z3r0trust Privacy Newsletter #5.20
*Note: This article was originally published by the author on May 24, 2020.
“The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved.” — Confucius
Make no mistake about it — your government doesn’t care about your privacy. In fact, in some cases, your government even profits off selling or trading your private information as in the case of the California Department of Motor Vehicles (DMV) selling driver license information to third-parties for profit. Even if your government passes some token-gesture legislation saying that it cares about privacy, as some governments have done, rest assured that is not the case. The people who serve in government positions constantly change out over time and it would be very foolish to believe that your government will keep its end of the bargain regarding any privacy matters. In fact, government and privacy are oxymorons. They are opposing forces like water and oil. The two do not mix. In fact, all governments and repressive regimes collect information on their citizens and other citizens for tax collection purposes and social services, voting records, and so forth. Governments also collect information on foreign citizens that they deem worthy of monitoring for national security or political reasons. That is a universal constant of how all governments function. Don’t expect it to change in your lifetime.
I am of the opinion that civilized society needs some basic laws and government agencies to protect against both foreign and domestic threats to national security, but what happens when your government overreaches with its authority and passes laws that trounce the privacy rights of every citizen in the name of national security? The privacy of all citizens worldwide has to some degree been deprecated over time and has metamorphosized into an enigmatic, hot-button topic of discussion that often is conflated with security and boils down to two different philosophies:
- Those who believe that national security is superior to any citizen’s expectation of privacy, and
- Those who believe that no government has the right to monitor their citizens without a proper search warrant.
You, as a citizen, are required to pay some form of annual income tax. You travel abroad with a government-issued passport. You apply for a state-issued driver’s license with a photo of yourself and register a vehicle with a state-issued license plate. You apply for a mortgage loan with a government-issued social security number. This government-collected information is accessible to other government agencies to varying levels of access. If you honestly believe those spy agencies that were created to monitor for threats to national security don’t also have access to that information and that the information can be misused then look no further than what the Immigration and Customs Enforcement (ICE) agency has done under the current Administration for examples of abuse of government power.
This Family Just Reminded CBP We Don’t Lose Our Rights at the Border
U.S. Customs and Border Protection has a long track record of mistreating travelers — citizens and noncitizens alike …
Now don’t get me wrong, I think there is certainly a case to be made for any government having the right to take certain measures to protect a nation from terrorism and other domestic threats. However, what happens when the information collected about you by state and federal government agencies is then used to monitor your daily activity because of a statement you made on Facebook or Twitter? Does that go too far for you? Does that cross a line? Would you mind it if the FBI started tapping your phones, tracking you geographically, and monitoring all of your Web activity like Will Smith in the movie, Enemy of the State? Even laws like the European Union’s General Data Protection Regulation (GDPR) or the Calfornia Consumer Privacy Act (CCPA) are written in such vague terms and selectively enforced.
What’s more, is that the public’s willingness to jump on the technology bandwagon and surrender their rights to privacy in exchange for the free use of applications like Gmail and services like Facebook has enabled opportunities for governments around the world to facilitate a surveillance state unlike anything that has ever been seen before through monitoring — recorded phone calls, Internet activity, automatic license plate readers, smartwatches that can be used as a cell phone can be used to trace someone to within meters of their exact, real-time location. There are facial recognition systems like the one TSA uses at airports, credit card transactions, a massive network of Closed Circut TV (CCTV) camera systems spanning the entire country, many of which have now been connected to the Internet as well as virtually every type of technology-involved activity that you could imagine can and is used to track and monitor people, citizen or non-citizen.
FBI, DOJ slam Apple after opening iPhone of Pensacola gunman, and Apple fires back — SiliconANGLE
The FBI and the Department of Justice have slammed Apple Inc. for wasting them time in not assisting in the opening of…
For those things that cannot currently be easily accessed at will, well there’s a black market for that. The Department of Justice (DOJ) and FBI have once again failed to force Apple to create a backdoor that would unlock it’s iPhone Full Device Encryption (FDE). Somehow though, once again and against all odds, the FBI was eventually able to crack the iPhone’s encryption presumably by purchasing the capability from third-party vendors like Cellebrite and NSO Group with zero-click install hacks of cell phones.
Nothing is impossible. The FBI was able to successfully exploit the Tor browser to take over a child porn website by paying Carnegie Mellon University $1M to develop a de-anonymization exploit that revealed the true IP addresses of visitors to the illegal child porn Dark Web site. Was this technique used for a good cause? Sure, definitely. However, the problem with government agencies taking actions such as these without valid search warrants is extremely risky to the average person’s individual privacy. The fact is that your favorite End-to-End Encrypted (E2EE) service is very likely not as secure as it is being advertised to be as we have seen time and again as happened with Signal and WhatsApp. Keep that in mind when you are sending private communications.
National Security vs. Privacy in the Bill of Rights
As Americans, the Constitution and its Amendments afford U.S. citizens privacy rights as specified in the First, Third, Fourth, Fifth, Ninth, and Fourteenth Amendments, even if privacy is only implied therein. These governing laws were intended to reign supreme over all other laws to include state laws which sometimes are passed intentionally skirt around federal laws like the legalization of marijuana by several states. Possession of marijuana is still considered a crime under federal law and federal authorities can arrest you for it even though the state you live in has “legalized” it. Seem fair to you? Who is left holding the short end of the stick in that scenario? Here is a hint: it’s not your state government…
The Fourth Amendment originally enforced the notion that “each man’s home is his castle,” secure from unreasonable searches and seizures of property by the government. It protects against arbitrary arrests and is the basis of the law regarding search warrants, stop-and-frisk, safety inspections, wiretaps, and other forms of surveillance, as well as being central to many other criminal law topics and to privacy law. — Cornell Law School Legal Information Institute
Amendment IV — Bill of Rights
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
House Resolution (H.R.) 6172, the FISA Extension Bill, was recently passed by the Senate on May 13, 2020, which extends the PATRIOT Act and includes new provisions which now also grant law enforcement agencies such as the FBI warrantless access to any citizens’ Internet search queries and browsing history. This is a huge setback to privacy as it can be used to target political dissidents and activists. Just as Trump was investigated by the FBI leading up to the 2016 U.S. Presidential Election, Trump could also use the FBI or another agency to investigate anyone who is against Trump or against Republicans. There is nothing stopping him from doing so and whistleblowers aren’t exactly looked upon kindly by the current Administration. It is a cutthroat political world we live in and whether you like politics or not, it affects each and every one of us.
The EARN-IT Act
The Eliminating Abusive and Rampant Neglect of Interactive Technologies or EARN-IT Act (S. 3398) has been introduced by Senators in March 2020 and if passed, will surely be immediately challenged in court as it violates both First and Fourth Amendment privacy protection rights.
The EARN IT Act Violates the Constitution
Since senators introduced the EARN IT Act (S. 3398) in early March, EFF has called attention to the many ways in which…
This Act is just the latest desperate attempt by a handful of corrupt politicians being paid off by corporate lobbyists to undermine the Constitutional rights afforded to American citizens. As the saying goes, “Absolute power corrupts absolutely.” That is exactly what has been happening in the U.S. government for longer than any of us have been alive. Follow the money trail, it can be quite telling.
Then we have companies like Clearview AI who have asserted that they have a First Amendment Constitutional right to collect and sell your photos that Clearview has illegally scraped off of social media sites like Twitter, Facebook, Instagram, and Snapchat for use by law enforcement agencies and government agencies to identify suspects or really anyone they choose to. Tell me that this type of technology service is not going to be abused by even the most strict and by-the-book law enforcement official? “Hmm, I wonder what information Clearview AI has on my neighbor or wife’s brother?”
This is a terribly unscrupulous company that is currently being sued by the federal and multiple state governments as well as several big Tech companies for illegally scraping images of U.S. citizens. This goes to show you that ANYTHING you post online to include photos, can be used against you in ways you never imagined. Future employers do background checks of what your Internet footprint looks like, it’s not just law enforcement who can access this data. If you have enough money and the right connections, almost anything is possible. Hopefully, the courts will rule on the side of individual privacy but why do I get the feeling that they won’t? That segues into the next segment…
Stacking the Deck With Supreme Court Justices
In U.S. politics, the name of the political game is litigation simply for the reason that very often important matters are brought before the court system in the form of lawsuits. When cases are brought before a federal court and a federal judge issues a verdict on a case, it can have ripple effects across the entire country because it establishes what is known as case precedent that lawyers and judges throughout the nation use to make arguments and decide cases upon. There are nine justices and the President nominates new Justices to the Supreme Court of the United States (SCOTUS) which are required to undergo a Senate confirmation hearing.
If successfully confirmed by the Senate, these nine Justices are appointed for life or until such time as they choose to retire. Judges are supposed to be neutral and not biased so that they can decide court cases impartially, but as humans, we are flawed and our conscience bias often interferes with objectivity. It is no surprise that whenever a Justice retires or passes away, it’s major news due to the potential political and legal implications it could bring by appointing a new Justice from whichever political party the President is affiliated with (i.e., Democrat or Republican).
The Trump Administration has already been successful at appointing Neil Gorsuch and Brett Kavanaugh, both self-admitted conservatives, to the SCOTUS. The age and health of SCOTUS justices such as Justice Ruth Bader Ginsburg are HUGE factors to consider politically speaking for the 4-year Presidency terms. The Supreme Court is the highest court in the nation and its rulings are final, they may not be challenged by appeal. For one Administration to stack the deck, as it were, and appoint several SCOTUS Justices who are have been traditionally affiliated with the political leanings one party or another is a risk to the impartiality that the Founding Fathers who framed the U.S. Constitution and political system had envisioned with the three-branches of government: Executive Branch (i.e., President & their Administration), the House consisting of the Senate and Congress, and the Supreme Court.
How do you think privacy or any law such as Roe v. Wade (right to abortion) would fare if one political party who opposed such rights had control of all three branches of government? The checks and balances that were intended to stop tyranny are slowly being stripped away right beneath us. In other countries the same is happening, only often the citizens of other nations do not get a say in the matter. We elect leaders or in some cases, they are rulers of particular nations, and they make the laws that all of their citizens must abide by or they risk persecution, imprisonment, and death. People who say privacy is dead or not worth the fight fail to grasp just how much is at stake with the issue. Privacy is one important issue at stake, but there are other even more important issues at stake as well such as governments and regimes doing whatever the Hell they want in the name of national security. In America, citizens should have the right to vote on important laws that will affect them and not only the political leaders who often fail to keep their campaign promises.
Practical Privacy Hacks
Hopefully, by now you’ve come to realize that what little privacy you have left is yours to control. To clarify, that is to say, that there are certain aspects of our personal lives that have been declared ‘public’ information, such as when you buy a house or a business. That information is considered public and anyone can access it. However, there are dozens of data-broker companies like Whitepages.com; MyLife.com; Intellius.com; Spokeo.com; BeenVerified.com; PeopleFinders.com, and many, many more that publicly list online your mailing address history, birthdate, names of relatives, employer information, criminal history, etc. Some of these sites offer nearly everything an enterprising criminal would need for identity theft. But with all of the recent data breaches of companies like Equifax, do they really need to look very hard to get your SSN? You should opt out of as many of those sites as possible. Threaten to file a lawsuit if you have to, but be sure to follow up after a few weeks to ensure the site did, in fact, remove your information. Don’t make a cyberstalker’s job easier.
One of the easiest, free, and most practical privacy hacks you can do is to perform a monthly Internet search of your name and family members using different search engines like Google, Yahoo, Bing, and MillionShort. You’ve probably done this before, but have you actually gone to the next step of opting out of these types of sites? If not, then you really owe it to yourself to try. They don’t make it easy because federal legislation does regulate this shady industry, but they also know that people can sue these companies for damages for posting their private information.
Remove Yourself from All Background Check Web Sites: A Master List
An alarming number of sites publish your name, address, and other information online. If you want to remove your data…
The technologies you decide to use, these tiny decisions, will have lasting implications for you and other citizens worldwide as the Tech companies who work in partnership with governments around the world will keep on allowing more hands in the privacy cookie jar. It’s up to you to take control of your privacy.
Being an advocate for online privacy doesn’t mean that you look at illegal material, it means that you value keeping private what should only be known by you and whoever you choose to share it with. You need to take action to protect your personal privacy because, uh… yeah, nobody is going to do that for you. Don’t forget about your mobile devices either. You can & should use Tor or a Virtual Private Network (VPN) whenever surfing public WiFi on your smartphone or tablet.
PrivacyTools — Encryption Against Global Mass Surveillance
Prefer the classic site? View a single-page layout. Showcase your brand as a sponsor of PrivacyTools and support our…
Being patriotic doesn’t mean trusting your government to do the right thing.
If you care about privacy, then stop using Google. Period. I’ve said it before and I’ll keep saying it — Google is not your friend if you’re privacy-conscious. Instead, it is far better to use a search engine like DuckDuckGo and a Web browser such as the privacy-themed Brave browser (or similar privacy-themed browser). You may want to encrypt important emails using Pretty Good Privacy (PGP) and encrypt all of your personal electronic devices using FDE options. Read one of the steganography articles I’ve written or ask your tech-literate friends about how you can use image steganography to embed secret messages or information into image files that can be encrypted with a password or passphrase within an email attachment.
***Trust No One. Verify Everything. Leave No Trace.***
Additional Privacy Resources
*Privacy-related articles also published by the author can be found here.