The New Oil

The other day I found myself talking with some friends about privacy and security. I was sharing that my partner had recently jumped on board the privacy train with me. That may surprise some readers to know that I chose to involve myself so closely with someone who didn’t share my views, but I think that’s pretty in-keeping with the message of this site: you don’t have to draw lines in the sand all the time, sometimes you can make compromises, and it's all about making educated decisions. Until recently, my partner respected my use of Signal for daily communication and my use of a VPN on the home network. She even lets me do stuff like set up her Firefox browser for her and disable a lot of the telemetry on her computer. Basically as long as it didn’t inconvenience her too much, she didn’t mind. But then her boss casually informed her that corporate is able to read all communications sent over the company WiFi. I’m not sure how the subject came up, and needless to say this wasn’t exactly a new thing, but something about being told to her face by the company itself (more or less) really rattled her. That night, without any prodding from me, she downloaded a VPN on her phone, switched to ProtonMail, and invited all her coworkers to use Signal.

As I was regaling my friends with this story, one friend spouted his usual response that privacy enthusiasts the world over have become allergic to: “I don’t really care about that stuff, my work can read my texts, I have nothing to hide.” He wasn’t dismissing my partner’s choices or criticizing her, just stating that he personally couldn’t care less. I explained to him that while he may not care, “arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” (Edward Snowden, 2015). Basically while he may not care, he should care for others. That friend, for example, is bisexual, and is very open about it. He makes no effort to hide it. I explained to him that while he should absolutely have the right to not care if his sexuality is a secret, someone else should have the right to care and hide it for any reason so they so choose, including but not limited to “it’s nobody’s damn business.”

My friend immediately agreed with me and respected that. “But,” he countered, “I don’t understand what I can do. How does my using Signal or a VPN help them?”

“Three ways,” I offered. “Herd Immunity, economics, and normalization.” (Originally I tried to divide these into bullet points in this post, but I found them to be too closely intertwined to do so meaningfully.)

Let’s take an example community of 100 people. Let’s pretend all of these people use encrypted messaging of one kind or another. Lately, in real life, the FBI and Interpol have both been making the claim that End-to-End Encryption allows for the proliferation of illegal activities such as drug dealing and pedophilia.

According to The Hamilton Project, which claims to offer statistics to help lawmakers make better-informed decisions regarding policy in the United States, drug arrests in the US accounted for only 1% of the population on average in 2015. A WorldAtlas article from 2018 lists the total number of sex offenders (not just pedophiles) in the United States as 747,408. If the population in the US in 2018 was estimated at about 327.876 million, then that means sex offenders account for less than a quarter of a percent of the population.

So let’s be generous with our imaginary community of 100 people. Let’s pretend that a whopping 5 percent of them are criminals – not just sex offenders and drug dealers, but all violent criminals (in the United States, violent criminals account for less than 1% of the population). That means there’s still 95 people – 95% of the population – who are perfectly normal, law-biding citizens who use encryption for any number of completely legal, valid reasons, like trading sensitive information (in another blog post, I talked about how I can send my partner the credit card number safely in case of an emergency), avoiding unwanted surveillance capitalism, or any other of millions of perfectly okay things. If only the criminals were using that encryption, then it would validate what those agencies are saying. So if everyone were to use encryption, it invalidates those claims. It goes from looking suspicious that you use encryption to it just being something everyone does. Everyone wears clothes in public, too, does that mean everyone who wears clothes is hiding a weapon? Or drugs? Of course not. No agency would ever publicly state that we need to ban clothes because criminals use them to smuggle illegal goods, even though such a claim is rooted in a fact. Nobody ever says we need to ban airplane luggage because criminals sometimes sneak bombs in on them. We all know that privacy comes with risks, but we also know that as a general rule, criminals are a minority and just because some people are doing bad things doesn’t mean everyone else gets stripped of their rights. So why should you care about your privacy even if you have nothing to hide? Because it normalizes it. When everyone is using encryption, nobody looks weird for doing so. It goes from “what are you hiding?” to “of course you are.” Nobody ever looks at me suspiciously in public for locking my phone when I’m not using it, and nobody should be looked at suspiciously for digitally securing their public lives. This is normalization. When we all take basic, effective measures to protect our privacy, we stop looking crazy or suspicious. We normalize it.

Most of you reading this are likely familiar with the “anti-vax movement,” the belief that children shouldn’t be vaccinated for diseases like measles and mumps for a variety of reasons. This is a controversial opinion for many reasons, and I’m not going to get into it on this site so don’t bother contacting me about it. I mention it because of one specific argument that medical experts cite, called “herd immunity.” Basically, there are some people who cannot be vaccinated for safety reasons, such as a severe allergic reaction or complication to the ingredients in the shots, particularly among children and elderly. So the experts argue that the more people who get vaccinated who are able to, the less likely those diseases are to spread, and it protects the unvaccinated just as effectively. Basically, the whole herd is immune, so the one person who isn’t has such a low chance of encountering the disease that they’re essentially safe as well.

A threat on par with government surveillance is corporate surveillance (partially because the government has access to that information, and partially because it’s actually more invasive and effective than government surveillance, as is usually the case with these types of things). This surveillance is fueled not by the desire for control but for money (which inadvertently becomes about controlling you to make you spend money, but that's a blog post for another day). Corporations are trying to build the most accurate picture of you so they can sell you things. They don’t want to waste the money showing you fifty ads that may or may not convince you to buy a product or service, they want to spend money once to show an ad that will definitely make you buy a product or service. In order to do that, they need to know as much about you as possible. They need to know your hobbies, interests, which devices you’re watching on, what times you watch, what motivates you to spend money on something, and more. The biggest threat with this, as I said, is that it can be abused by anyone from state agencies to Facebook. So that’s another layer of reasoning to protect yourself from “surveillance capitalism,” as it’s called.

In the previous section, I argued that everyone should use encryption because it protects the people who actually need it. In this section, it protects the people who can’t. A popular notion in the privacy community is to delete Facebook. Really all social media, but Facebook especially. They are, by far, the most egregious offender in this realm. But for some people, that’s not always an option. Early in my career I worked a job where work was conducted via a secret Facebook group – schedules posted, bulletins to other technicians, etc. Not using Facebook wasn’t an option if I wanted that job, and since I was early in my career I needed any job I could get.

Going back to our 100-person community, let’s say 5 people can’t use encryption for whatever reason. Their phones are old and don’t support the option, the people they do business with can’t support the protocols for it, whatever one of a million valid reasons. If 95 people are using encryption, it stops making financial sense for corporations to keep sucking up all that data. The data – previously unencrypted, revealing, and useful – has become encrypted, unreadable, and useless. After a while, it becomes a financial loss to keep pouring so much funding into projects to scoop up all this data and get almost nothing from it, so they stop. After a while, that means even unprotected people are now protected because nobody is watching. This is both herd immunity and the economic angle. Herd immunity has protected the few who can’t participate, and the proliferation of security has made surveillance uneconomical.

Maybe you have nothing to hide (first off, that’s a blatant misconception: we all have things to hide whether it’s our bank accounts or access to our homes or cars or whatever). Even if you don’t, it’s selfish to assume that nobody else does, and while it may not seem as effective as going to a protest or becoming a hacker, even simple things like the products, services, and techniques shared on this site can add up and create a larger change, often at little or no expense to your own convenience or lifestyle. So I recommend you implement as much of this as you can, if not for yourself than for others.

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...