It’s 2018, Do You Know Where Your Personal Data Is?

“The political relevance of Privacy Rights is not exclusive to one country or one continent. These rights are essential for combating violent forms of control practiced by States everywhere, which aim only to benefit a hegemony rather than the people as a whole. Europe and the Americas are connected in ways that transcend the virtual world, but these connections have undeniably been exacerbated in this ever-changing technological landscape.”

From Mirna Wabi-Sabi

thought-catalog-609285-unsplash

The concept of privacy, in relation to personal data, is paramount for the fight against fascism (in the literal sense). In Europe, where fascism was born and bred, authorities misusing personal information is a lurking threat. Just because there has been a historical struggle to eradicate this type of violent rule, it doesn’t mean combating fascist tendencies is a thing of the past. Technology evolves at alarming rates, and reaches far across the globe. Keeping up with the world-wide political implications of these changes is essential to ensure history does not repeat itself.

Some of these changes involve how personal data is processed and stored. We have become increasingly dependent on social media platforms; the internet has expanded into a complex network of institutions and companies; and data is being stored exponentially more on “the cloud” rather than on individual hardware. These innovations have provided us with new types of connections, but they also provided new vulnerability gaps on personal and political realms. These gaps can seriously undermine basic human rights, and there are serious doubts regarding whether the legal framework that is being put in place can be effective in safeguarding these rights.

An analysis of one of the shortcomings of the current legal framework that aims to ensure user’s basic rights (the inconsistency with which we establish accountability) will be presented tomorrow, October 5th, by René Mahieu at the Amsterdam Privacy Conference 2018. In the current networked online landscape, tracking down who has your data is a matryoshka doll of labyrinths, where arriving somewhere only means finding new sets of potential controllers. In his most recent working paper, Mahieu (et. al.) argues that in this context the law is unclear in assigning legal responsibilities to companies and institutions.

clint-adair-68588-unsplash.jpg

“We are currently witnessing what Zuboff calls the rise of “Surveillance Capitalism”. It is characterized by a new form of extreme concentration of power by those who control the platforms and the data. If we do not force this concentrated power under the control of new forms of checks and balances, it will be detrimental to democracy and individual autonomy.” (Rene Mahieu)

According to Mahieu (et. al.), attempts to make this type of law enforcement more effective by the Data Protection Authorities, the courts and even the introduction of a new law in Europe have fallen short in doing so. Nevertheless, the European legal system became the main reference for law-making in Latin America. Brazil has just adopted a virtually copied-and-pasted version of the GDPR (General Data Protection Regulation) as data usage accountability efforts. As one of the world’s biggest democracies, as well as the “most influential” South American country, we are yet to see if this new General Data Protection Law (LGPD) will be used to repair some glitches in this so-called “flawed democracy“.

The LGPD was approved in August 2018, and immediately confronts us with the following question: will it be used to protect personal and political freedoms of the Brazilian population, or was it approved precisely because it may not? If this new privacy protection law is an attempt to balance out the completely unbalanced way in which law enforcement operates, it is happening so slowly that by the time it can be used to help the people who need it the most, they would have already served their sentence and we would have a whole new set of problems (technologies and mechanisms) to deal with.

The law won’t come into effect before 2020, while 23 political prisoners of Brazil need protection now. They were convicted based on personal data collected online and by phone wires, which paint a distorted picture of criminal plans that were never realized (an investigation lead by the Precinct for Repression of Informatics Crimes).

This concern over using people’s personal data to monitor, intimidate, imprison, or even kill marginalized peoples is widespread in Europe. The conference where Mahieu presented his research hosted a vast majority of Privacy Rights related works, but it was strangely financed by the very companies most likely to evade people’s privacy and misuse personal data. For instance, Google, a large umbrella cellphone company, and even a data collection agency for the military were involved in the realization of this event, which provoked resistance from a hand full of scholars.

Scholars members of the groups DATACTIVE and Data Justice Lab published an open letter one month before the conference stressing that, “in the context of what has been described as the increased neoliberalization of higher education”, transparency with regards to corporate funding and “a clear set of principles for sponsorship” is of the utmost importance. Without it, participants and organizers of this academic field would inevitably play a role in efforts to “neutralize or undermine human rights concerns”.

There were several problematic sponsors, but the one that stood out in their protest was Palantir, a data analysis company from the United States affiliated with the military and inhumane border control initiatives:

“[P]roviding Palantir with a platform, as a sponsor of a prominent academic conference on privacy, significantly undermines efforts to resist the deployment of military-grade surveillance against migrants and marginalized communities already affected by abusive policing.” (Why we won’t be at APC 2018)

The political relevance of Privacy Rights is not exclusive to one country or one continent. These rights are essential for combating violent forms of control practiced by State-Capitalism everywhere, which aim only to benefit a hegemony rather than the people as a whole. Europe and the Americas are connected in ways that transcend the virtual world, but these connections have undeniably been exacerbated in this ever-changing technological landscape.

Just so you don’t finish this article in complete despair, there are a few things we can do to remedy the situation; if not a cure, at least damage control. There is value in demanding your right to access information about where your personal data is, who it is being shared with, and what this data consists of (e.g. address, name, birthday, etc). Denouncing the institutions that refuse or evade the request may shift the power imbalance between individual citizens and organizations in favor of the citizen. Perhaps our biggest asset in capitalist society is our demand as consumers, and consequentially our motivation to not wanna be fined alongside potential business partners. In short: do your best to keep track of where your personal data is, and don’t do business with shady companies.

And of course: #NotHim


Other References:

Booklet on Privacy as a Human Right (For teachers and students).

Coding Rights

Direitos na Rede

Policy review


Mirna Wabi-Sabi

44590204_10156834106472372_3689192296684716032_o

is co-editor of Gods&Radicals, and writes about decoloniality and anti-capitalism.


Hey! We pay Mirna and others for their articles. We’re one of the few pagan or anti-capitalist sites to do this. 🙂

Here’s how you can help us do that!

InfoSec 101

(InfoSec: A Fancy Way of Saying How to be Safer on the Internet with Your Phone and Computer)

The world is under surveillance. It’s a fact of life that almost anywhere there is a concentration of people there will be a way to track them. These are some ways, increasing in difficulty as the article continues, to reduce that footprint. The reasons are many: personal safety, family protection, and reducing target ads are the most common.

Caveat: Technology iterates quickly so this article can go out of date within a few months. When possible it will be updated but EFF.org has been a great choice for a long time and has the resources to keep their guide up to date. Use that for a launching point if all else fails.

Caveat 2: This article pre-supposes a certain level of resources (you probably have a personal smartphone and a computer). Some of the higher levels of difficulty have costs associated with them. Some steps will require a bit of time to use/implement them. It’s an imperfect world and that’s okay. Do what you can.

Caveat 3: Short of completely staying off the internet, getting paid and paying for everything with local currency and having several sets of ID, you are still on some level going to be tracked and findable. This is not a guide to that. This is instead about slowing down the flow of personal information about you that is out there as well as keeping you and your community safer.


difficulty

difficulty

This level is the basics. Everything here should be doable in under 20 minutes, is free, and will at most add a few seconds onto your daily time usage.

Mobile/Smartphone:
(all free, Android and iPhone)

  1.  Install Signal on your phone. It’s a secure (encrypted) voice and text messaging app. While people can possibly still see who you are talking to they won’t see the content. Easy to send a link to folks that don’t have it yet. Best option currently out there for secure calls on a commercial phone.
  2.  Don’t use thumbprint to unlock your phone. Use a code (at least 6 digits) or a complex pattern.
  3. US Only – Install the ACLU app for your area. In California it’s called CA Justice. It records and sends the recording to the ACLU immediately. You can report incidents as well. It has a quick page for your rights. Can send you alerts.

Web/Computer

  1.  Install Signal on your desktop. You can use it in lieu of Facetime and Skype.
  2. Install Privacy Badger, Facebook disconnect, and ublock origin in your web browser. These extensions (or ones like them for other flavors of browser) give you a reasonable amount of privacy and blocking. As you are installing them read the summary blurbs so you understand what they do and why they are important.
  3.  Install HTTPS everywhere in your web browser. Created by the EFF it will automatically send you to more secure versions of websites (like your email) whenever the webserver allows that protocol. You’ve probably seeing https (that little lock icon on the address bar) if you’ve done any online banking. HTTPS encrypts your information before it leaves your computer and de-crypts it on the receiving computer’s end. I strongly urge you to use this, especially if you like to sit in coffee shops and do your email. Anyone with a half-way decent set of hacking tools can read your email and all your other web traffic.
  4.  Use Duck Duck Go for your web searches instead of Google.

difficulty

This level is still (mostly) free but you are going to start seeing a higher burden of work and time for yourself. This is also the point where you’ll want to understand in more detail for yourself and aren’t quite sure where to start so I’m going to suggest the EFF again. They have a bunch of different guides in plain English that are solid tutorials. 

Mobile/Smartphone:

  1. Turn off location services. Yep, that means you’ll need to spend that extra 10 seconds when you want to use your phone as a GPS.
  2. Turn off wifi. Inherently your phone is broadcasting a LOT. Cut down on the eavesdropping. This could cost money depending on how much data your mobile plan includes. Be thoughtful about it.
  3. Sidebar: Wifi and GPS go hand in hand for location services. When your wifi is on the GPS is much more accurate. Keep that in mind as you use them. Also know that cellphone towers track you anyway (that’s how they know when you get a text and stop sending them to you, among other things). Turning off the GPS just means you aren’t broadcasting to say, Google, where you are at, but only the service provider for your phone (and potentially law enforcement).
  4. Understanding mobile security and some basic stuff you can do:

Web/Computer:

  • Use a separate web browser for Facebook and any other social media. Even with privacy blockers you aren’t going to be able to block everything. Yes, they will still be able to track you by IP address but it’s a basic layer of obfuscation. There are guides online to go through and delete cookies and web beacons like this one.
  • If you use Google Drive, Dropbox, iCloud and the like? Make sure you don’t have anything secure on there. Where possible move stuff off those accounts.
  • Create a backup email address that isn’t tied to any other account you’ve got (i.e. if you go with gmail don’t use your known gmail account as the ‘recovery’ address).
  • Use 2Factor Authentication (2FA) everywhere you can. (This link is for Google). 2FA simply means that once it is set up you get a text when you log into your bank/email/Dropbox/Facebook that you also have to enter before you can actually get down to business. This is GREAT if you think you are at risk of getting password hacked because they really can’t do anything without also having your phone.
  • *Sidebar: 2FA can be a hindrance if you lose possession of your phone. Here is a guide that is a backup of how to handle that if you think it is likely.

difficulty

This is where money starts to get involved. This is also the level that most folks I know that are serious about their protest work or are at a high risk of online harassment live at (there are sub-levels within, not everyone does all of these). Almost all these do not require any level of tech savvy to do and those that have some tend to have very good guides on how to set it up. Check in your local communities and find someone to help if you get really lost.

What happens when you are doxxed or think you might be a target for it? This guide was written originally and focused around women since they are most often the targets of abuse in social media during GamerGate. The guide has gotten more sophisticated and robust since then and I highly recommend it. It’s a good step-by-step guide for scrubbing yourself from the internet including things like your physical location.

Mobile/Smartphone:

  1. (Costs money) Get 1Password or some other password database. Use a different password for each service.
  2. (Costs money) Get a burner phone with cash and spare minutes/texts. Keep a list of key phone numbers somewhere else. This will be good if you really want to go off the grid or your phone gets seized.

Web/Computer:

  1. Get an email account on riseup or protonmail. Set it up from someplace like a library or web cafe with a shared computer.
  2. Get a VPN account after reading a few VPN reviews (again with a gift card bought with cash) and use it for any internet browsing at all, ESPECIALLY in public. That free Starbucks or Target wifi? You’re offering up tasty info to anyone with a basic set of skills for free, including handing over your browsing data to the corporation you are sitting in (and don’t they get enough of that already?). I don’t have a recommendation for any specific VPN service. They change frequently and you’ll need to judge for yourself who has the best mix of requirements for you. I will recommend you get one not based in the US because of the government oversight issues.

difficultyI went back and forth about this one and where it lived so I’m making it a half step. This one does have a bit of a tech requirement (but not much) and is incredibly secure, especially if you live in a high risk environment where you cannot trust the computer that you use.

Web/Computer:

  • 1. Use Tails (essentially an operating system and applications on a USB drive that runs from the drive and leaves no trace on the host computer) and Tor (There a lot of great posts on Tor; the tl;dr is its a way of hiding where you are on the internet by passing your traffic through a whole bunch of places first. It’s not foolproof but it raises the complexity quite a bit).
  • *Sidenote: Many people put Tor much earlier in the guide than I have. Tor’s obfuscation is great but it’s also a load on the system and if you are not at a high risk then please consider what your traffic is doing. It’s also, quite frankly, slow for web browsing especially during times of unrest. Balance your traffic needs versus privacy.
  • 2. Use KeePass for your password database (it’s offline and inherently more secure than using something like 1Password but has some technical complexities to it).

Credit: Some of the resources for my guide came from hereAs well as the EFF and the Next 70 Days guide.

Jamie Morgan

j-morganJamie Morgan is a writer, photographer, mom and community organizer based in California. She is a recovering IT professional and works in the non-profits art sector. She can be found at www.jamiemorganwrites.com as well as on Facebook.


Like this guide? You may also like our Solidarity Networks guide and What To Do When Things Get Exciting.

Also, we’re raising money to pay our writers, and we’re a third of the way there. Can you help us?