 Welcome to Free Thoughts. I'm Aaron Powell, and I'm Trevor Burris. Joining us today is our colleague Julian Sanchez. He's a senior fellow at the Cato Institute. Welcome back to Free Thoughts, Julian. Thanks for having me. So I want to talk today about digital privacy from less of a policy standpoint and more of a technological standpoint. So do that. Maybe we'll start with the question. When we're online going about our regular day of browsing the internet and watching Netflix and shopping and doing whatever else we do, what kind of data are we creating and having recorded places that we might not necessarily think about? Sure. Well, let's only answer that in a kind of broad 30,000 feet way and then in a more specific way. In a broad sense, if you assume that essentially every imaginable piece of data about what you're doing online is being recorded somewhere, you will more often than not be right, at least for some segment of the sites you're looking at, and it's probably being tracked by more entities than you would guess. And that's because in part, the business model of the internet has become surveillance. We use all these free services that operate on the premise that they're going to be able to make their revenue not from payments from their users, but by selling ads or information that can be used to profile and track people. And also in part because the default, in a sense, has changed. For most of human history, tracking and recording details about any event was an extra step that had to be taken. It was abnormal. Almost everything you did left no permanent structured, centralized record of what you were doing, your conversations, what you were reading on a day-to-day basis. And when you talk about online activity, well, it's already happening on a data manipulation device. So you're already sort of halfway there. And additionally, data storage costs have plummeted. So when I was a kid in the early 1980s, the amount of data by default on my iPhone's hard drive would have cost you about the same. It's a pretty nice car. So we sort of hit the point where storing is, in a sense, as cheap as throwing away, that in some cases throwing data away is cheaper than keeping it, even if you don't know yet what you want to do with it. Keeping it is cheaper than throwing it away. Right. So yeah, there's essentially an incentive to stockpile stuff on the theory that even if you don't have a use for it now, you might have a use for it. At some point in the future, and indeed because computer processing power has grown, it's increasingly useful to have all sorts of information that before just would have been clutter that you couldn't have done anything with. So that's the general answer. Is it such that that Google has all this information on me? Is it granular to the point that if someone really wanted to figure out Trevor Burris and what he likes, that you could actually do that? If you were to employ Google and you had access to all the things that they have. I mean, and they're pretty stringent, at least in hopes they are. I think they say they are about controlling who has access to that kind of stuff directly. Most of this is about automated systems that are deciding what kind of ads you get. But I think in principle that's absolutely the case. I'll talk about specifics in a second. This is probably sort of the point of full disclosure to note that I think Google and some of the other technology companies we're going to be talking about either have been or are donors in some amount to Cato. I try not to keep too much track of that precisely because these are companies that I was right about. But if that's something you find relevant, take that with as much salt as you think appropriate. But you know, I think these companies often have an incredibly intimate picture of us. Facebook, I know, has sort of running experiments just to see what they could deduce, found that very often just from someone's social graph, they could tell someone's sexual orientation regardless of whether they'd actually identified themselves as gay or straight based on patterns of who their friends were. Unsurprisingly, if you're gay, you probably have a lot more gay friends than most straight people. And also by looking at frequency of communication or the frequency with which people looked at other people's pages, they could predict when someone was going to break up or get divorced and predict who then they were going to start a new relationship with often before any of that was public and probably in some cases before the folks themselves were conscious of it. There was a notorious case that was reported in the New York Times a couple of years back in which a, and this isn't really about online activity. This is about data mining more generally, in which a father has angrily complained to Target that they had started sending his teenage daughter marketing materials from maternity clothes and baby formula and said, look, she's, you know, this girl's 15 years old. Why would she need this stuff? Well, it turned out she was in fact pregnant and that the company had gotten very good at detecting purchase patterns that might not be intuitive to someone who hasn't looked at huge amounts of aggregate data, but it turned out to in tandem very strongly predict pregnancy. Things, again, that might not be obvious, like someone has switched from scented to unscented hand lotion. That's very common when someone knows they're pregnant. A series of other changes and purchases that, again, might not be obvious, but if you have a huge data set and, you know, Target, you actually have people who then register for baby showers, give you the ability to look back and say, okay, you know, having this crunched, not by a human brain, but by high-powered computers, can we find patterns that with some reasonably high degree of accuracy correlate with this person is about to be pregnant or about to publicize that they're pregnant. And if you think about, certainly a company like Google, I mean, I again, sometimes I joke that if you lived in a country where the government had the kind of detailed information about you that Google does, you would surely think that was a police state. Now, we hope this information they're using for a benefit and to provide us useful services, not to provide us, but it is a little sobering to recognize that in addition to probably, you know, the contents of messages you're sending, that's the obvious stuff. They just have an incredible amount of information about what you're thinking about day-to-day in a way that's almost a map of your brain, right? What medical conditions are you searching for? What political topics are you curious about? What YouTube videos are you watching? But also, you know, maybe much more granular information. So we think about when we visit a web page, of course, if we're at all technically sophisticated, we realize that, of course, probably that website has some way of tracking, you know, that at least a person from a particular internet protocol address visited their page and they may have, if you've logged in, they may have more granular information than that about who exactly you are. But beyond that, a lot of sites are tracking in much more detail what you're doing on a page. How far did you scroll? Did you scroll down? Just sort of all the way through quickly, or are you scrolling sort of slowly and continuously at the speed of someone reading normally? Are you moving your mouse around the page and highlighting certain things in a way that suggests you might have copied that part of the page? This is, you know, because of JavaScript, it's possible to, in a very precise way, look at these indicators of human behavior just within a web page. In ways we're interacting with a page that we don't even think about as being a transmission of data, but ultimately are. Well, that's like just as an interesting application of that kind of stuff is so Google, we're all familiar with the type-in the words that you see in this photograph to decide to hide spam bots and make sure you're a person and Google fairly recently rolled out a new version of it where you just it's just a checkbox and you click it and I was wondering about this. It must have something down It's exactly that same like mouse movement and other patterns. It knows that robots move in certain ways and humans Right move in other ways and so it can tell right so one of like the replicant test right one of the one of the one of the one of the obvious uses of this is tracking engagement, so a news site might want to be able to talk to advertisers about how much time people really spend on the page It look like they're actually reading it but also right telling the difference between an automated scraper or some kind of bot that may be you know, ripping the content off your site or Just probing your system for hacks versus an actual human being engaging in a normal way with the site For security purposes may be extremely useful and increasingly Some of the most sophisticated sites are are doing exactly that are tracking to tell the difference between a human who's actually reading the page and interacting with it the way human would and An automated system that of course is not reading the page because it's just scanning everything quickly So that that kind of information can can provide pretty granular data in principle You might imagine being able to use that for more specific kinds of fingerprinting And Oftentimes data about What pages you're looking at and how that might connect to other pages you're looking at is not just something that can be seen by The page you're visiting so If you load up a page on the on the web Very often you'll see maybe a flash video or a flash ad other kinds of images There are advertisements for different sites well Usually those ads are not loading up from the site you're visiting They're loading up from some third-party site. So essentially, there's you know, imagine that square of Space on the web page is essentially saying Pull in content from somewhere else on the internet and that's what's displaying but because your computer is then connecting to that somewhere else that the The ad is loading up for that that other site may have the ability To track your activity across a series of different pages. So even if you are not logged into a site It may be that because you're connecting to a series of different sites that the advertisers are still able to profile you and connect Your activity on one part of the internet with what you're doing on a different part of the internet But you know, perhaps that is in fact tied to your real identity So that means that even if you think you're you're operating anonymously. Look, I just You know loaded up this page on the New York Times. I didn't log in or anything. I didn't give them any information If you have not taken steps to counter this it's very likely that any number of advertising networks and Data brokers are still able to add that Particular web page visit to the bigger profile they have about you. So this sounds creepy partly that's because the the use of this stuff is Advertising and commerce is kind of turning us into money for The various outlets, but it also sounds profoundly useful like if I had, you know, let's say I had access to the data That Google is gathering on me. I could imagine this, you know You Google could tell me I you may be coming down with, you know You don't know it, but you've been showing symptoms of this thing going wrong or your mental state is this Depression suicide things like that. Yeah, is there is all of this stuff being kept just for advertisers or Are we moving in a direction where we could we could personally gain more use out of this kind of big data? Mining about ourselves as individuals. I mean, there's an entire movement called the so it's called the quantified self Movement that is precisely about people who Enjoy what what's called life logging or really granular measurement of one's own activity and there are I mean your steps, right? I mean look, you know, we we Strap on fit bits or other kinds of Biometric devices that will tell us right how how much we walk today. How many calories we might have burned You know, it may be awkward if if you're wearing it during, you know intercourse for example And that Strange like there was just a murder But for just just by a just a fit bit like his he claimed his wife There was information found on his dead wife's fit bit that contradicted his story about her location or activities And was the thing that broke it for them charging him with murder I imagine that that's the kind of thing we're gonna see happening you know with with increasing frequency just because the ubiquity of Network sensing devices is growing at a very rapid rate and there are you know benefits to this both personal and social at the At the you know the personal level it may be very useful to learn facts about when you tend to overeat or Whether in fact you're getting enough calories on the flip side or what are the conditions under which you actually? Exercise as much as you want to or or just how are you spending your time? I mean, you know the first thing you read in a lot of management books You know the sort of habits of effective people the type of book is Nobody is actually accurate just relying on their own memory about how they spend the time in their day And so it can be very useful to realize gosh. Yeah, when I think I'm Taking up a five minute break to check email or look at the news. I'm actually losing half an hour That can all be useful personally it can be useful socially tracking appliance usage through Smart appliances the internet of things can enable more efficient greener energy use so that we don't need to Burn as much fossil fuel or generate as much energy to supply our needs Medical professional medical researchers find enormously useful big-down analysis that can help them look for patterns of either interactions with medical conditions or Trends in disease propagation, so I mean the reason this is all being done is that it is Profitable to someone which is at least a benefit to them and often beneficial more generally either socially or to individuals You know, I mean to take the sort of the banal case. Yeah, Amazon obviously benefits when they can sell me Products because they know my my reading and music listening and viewing habits But it's also useful to me that you know, I get an email that actually is used is not just You know a random list of bestsellers, but there are books coming out by these authors who Either you like or you are likely to like because you like these other things. That's handy. I've certainly bought Books or music on that basis that I might not otherwise have been aware So yeah, there is utility to all this and I think that's part of the reason we we accept it The the reason to be just cautious though is just that there is nothing intrinsic to how this operates Precisely because so much of the data gathering is invisible There's nothing that guarantees that it's being used for your benefit And when I say it's invisible, I mean you can find out There's a there's a plug-in and I think we're going to talk a little bit more about privacy defense technology There's a a plug-in called ghostory that helps block gathering of information by third-party websites and one of the things ghostory can do is when you load a web page it can Tell you all the different entities that have trackers on that page Then you're monitoring in some way at least your activity if if if only the fact that you loaded that page And you will see that those names popping up again and again, and you should take that as a sign that that is an entity then that Is very likely to be able to correlate the fact that you visited any page that has that that company's tracker on it That's for for any Trump supporters out there if you want something legit to be mad at the mainstream media about it's the Megabytes and megabytes of trackers that they're chewing up your data plan with whenever you visit the New York Times comm or other major newspapers It's astonishing how many there are if you install something that tells you although. I mean Almost everyone does that mean that is that is borderline ubiquitous. I mean even in you think about email And I think they don't may do this So sorry to our marketing people but you know very often when you get a marketing email it'll contain a little invisible image It's called a tracking pixel Which essentially works the same way as ads on Websites you visit that is it is loading that image from a third-party site from some either Kato Delpherson marketing company's site that is Links to a unique identifier So essentially it's a way of saying we know this person opened this email at this time Which then is helpful because you can have a unique Idea associated with a link in the email so you know Did they open this and then if they opened it did they act how many people just deleted it without reading it? You can shut this off most email clients have an option somewhere to disable Usually says load remote images This is one of these things that you may have seen in your settings, but if you don't know why it's there It might just you might just think that this is something that's to save time Loading stuff. It's actually a privacy feature. It's usually not marked that way So even if you've noticed this in your settings if this isn't something you are pretty focused on you might not have realized that That's not just a data Yeah, you know download saving feature, but a privacy feature I'm gonna ask about some things that are not well They're still the internet everything everything is the internet now. It seems the internet of things But you asked about the juicero juice maker, of course the juicero that needs to know that your wife What is it why if I can make that only works if you're connected to Wi-Fi? Yes, of course but no I would ask about Alexa and your smart TV and all this sort of idea that that Alexa is always listening or your TV is always listening and more things are gonna be listening to us as it goes on Is this something that they're also recording? I mean is it listening to the point? Do we think that they're listening to the point that they have our entire conversation somewhere that we have in my living room somewhere in a On a database at Google headquarters, or it's just listening for its name, right? So in theory and if you are technically inclined, I suppose you could Run Wireshark on your local network and look at the patterns of traffic between the wire and wire shark just to It's a device. It's a nerdy thing that 99% of the people listening to this will not Be equipped to use so it doesn't matter It is a piece of software that can scrutinize network traffic Pretty granularly. So if you wanted to see What all the devices on your Wi-Fi network are doing how often they're transmitting data and where they're sending it? It can be used that for security people often use it for sort of diagnostic purposes but so in theory what my understanding is that that a Device like the Amazon Echo Alexa is Mostly just listening for its name and then when it hears its name is transmitting that information back to Amazon But you sort of have to trust if you if you don't know how to use Something like wire shark. Well, you sort of have to trust that that's in fact how it's working I know there is a relatively recent case where Amazon was was basically fighting with the federal government over an attempt to obtain their logs of someone's Alexa traffic For use in a murder investigation like it up with a time line. It was like I wasn't in the house It's like right that can be useful for a number of reasons including right is this alibi plausible was he in fact In town when he said he was out of town Right did he did he say Alexa purchase the killing knife wrench and Yeah, that that's it's interesting, but that brings us to the the kind of I apologize by the way for everyone Who's listening to this out loud in their living room and and you just turn on Alexa We do it. Hey Siri and okay Google. Yeah, so we could say Alexa order a sharp knife And maybe that just happened but but anyway, so for the government We brought up what the government might be be doing with some of these things which of course that's the interesting question here Some people are very Concerned with corporations too. I think that's less true That's somewhat less true of libertarians But we might want to be concerned about corporations are doing with with our data But then we have the government and if they want this Or try to get it for various reasons they could do a lot of stuff to us as you said It's almost like a totalitarian state what how much data they have on us. Is that something that concerns you or Which I actually though that of course it is but is it something that's happening? Absolutely. I mean I Always you know people always say well aren't you more worried about all these companies just have these vast reams of data about us I usually say well Google's never tried to You know black male Martin Luther King into committing suicide So just in terms of the track record And you know more generally yeah companies that are gathering this data because they want to make money and This is not you know true in a blanket way, but by and large this are the most pernicious thing They're doing with that is trying to sell us stuff whereas if we look at the history of Government intelligence agencies we see much more pernicious types of surveillance You know surveillance of Political activists and civil rights leaders for purposes of harassment surveillance for the purpose of of political Manipulation manipulation public opinion manipulation So I think there's some democratic reasons to be more concerned about that kind of surveillance just in terms of motives And also of course in terms of the kind of power they're able to exercise which is that just Google can't really throw you in jail that said Current legal doctrines are such that for a lot of types of data if a company like Google or Amazon has it The government has pretty easy access to it Under a what's known as the third-party doctrine which was sort of established in the in the late 1970s before sort of the internet or mass data mining was a thing The idea is that with probably the exception of the contents of your interpersonal communications as to say exempting the contents of a voice call or a video chat or a You know maybe an email exchange the data these companies have about you and your activities. That's just part of their Business records is not something you have a fourth amendment interest in so it can be obtained by voluntary disclosure or by a simple subpoena and this is the reason of course that the the the NSA's infamous bulk telephone records collection program was seen as By the by the secret FISA court has not a violation of the fourth amendment because again according to this doctrine The information of the type that is kept in your phone bill or in the called detail records Maintained by the phone company is not information You have any fourth amendment interest in and so it doesn't require any kind of particularized search warrant And so there was no constitutional obstacle the courts had held to saying well then fine We want everyone's Every American's call history to be stored for five years for for future analysis That's that's not a fourth amendment search as far as that legal doctrine is concerned So even if you're not especially concerned about corporate uses of it it is worth noting the sort of symbiotic relationship between these companies and and the surveillance state one of the early Snowden revelations of a How section 702 of the FISA amendments act was being used involved a program called prism which was specifically about the partnership of the government with major Technology platforms and communications platforms and technology companies. So basically all the big ones were in there So you had you know, Facebook and Google and Yahoo and Microsoft Al I think was there Because they understand that there is this this very useful symbiosis where companies are gathering very large amounts of data for Their own business purposes because it either makes them a profit or helps them serve their users better or Helps them Secure the run services in the case we discussed earlier where you might want to profile someone's activity to tell it It's a human being and not some kind of bot that might be used by a scraper or a hacker and then Because they've gathered these massive amounts of data under current legal doctrines. The government has access to it Subject to a much lower standard scrutiny And the real rate limiting factor there tends to be the extent to which the companies are willing and able to fight back Sometimes especially when it is semi-public what's going on? They will be more vigorous in trying to Resist Overbroad requests for information When it's entirely secret though the incentives are a little bit different the question is are you as a Company with a sort of fiduciary responsibility shareholders going to spend time and money on very expensive lawyers to Challenge a government request in front of a secret court that is probably not going to Be that amenable to your your challenge and Which you don't get to claim any credit for later You don't get to say you see the other companies. They just gave up all this information, but we fought back Shouldn't you be? You know happy about that and give us your patronage because it's all secret. It's it's something that you are Willing to do only in a sense out of pure public spiritedness Which is not how a lot of companies work So government can be a threat in the sense that if the if private companies are gathering this data It's accessible in some way to the government should they want it can government also Help you see so you hear a lot of calls for we should pass laws That would limit the amount of data that companies can collect about us or limit How long they can store it or require data collection to be opt-in instead of opt-out Do you think that those kinds of laws would be valuable or those kinds of regulations? So I will say I'm a bit of two minds on this I will say I Think it is it is a little bit trolling from sort of a libertarian perspective How much data is being collected about people that really they don't? Recognize is being gathered or how it's being used right we may give one site some information So on the premise it's it's being shared internally for Some reason that that is useful to our reason for for going to that site or for using that service And usually somewhere on page 12 of the 30 page Highly legalistic terms of service that every single site or service you visit is going to have There's something describing their ability to share more broadly than that You know very often our computers are transmitting data again, we're not even Aware is being sent. So I mean you visit a site again by default your computer is sending Some information about the configuration of your browser. What operating system are you using what browser using what plugins? Do you have available? Which very often at least in combination with an IP address giving you a rough location is going to be enough to more or less identify you by fingerprinting that particular configuration in that particular place and So, you know, I'm not automatically and in principle a verse to the idea that There it might be appropriate to say look we should ensure that When people are sort of turning over this information they're doing so genuinely consensually and not because You know, just normal people are not sufficiently technically sophisticated to understand what they're transmitting to these companies on the other hand, I am reluctant to To endorse what would be likely to come out of any actual political process. I think for a bunch of reasons one is just There are different cases that we have different intuitions about I think in terms of what kinds of information It's useful for a site to collect and store. I think a lot of these such as rightly say that just as You know in a sense people might have less meaningful knowledge and consent of what they're agreeing to Because no one can wade through all these legalistic privacy remits at the same time if you make someone opt into every single sort of benign use of information that you might make of of their data that that equally is going to Add so much friction that you you end up foreclosing good and benign uses of information and I think maybe the the most significant issue here is that I I think you're likely to end up With a scenario where a lot of functions just move offshore So you just end up with a lot of advertisers operating in parts of the world that aren't subject to US jurisdiction or traffic being driven to sites that are operating outside US jurisdiction and it's not really clear how you Yeah, how you mitigate that without sort of Balkanizing the internet and saying well, you can't link now to to sites outside the US or you can't have advertisements from companies outside the US It's it's a thorny problem. I mean I think I I don't give the kind of automatic You know Rejection of Of that notion I think there there is some kind of case to be made for it just on on grounds of The idea that people should meaningfully consent to disclosure of information about themselves But it is difficult to see as a sort of a practical matter how you achieve that without a lot of other baggage and Without the trivial circumvention then if private companies are going to continue to collect this data because it's valuable to them and often central to their business model and we're skeptical of getting the government involved in Protecting our privacy online We turn to other steps that we as individuals can take to protect ourselves So you mentioned ghostry which is an ad blocker and ad blockers have gotten more popular And now there's rumors that Google's gonna bake one into one of the upcoming versions of their chrome desktop Browser are our ad blockers a good way to protect ourselves Yeah, I think that one one step in a sort of suite of Things you might want to be doing to protect your online privacy is have Something like ghostry or no script or a range of other privacy protecting plugins that are baked into your browser You know privacy or anonymity online is it sort of sub subset of Security more broadly construed They often tend to go together and complement each other And how much is sort of appropriate to you is going to be a sort of relative question If you want to ask whether a particular location is secure you need to know is it is it Fort Knox or is it your private home? The level of security that's more than adequate for a private home is going to be wildly inadequate for for Fort Knox Because the question is what are you defending against? So if it's a question of I don't want to be casually tracked by Advertiser companies then yeah, that may be The sort of the primary thing you want to do In terms of your online privacy or anonymity more broadly you might have different needs if you are You know a journalist or an activist or an academic who's communicating with people in Parts of the world with more repressive governments So step one though certainly would might might be to do something like that You used to add blocker right now. What about something like passwords, right? Like should you be using? Really long passwords or different passwords for everything. Yeah, it's it's It's worth noting that because we're a you know public policy think we're talking about government surveillance in an essay but at least in the short term in terms of practical impact on on ordinary people who aren't Activists or academics or journalists It is likely that the the most realistic near-term privacy threat is some kind of criminal hacker stealing your information leaking stuff online We've seen of course plenty of high-profile examples of this happening the last few years ranging from celebrities having their photos leaked companies having their internal documents published and Yeah, in terms of the The way that happens we hear a lot of focus from security folks on what are called zero-day Exploits meaning some new vulnerability and a pretty good piece of software that has never before been disclosed and so hasn't been patched but the truth is most breaches are not the result of some zero-day exploit much more common is either old vulnerabilities that just have been patched but the system hasn't been updated so Someone just hasn't bothered to go to the newest version of the software that is secured against publicly known security holes, but also Password phishing or password guessing people use weak bad passwords and they use the same password across multiple sites the easiest way to Avoid this is to use a password manager something like One password. There's a whole range of these I Use one password, but there's a whole a whole array most of which are pretty good What are those do the idea there is that they will generate very strong and long passwords of the kind of human being might have trouble memorizing and Store them all and automatically fill them in so you have a little app either in your phone or on your Your desktop that plugs into your web browser and ensures that you've got a strong hard to crack unique Password for every site so that you're not compromised across all the sites you use if one of them is breached And and that it's you know the kind of password you might not want to try and memorize Now the downside to this is of course if the if the master Password file itself is cracked and usually those are stored Encrypted so you need to memorize at least one strong password Which is the one you're using to encrypt all those well too, I guess because also the one you're using to Encrypt your the device itself But so you do have a sort of central store there, but there are not a lot of practical cases Where that is breached? Where even without a password manager you you're not already essentially done So for example, someone might have a keylogger installed on your computer so they're able to see when you unlock your Password manager and decrypt that file and then they are able to steal the file But of course under those conditions if you don't have a password manager, they're still able to see What you're typing and steal all your passwords, so on the whole I think those are a great A great tool to and it's probably the most simple practical thing you can do to make yourself more secure Actually, it's about government but in general against attackers of any stripe I will say if you don't want to use one of those It's not that hard to have better passwords One thing you can do is use a phrase instead of just a word I mean most sites now will let you take a pick a pretty long password. So some weird String of six or seven or eight characters with all sorts of special characters It's probably not as strong as just a string of five English words in a row If you want to if you if you can't do that if it won't let you use a something that long You can create Mnemonics to make things more memorable. So Mary had a little lamb its fleece was white as snow and everywhere that Mary went The lamb was sure to go The first letter of every word there is a 22 Characters and you maybe throw in a couple digits at the end. You've got something that's pretty I wouldn't use that one because I just used that specific example on a Podcast we're talking about security everyone's gonna have the same password Julien. Look what you did But you can pick a very memorable phrase and then use the first letter or the last letter of each word to create a string that is sort of gibberish and Very long, but that you're not gonna forget anytime soon And it would even be safe to write down Right people make fun of oh the idiot who wrote his password on a post-it and yeah You know if you write down Bank of America then the exact password. That's not a great idea although I mean in general physical spaces are You know providing you a fair amount of security right if you've got a very secure password and the the attack surface is Someone has physical access to the location where it's stored Maybe that's another problem. It's not it's not a great idea if it's your if it's your office But where lots of people have access, but if it's your home or your wallet And you can write it down in a in a more obscured way, so I might write down You know river to remind me bank and then Mary to remind me the first letter of the lamb you've got a way to write it down so that you remember What's associated with each site without actually having to write it down in such a way that it would be useful to an attacker if It was stolen what about something like using your fingerprint for your phone because we had this with San Bernardino The question of can the government force you to put your fingerprint on her phone and we have some searching at the TSA Saying I'm going to search for should should you be using a fingerprint or should you be using a passcode? I do is there really matter so the first thing to say is For the way in practice most people use devices you the The the that device your smartphone is sort of the master key to everything else unless you are Very very willing to do a lot of stuff manually that that most people are not it probably has stored credentials to all your other sites So someone has access to your phone. They have access to essentially every other secure site you're You're using and probably all your email and frankly if they've got access to your email They've got access to everything else because just about every site has some sort of password reset function Which means you can reset the password by having it send you an email And even if they have two-factor authentication the most popular form of two-factor authentication Meaning they're using a password plus something else. So guessing your password isn't enough Is a text to that phone? So the sort of single biggest security hole in most people's life is their phone. So that should certainly have a very strong strong passcode don't don't keep it un unpass coded certainly and Certainly, I mean don't even use a four or five or six digit You can only use six for an iPhone though. That's you can know you can you can change it to you have to go into the settings Oh, really? I want a long a long form passcode, but it's absolutely worth doing The fingerprinting is one of these to trade-off things now if you're if your threat model is primarily the police or the government One trade-off here is that if you're a drug dealer or something like that. So so so all the drug dealers This is a very popular podcast with narcotics traffickers, but If your threat model is primarily the government a lot of courts are holding that under the Fifth Amendment right against self-incrimination You cannot be compelled to cough up or enter your Passcode or password But you can be compelled because it's not testimony to give them a fingerprint and I think legally that's that's Very plausibly the right answer But it does mean that if that's your your threat model that that may Create a problem now and this is mitigated to some extent even in that scenario because One you only have so many tries of the fingerprint on the on the phone Before it requires the full passcode it requires the full passcode if the phone has been powered down or it hasn't been unlocked and 48 hours so in a lot of scenarios Even if it has the fingerprint Unlock capability by the time someone is actually legally compelling you to do so It's not relevant because the passcode is is at that point Still required anyway, you can mitigate that by choosing a non-standard finger so I Won't say which one I use but most people use their thumb if you pick a different one It might be a little less accurate, but it also means if someone's pushing your thumb on On the thing whether the government or a mugger in an attempt to get it unlocked Because you couldn't be compelled to tell them which finger you used presumably not It's not working man. I don't think the courts have tested that one, but But and you know frankly look these things are not perfect So, you know would someone know whether it was just what you were sweaty and I didn't quite read it, right? Or oh whoops. I was really using my pinky That said I think on the whole For most people the fingerprint reader is a security benefit Because it makes it practical to use a long strong passcode If you only are gonna have to enter it when you reboot your phone Which most people don't do on a daily basis as opposed to every time you want to use the phone If you want if you need to you know punch in something every time you're using your phone It's most people are just not gonna in any practical way Use some 25 character complicated thing And even for these other security solutions like those Visual patterns you sometimes see on Android phones where it's you basically draw a little picture In theory the number of different possible combinations is huge in practice Almost everyone uses a much much narrower range of The possible things you might draw a lot of people just use the essentially the shape of their first initial So that may not be as secure as you think and also there are other sort of attacks on A passcode that's being frequently entered so You know if you have to enter this On a device that you're using in public all the time the odds grow right that either Through just a person looking over your shoulder or a camera that Use you know applying some kind of sophisticated software analytics is able to tell from sort of minute movements of your fingers One of the why you're typing in one of the waiters at Mar-a-Largo, or yes Is going to be able to derive that passcode So in terms of practical scenarios, there are a lot of ways your fingerprint can be obtained But there are a lot of ways a code that you're entering frequently can also be obtained if you're doing so In public and on a regular basis. So to the extent the Fingerprint lets you choose a stronger code and you still need to enter the code Whenever the phone shut down. I think that ends up being a security benefit the other one that we hear a fair amount about is Is Encrypted messaging apps so the libertarianism org team there's six of us and we are use instant message to talk instead of email because emails horrid And we use telegram Not just because it's the messaging app of choice for Isis but We like it is does that they're motto. I don't I don't believe so But does that mean our communications are safe are these these apps a good way to go I mean it depends what your what your threat model is if your threat model is I think that I am specifically being targeted by a One of the more sophisticated state intelligence services They're probably gonna compromise the endpoint that is to say they're probably gonna hack the end device One of the end devices so they've gotten to my computer right at which point the encryption Transit doesn't matter so that does that mean that they're probably kind of talked about with Patrick Eddington some of this stuff But that they're probably going to I don't know pretend to be the cleaning crew of Kato and put a USB and Aaron's computer That is that we mean by hacking the end device well, and there are other ways that that People can be hacking. They don't even need physical entry. Okay, so you know vulnerability that is able to install a Keylogger that said that's a pretty small percentage of people certainly of US citizens at least in terms of US Compromise if you're a business person who travels abroad You you may well be a target of you know China or Russian intelligence for economic espionage reasons So it's not a perfect solution that is not to say don't do it. It's absolutely worth doing because that's the extreme case You may have to do take other measures To avoid that kind of worst-case scenario for targeting, but yeah, absolutely. I think it makes a lot of sense to use secure chat as as much as possible I personally use signal and I'm hearing a lot of buzz recently about a an app called wire I just installed recently the problem is it's so recent that not a lot of other people except for extreme security crypto nerds are on it yet but Those are both pretty good. I think most of the security folks. I know tend to prefer signal to telegram There are you know, there are various trade-offs involved signal is based on your phone number So this is one of these sort of security anonymity trade-offs So it will secure the content of the communication. You do have to Give out to people who you want to communicate with you information about your phone number So it's not great as a sort of totally anonymous form of communication. Whereas wire which is newer Operates on a username basis so you can just give out your username. They're both end-to-end encrypted meaning the company itself Does not have access to the contents of the messages so they can't be turned over Either to a government's not just the US government any government that tries to force them to hand over the contents of your messages and I know signal at least just doesn't keep much in the way of metadata For very long anyway, meaning they don't even have a log of who is communicating one thing I will say is it is Worth it to the extent that using this stuff both for your own purposes and because it provides a kind of herd immunity To make this stuff the default and not just Something you use for particular secure applications. I was talking to a friend who Is a journalist and was very proud about having just installed signal finally said well now I finally I can have secure communications with sources and I say okay So are you using this as your default for all your communications with your sources? And he says well no I only you know I use it when I need to discuss something sensitive and I say well then you're just wasting both of your time because If you're communicating with all of your sources regularly Through email unencrypted email and then Suddenly you switch to signal for one source and then you publish a story that has some You know classified fact in it You know, it's not going to take a super genius to Figure out what what's happened there the security comes from Always using the secure technology so nothing stands out In a way that would reveal something about About the activity at least you know in the use case of a journalist where the fact of a different kind of communication would be Enough to let's say lead a leak investigation to do the leaker so and there's a more general herd effect just because You know a lot of governments look for encrypted traffic as a sign that you must be up to Know good, of course, so if everyone's just using it all the time All of us use encryption basically every day if you have a modern smartphone It is encrypted if you ever connect to a site that you have to log into with a password that part at least is encrypted in general You're using encrypted all the time because otherwise All of your traffic can be siphoned up and read by by someone else. It's just that it's usually not Visible to the user the whole point is that it has to be so seamless enough that you don't have to be actively engaged Beyond just confirming that yes the little lock icon is there and that Or more often You know if something's wrong and not secure icon is there to tell you maybe you shouldn't input your password on this site But to the extent that you are not unusual either in terms of your own activity But also in terms of the general population for using for using encryption that Makes it less useful as a sort of indicator of wrongdoing What's coming? I've always is scared to ask these questions for our tech policy friends Who look at to see what sort of things are coming at both in terms of? Surveillance fears new tech to keep our own privacy Is this going to become? better It's you know security better. We're gonna be more secure in in ten years or is it is it gonna? I mean, it's very hard to predict because we were in I think a constant sort of arms race between the I guess the data gatherers Whether it's for marketing purposes intelligence purposes criminal purposes and the people who want to try and Keep things secure. I think that the trend is definitely sort of in favor of the data gatherers because It's become a lot easier to keep communications secure But it still takes a fair amount of effort if you want to be really Untraceable or invisible. There's a new book out by the Former hacker Kevin Mitnick called it the art of invisibility and one of the things that jumps out is that if you really want to be Robustly invisible it takes a really dispiriting amount of effort and there are Two sort of trends I think are worth watching the future the the big one is what's sometimes called the Internet of Things But more generally the fact that Basically everything has a computer embedded in it now and Sensor-enabled networked computing devices are now essentially ubiquitous. They are in our cars They're in our kitchen appliances. They may be in our bodies if you have a pacemaker They're in sex toys now Almost anything you can name Has and increasingly will have a networked computer in it and often a sensor in it And this is going to be enormously convenient in a lot of ways Some of which we detailed at the beginning of a dialogue here but But it does mean it's going to be a lot harder to Have that assurance of robust security because it's no longer enough to Encrypt your communications you have to worry that your television might be able to hear the pattern of your keystrokes From which you can very often Determine what's being typed because human beings? Have hands that are structured in a particular way. We don't type different letter combinations with equal speed and so and this is a real attack that that Isn't seen people actually be able to use If you can hear the sound of those keystrokes and you know, this is someone typing in English You can very often reconstruct what is being typed from the pattern of of sounds When that becomes, you know a realistic attack vector it's not just Can I secure securely encrypt this transmission? But You know am I aware of every Sensor around me When I'm using that device and that's going to become increasingly impractical in a lot of ways Especially if you want to for example Do something or send something connected to a network outside your home where it's less easy to associate with you individually The other thing that I lose sleep over is what is I think presaged by the apple versus FBI fight That is the fight they had over the the San Bernardino Shooters phone and whether Apple would help them crack the encryption on that that was portrayed really as part of the the crypto wars But in a more fundamental way I saw that as the first Salvo and maybe a new fight over government access to developer keys You know, we have these arguments about Whether certain kinds of encrypted software or communications platform should be built with government backdoors But basically any modern computer system most modern computer systems used by most human beings Have a kind of back door already. It's called the update system right to keep your phone and your laptop and your Alexa and your smart TV secure as new vulnerabilities are discovered. It needs to accept updates To add new features but also to Ensure that vulnerabilities are patched and the way the devices regulate access ensure that what they're getting is really an update and not a piece of spyware is There are cryptographic keys held by the developers used to authenticate that yeah, this is really an app a new update from Apple This is really a new update from Microsoft And you saw in one of the legal briefs in the Apple FBI case a sort of footnote from the FBI saying Well, look if Apple didn't want to have to be forced to write code themselves to help us You know, we would be willing to just have them hand over their encryption keys and we'll write the code We thought Apple would not want to have to do that and of course that was an understatement because they understand that that would be catastrophic for both security and For the sort of the ecosystem of trust that Software depends on as soon as people recognize that keeping your software up to date May mean Installing spyware that some government has forced the developer to turn over you have I think an unsettling scenario where people become wearier of of Installing updates which creates other kinds of security problems and so You know sooner or later, I think some government, you know, if not ours China is going to start trying to demand things like access to developer keys, which is to say the the back doors to All these devices we're relying on At which point we're I think going to have an interesting discussion about models for Securing devices against that kind of attack, which is a which is a sort of hard one So one solution is if you are a very very hardcore privacy person and Nerdy enough to be willing to slog through using command lines for a lot of stuff You might know about a very secure operating system called tails Stands for the amnesiac incognito Together with the L is for system And the idea here is that this is an operating system that you keep installed on a USB key that basically is amnesiac It starts afresh each time But it's also an an open source Product which means that when a new version of tails is published Posted online the source code is posted online and you can confirm that the new update version you're downloading Manually is in fact the same as the widely published general release version That everyone can look at the source code of and confirm that doesn't have any spyware in it That is Secure against that kind of attack you are manually downloading this stuff You have a way of confirming that what you're downloading matches source code that's been publicly vetted But that's a lot less convenient than your phone has a new update. Are you ready to install it now, of course? Apple's trying to do a lot of this stuff behind the scenes about you know in terms of verifying the authenticity of the update, but By taking you out of the loop you are in some sense required to trust Apple required to trust Microsoft required to trust Android About what you're getting So it remains the case that Serious security and privacy protection are achievable, but often come at a significant cost in effort and usability the people I know who should spend the most energy Making sure that they have the capacity to retain remain a secure and anonymous online are also people who spend a Lot more time thinking about that and worrying about it and learning how to use tools to do that than normal people want to So I think one of the the promising trends we're seeing is that things like signal and wire and other types of applications are trying to solve the problem of making it as possible for ordinary non-supergeeks To achieve levels of privacy that you used to have to you know, know how to compile your own current all kind of stuff To be able to practically use But we can see there are still a lot of places where there is that trade-off where if you don't want to have to roll your own essentially you don't want to have to Be willing to personally get involved in manually Confirming the security of something that essentially means trusting some third party and that is always the weak point in any in any sort of security situation Thanks for listening this episode of free thoughts was produced by test terrible and Evan banks to learn more visit us at www.libertarianism.org