcement services, and others because it is a tool that has been used by criminals. However, just as a physical lock or a computer password may be used by criminals, the vast majority of TOR users are privacy-conscious web browsers, journalists, whistleblowers, and people who simply want to hide their web browsing from ISPs, governments, and criminals. TOR relies on a system of encrypted relays, through which internet traffic is directed until it reaches an end node – the computer that, to an observer, appears to be serving the request for data. You can help privacy activists, dissidents, journalists, and others by volunteering to host a TOR relay (your local library may already be hosting one). If someone uses a TOR relay for criminal purposes, you may have legal protections; the American Civil Liberties Union, the TOR Project, and the EFF all have staff attorneys who have dealt with similar cases.
    https://www.torproject.org/

  6. Support others who do not have the same rights and privileges as you. The majority of my Facebook friends are American or European, well educated, and do not live under regimes that (overtly) deploy anti-opposition surveillance, disregard the rule of law, or engage in secretive and malicious operations against their own citizens. Many others do not have this luxury, and so it is up to us to hold our leaders accountable for decisions that might (directly or indirectly) compromise the human rights of others. This means that we should push for stronger encryption standards, not turn a blind eye to the suppression of dissidents by other governments, and advocate for a more free (as in speech) internet in order to create a global commons from which anyone can feel free to add or draw value.

I may add to this list as I think more about it and, hopefully, as discussion happens in the comments.

What are your thoughts?