A note about privacy

Several media outlets that major on investigative journalism provide special ways for people to communicate with them.

 “Motherboard” is one such. It is part of an online media group called “Vice”. The name is a little misleading. As far as I can tell it has nothing at all to do with “vice”.

If someone has a story they want Motherboard’s journalists to look at they are invited to send it in. But Motherboard is aware that anonymity (for which also read “privacy” in this instance) may be a prerequisite for a whistleblower or someone with, er, delicate info.

The site therefore gives a would-be informant advice about how to go about concealing themselves.  Or should I say “how to try to conceal themselves”? Read on. Or read this if you really want to do a deeper dive using a different source.

The first thing that strikes you about the advice Motherboard offers is how detailed, extensive and complicated some of it is.

All this actually does is remind us how flimsy or insubstantial the whole online privacy promise is in practice, at least for the overwhelming majority of internet users. Maybe the the uber techies didn’t need reminding, but then…. 

Here are some choice extracts from Motherboard’s suggestions about how to proceed

Postal Mail

While it may sound old-fashioned, using postal mail is still one of the safest, most anonymous ways to send letters, documents or even thumb drives”. (emphasis added by me).

It goes on

“If you choose to send us postal mail, please do not include a return address and mail your letter in an envelope from a sidewalk mailbox, ideally on a corner you usually don’t go to often. Do not use a post office and don’t take your phone with you”.

Welcome back the Penny Post

So there you are. For all the technological progress we have made, sticking something in a pillar box is still highly commended.  Perhaps it’s the best as long as you remember to leave your phone on the mantlepiece and btw keep an eye out for CCTV.  Take care not to leave fingerprints or dna on the envelope or its contents. 

Then Motherboard says this

SecureDrop

(Our) SecureDrop can only be accessed through the Tor network, which allows you to surf the web without revealing your true location, IP address, or other information that could potentially reveal your identity. Your communications will be encrypted and using this system offers a higher degree of security over regular email” (ditto).

But be warned

Note that even when using SecureDrop, Motherboard nevertheless feels obliged to point out to the unwary

“this system offers (only) a higher degree of security over regular mail.”

Key point: Motherboard is not promising or guaranteeing privacy even this way. 

In fact they go on to say

“no system or technology can provide perfect security”.

Mark those words.

“Powerful adversaries”

What else does Motherboard have to say?

“Tor protects your identity from the sites you visit, but a powerful adversary might be able to correlate the timing of the source’s home usage of Tor, plus the timing of the leak” (ditto).

Who are these powerful adversaries? They are state actors and their security services, although several tech companies can match or outfox them as can a host of nerds and sophisticated hackers.

Citizens of North Korea, you have been warned. Put not your faith in Tor.

People’s lives have been destroyed by false promises of privacy

How many cases have we heard of where someone has committed suicide or cases where people’s lives were ruined because they believed the sloppy journalism of the early days – and the still continuing days – or they believed the carefully crafted marketing which promised or implied anonymity/privacy but never delivered? Too many. 

If everyone understood the internet was and in many places remains as leaky as a household colander there might be a little less misery in the world.

It really comes down to whether or not a bad actor can be bothered to pursue you. If they do and they have the resources and determination they’ll get you. That’s how I read it.

So when companies bang on about introducing end to end encryption to improve  privacy they risk creating or perpetuating a dangerous lie. A myth that can cost people their lives or their happiness.

Incremental steps 

Yes certain steps can make incremental improvements to privacy. End to end encryption may be one of them but this should be the advertising slogan 

“Get a bit more privacy but don’t forget  when you are online you are never really private anyway. You have been warned.”

That’s not going to help stampede people into buying the product.

The truth, the whole truth and nothing but the truth

So be clear: when Facebook and others talk about or imply there is a “trade off” between absolute, guaranteed, unbreakable privacy and protecting children, they are not telling the whole truth and nothing but the truth.  They are doing something else.

Increasingly I believe the move towards end to end encryption,  at least in part, is about Facebook’s  and others’ desire to limit or reduce the costs of moderation and inspection and to limit or reduce liability risks, either strictly legal ones or pr ones.

Corporate arrogance

Facebook believes it is so big and effective as an advertising platform, howsoever  individuals might feel, businesses just cannot afford not to advertise with them so the company really couldn’t give a flying fandango about the rest, or if they do it is in a very minor key. Hubris beckons.

In the week of a major global outage and in which a very public whistleblower revealed so many more unsavoury things about how the company behaves, I would start selling stocks in Clegg and Zuckerberg. Facebook seems to have become a permanent disaster zone. And it’s hurting kids.

Enough already. Maybe those who are rallying behind Facebook’s plans and attacking Apple’s would like to think again. Or if that is asking too much, could they at least modify their language and abandon Manichean metaphors?

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International, Technical Adviser to the European NGO Alliance for Child Safety Online, which is administered by Save the Children Italy and an Advisory Council Member of Beyond Borders (Canada). Amongst other things John is or has been an Adviser to the United Nations, ITU, the European Union, the Council of Europe and European Union Agency for Network and Information Security and is a former Board Member of the UK Council for Child Internet Safety. He is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Child abuse images, Facebook, Privacy, Regulation, Self-regulation. Bookmark the permalink.