Uncovering the following article and spending time to digest the perspective of the author, I wound up being bounced around with conflicted thoughts regarding the political views in relation to privacy advocacy. I so much contemplated interacting with the author, but realized the language, judgement and ad hominem argumentation left me in the environment of a Social Justice Warrior flexing their privacy knowledge. I thought it better to merely share this piece as evidence of broader perspective on the Privacy Issue.
Nadim Kobeissi Software Does Not Answer a Trump Election Nov 13, 2016 • 15 minutes to read Donald Trump was elected President of the United States five days ago. Since then, the digital privacy and encryption advocacy community has responded with articles that present a perspective that is opportunistic and hubristic to the point of risking a long-term danger to the civil discourse on encryption and digital privacy. Digital privacy and security advocates are planting the seeds for a narrative that risks being almost impossible to uproot as more time passes and more misinformation is spread.I want to explain to you the nature and context of the danger I perceive in the digital advocacy community’s reaction to Trump’s election.
The Current Reaction of Digital Privacy Advocates Against the Election Results
Two days ago, Amie Stepanovich, the U.S. Policy Manager at Access Now, a leading digital privacy group, expressed the following potential protections to use after Donald Trump’s election:
Here, we see Stepanovich suggesting, to great success and hundreds of retweets, that the following pieces of software are, in some mysterious way, relevant to Donald Trump being elected president:
- Privacy Badger, a browser extension from the Electronic Frontier Foundation that blocks invasive advertising and invisible online trackers.
- HTTPS Everywhere, a browser extension from the Electronic Frontier Foundation that forces your browser to use encrypted HTTPS connections more often than it otherwise might.
- Signal, a mobile messenger from Open Whisper Systems that provides end-to-end encrypted private messaging and voice calls.
Update (Nov. 14, 2:59AM): Josh Levy, Access Now’s Advocacy director, doubled down on the advice given above, refusing to retract it and calling me “offensive as shit” after accusing me of “spending my time twisting people’s words”. My invitation for Access Now to retract the advice given above, for the reasons described below, remains open.
Today, Micah Lee, a leading privacy advocate who personally aided with the Snowden disclosures, published his new article entitled “Surveillance Self-Defense Against the Trump Administration”:
Lee’s article, which advertises itself with an animation of an iPhone flashing a satanic-looking black-and-white animation of Donald Trump’s screaming face, alternating with what looks like garbled encrypted data, contains some relevant anecdotes. First, Lee outlines that he sees Trump as a “racist authoritarian” who is:[…] eager to misuse his power and get revenge on his perceived enemies […] it’s reasonable to conclude there will be a parallel increase in abuse of power in law enforcement and the intelligence community.
There, Lee and I fully agree with each other. I think Donald Trump is indeed unfit to lead a country as influential and relevant as the United States. I think he has solid racist and authoritarian tendencies, and I don’t say things like that lightly. I think Donald Trump is likely to affect my own quality of life, and I’m a comfortable ocean of water away from him! Our image of Trump, minus the ridiculous, childish demonic animation leading Lee’s article (and signaling, I think fairly, the degree of nuance his political thinking enjoys), is quite similar.
Given this shared idea of a common opponent, let’s see what advice Lee offers in his piece against dealing with a racist authoritarian possessed by an utter disregard for the rule of law:
- “Encrypt Your Phone”: Encrypting your phone will, according to Lee, have an effect against a racist authoritarian being the President of the United States and should be a first step for activists.
- “Ditch Your Phone At Sensitive Moments”: You’ve encrypted your phone, but you should also ditch it at sensitive moments.
- “Switch from Facebook Groups To End-to-End Encrypted Groups”: Donald Trump’s presidency appears to have a direct effect on the reliability of Facebook groups, and, according to Lee, these have now become unfit for community organizing in the United States.
- Lee’s article goes on in similar tone-deafness: “prioritize security when building activist sites”, “secure your accounts and computer” (using disk encryption, stronger passwords and two-factor authentication), and even installing virtual machine software such as Qubes to compartmentalize your computer usage into small virtual computers on your machine.
I finished Lee’s article slightly expecting him to suggest that I also make sure to lock my door in the evenings and to Amazon myself a book on counter-intelligence so that I can, without delay, memorize the chapter on countering psychological operations or soft-power political ingratiation within my circle of close friends, and that doing these things, too, will make Donald Trump less likely to affect my life.
This Rhetoric Constitutes a Long-Term Danger
The failure of the loud, influential voices we have here is twofold:
- Regular citizens, journalists and activists looking for reassurance, self-empowerment or protections against whatever potential evils of a Trump Presidency they foresee obtain advice that is incremental at best, but that in the vast majority of cases promises to have completely and utterly no relation whatsoever to the problems they want to protect themselves from.
- Cryptography and security software engineers, such as myself, see our work being further abused by loud political voices who fashion it as the solution to problems it cannot hope to seriously affect or solve. This makes it more difficult for us to properly communicate the features and limitations of our work. The latter is already, literally, the defining challenge of my adult life.
It is frighteningly difficult to impede the steamrolling momentum of advice like this. Voices like Stepanovich and Lee’s enjoy a buildup of credibility and supposed legitimacy. They are offering familiar solutions, comfortable to those already in privacy and activism circles, and that claim aid against a shocking new political reality. Already other, more mainstream such as The Atlantic are picking up on this advice.
It is even more difficult to combat this kind of rhetoric when the advice these people are offering is fundamentally useful. Of course you should you use Signal (or another privacy-enabling messenger, such as Wire or WhatsApp, or my own Cryptocat.) Of course you should install Privacy Badger. Of course you should encrypt your disks. Of course you should use a stronger password. These are things that every able adult should do, same as every adult should brush their teeth twice a day and wear a seat belt. The problem here is that this advice is being peddled as if it is directly relevant to protecting oneself against a Trump election, and without any notion of a threat model or concrete security goals. It isn’t directly relevant, and it’s being communicated opportunistically, not responsibly and not intelligently.
This advice is only a few (admittedly solid) steps more relevant than having a car manufacturer claiming that wearing your seat belt will help you against the election results, or a dentist claiming that brushing your teeth daily will help you against the policies of the Trump administration.
As difficult as it is to combat the suggestion of a familiar comfort from a trustworthy source, it must be said that these leading figures in the digital privacy community, who are responsible for communicating to the broader public what encryption software is supposed to do, are communicating a perspective that only perpetuates the ignorance surrounding digital privacy. It indicates, at best, a brain drain on the part of this advocacy community, and at worst an opportunistic capitalization on a shock political event in order to broaden their message on the adoption of encryption software. This is because the adoption of the software tools they recommend is completely irrelevant to the new issues that Americans now face, along with the rest of the world.
Instead of asking themselves what new, directly relevant solutions they can come up with to protect people’s rights against a Trump presidency, digital privacy advocates are asking themselves the much simpler, lazier and more comfortable question of how much they can exploit the Trump election to harder sell their existing message on digital privacy, regardless of its direct applicability or relevance.
Not Repeating Snowden’s Mistake: Developing a Trump Threat Model
In order to understand whether Stepanovich and Lee’s advice is applicable, we need a threat model. We need to be able to, using grounded facts and reproducible reasoning, understand what are Trump’s possible activities as an adversary and how this affects the channels that we use to communicate as citizens, journalists or activists. Instead of arriving to Trump-relevant advice by coincidence, we need to be able to always provide a one-to-one bilinear mapping of how a certain Trump administration activity motivates the adoption of a certain methodology leading to better digital privacy.
Neither Stepanovich or Lee is even close to following this approach. All they’re doing is rehashing the exact same advice they’ve been giving for years, even before Trump declared his candidacy, and hoping that the Trump earthquake will tsunami their message further into the public consciousness, not even caring to judiciously, critically review their message’s relevance to current political events.
After Snowden’s disclosures, there was no lucid, grounded threat model with which to understand the NSA. The result was that the NSA was perceived as some kind of unknowable tentacled monster that we must throw at software after software, with the hopes of somehow impeding it, like some Godzilla being impeded by volleys of small missiles from ground Tomahawk launchers. This approach resulted from our relative ignorance and therefore we can’t rely on it as our gold standard.
This is leading to utterly irrelevant advice. Stepanovich suggests that Privacy Badger will help you against the election results. Privacy Badger blocks ads that track your activity online. Lee suggests that Trump has personally made Facebook groups no longer a safe option for community organizing. These pieces of advice are literally displaying the worst methodology of ignorance: they sell ideas of digital security in the worst manner possible, by foregoing any notion of cause-effect relationship. Do we understand how Privacy Badger can be directly related to a Trump Administration’s executive order? We don’t. Bringing Privacy Badger and HTTPS Everywhere into a discussion about Donald Trump assuming the role of Commander in Chief is utterly ridiculous. It’s laughable. It’s moronic. And yet the foremost voices advocating for my field are being socially rewarded, instead of reprimanded, for peddling this as educated advice.
Now, in the case of Facebook groups, we do know, and Lee correctly argues, that a simple subpoena from the executive branch will force Facebook to hand over all data relating to a Facebook group. It makes sense that Lee would expect activists to use Signal instead. While this is a nugget of good advice, it however still comes from the era from before when Trump ran for President. Lee’s message from 2013 just happens to coincide with good advice for an unreliable U.S. President. The problem remains that Lee has not reconsidered his message fundamentally to reshape it to advice that suits a Trump presidency’s specific threats against a free and open democracy, press and so on.
Lee hasn’t bothered to reformulate his hypothesis to suit the new reality. Instead, he reformulates the new reality to suit and promote his old hypothesis.
Here is what digital activists like Stepanovich and Lee can do: focus on the emerging problems.Signal and a strong password will only take you so far. But they are pathetic proposals for solutions compared to what really faces the United States right now: a real risk towards long-term social and institutional decay in the United States, that might soon permeate to other leading democracies. That’s a problem that I don’t think Signal can solve or even, more than mildly, affect. I don’t think Stepanovich and Lee even truly understand this problem. And yet, that is the fundamental new problem that we are facing after Trump’s election, and it should be the kernel from which digital advocacy solutions flow.
It’ll be harder to threat model starting from this formidable premise, but the result will be far less hubristic than what they’ve contented themselves with. We need to ask ourselves not whether we should switch from Facebook groups, but whether infrastructure such as Signal’s can even resist a persistently antagonistic executive branch. We don’t need to push two-factor authentication as a panacea, but rather understand that such measures offer no hope against an adversary that establishes automatic law enforcement compliance with all major technology services in the United States.
The current rhetoric being passed on by digital privacy advocates is responsible for more influential voices now claiming that two-factor authentication somehow helps with “opposing Trump.” It doesn’t. Not even a single bit. And yet, this suggestion was shared more than 4,000 times.
More than anything else, we need to operate starting from a hypothesis the investigation of which allows us to better understand the social, political, cultural and economic forces that have led us to this stage of blind panic, where we chuck software at a Trump presidency. Software does not work against this kind of new reality. Understanding the basis for his prophesized attacks on free speech, digital privacy and the press will lead for an ability to devise new solutions that are simply more relevant. So long as leading digital advocates are unwilling to exert the intellectual effort and settle for the comfort of neural pathways they’ve already formed, we will not be ready to face what is perhaps the most significant emerging threat to global civil society in modern times.
Digital Privacy Advocates Must Hold Each Other Accountable
Specifically because of how serious a threat a Trump presidency promises to pose to global civil society, I do not accept the current standard of advice being sold by digital advocacy groups. I will go further: shocker events such as the NSA revelations gave many of these organizations, to put it bluntly, a message to sell and a budget for selling it. Trump shouldn’t be seen as an opportunity for Access Now, the Electronic Frontier Foundation, the Open Technology Institute, The Intercept, the Freedom of the Press Foundation and others to better sell a message they’re fearing was getting stale. In fact, they have earned a warning: this isn’t an opportunity for you to meet your political quotas. The only responsible reaction to Donald Trump is formulating a new hypothesis to suit the new reality, not the other way around.
Look at the results and listen to me. The racist, nationalist French National Front just accepted Stephen Bannon from Breitbart’s invitation to work together. Bannon is currently a leading figure in Trump’s White House transition effort after deep involvment with his campaign. He will soon have a branch of Breitbart in Europe and Trump will soon have an ideological ally in France. The National Front already receives a third of the French popular vote, and that was before Trump was elected. This is how organized, how intelligent our opponents are. You are not matching them because unlike you, they are formulating their hypothesis to suit the new reality.
Even before Trump’s election, there were already egregious signs of a lack of political education even from the most adulated of digital privacy figures: Lord Edward of Snowden, First of His Name, Bringer of the
Stone Tablets from the MountNSA Powerpoint Slideshows, asked his supporters to vote third option. This incredibly fruitless political encouragement, which was retweeted more than 7,000 times and covered in news media, legitimate or otherwise, is further encouraging the notion that these are the sorts of ambassadorial perspectives that the digital privacy clan holds. Snowden frequently expresses equally childish political advice, in public, on a Twitter account. And yet, denouncing Snowden for the political ignoramus that he is is considered blasphemy. Here is my claim: one act of noble political conscience, no matter how historic, will not excuse you for a lifetime of linearly increasing public political vapidity, and most especially not in these new times where political lucidity is in dire demand and in short supply.
I’ve been in this sphere for six years. Micah Lee and other digital advocates are respected friends. In writing this post, I am ruthlessly gnashing my fangs at actual colleagues. I do this because intellectual laziness, coupled with in-group ingratiation, must not stand. It defeats the intellectual fitness we need to survive in these new times. Diplomacy isn’t my job, and I can’t be more thankful that I understand my role as well as I do. I hope they will understand the meaning of my message and the urgency with which I present it.