Overview #
- Will give an overview of why she runs it, what the Library Freedom Project is, how she got started, what it involves
Prior Context #
- started: July 2013, June 2013 was when Edward Snowden come out with his revelations
- Alison points out that she’s not “anything new” in librarianship, privacy work & intellectual freedom has been a part of librar* for a long time. (image of Jessamyn West’s FBI National Security Letter canary sign, which she’s been doing since about 2002)
- 2005 Connecticut Librarians who challenged the constitutionality of the gag order (Connecticut 5?)
- Library Awareness Program, late Cold War FBI program targeted libraries, believing them to be KGB houses, she recommends a great book on this called Surveillance in the Stacks
Current Things #
- Recent backlash against privacy, i.e. “Why protest unless you have something to hide?” standpoint
- NSA hoovering up both metadata and content full-take programs, they siphon it out, “Collect it All” is their approach
- XKeyscore, their data retrieval system, uses selectors to look at data & metadata they’ve already collected with other methods; “It’s kind of like their Google search for what they hold”. Gets down to “Germans who use chat forums in Pakistan” level specificity
- PRISM program, involves a lot of services
- Section 215 of the USA PATRIOT Act, to request any tangible thing; technically sunsetted, but brought back in zombie form, now “anything related to terrorism” verbiage but we know that’s something that can be wildly used & misused because when claimed, don’t have to
- Section 702 of FISA act. We know that US person data caught up in this, which is both unconstitutional & unethical.
- Clapper or (someone else) says that “We kill people based on metadata,” i.e. helps show when the materiality of the message differs from the content, i.e. not in Miami (said) when transmission shown to be in Bloomington
- 1033 Program of moving military equipment to police departments. NYPD has something like 30 foreign offices, usually done on tourist visas. Do lots of surveillance abroad, closed-circuit cameras & license plate reading cameras that read the numbers & catch people as well. Basically real-time tracking cameras. Then “domain awareness centers” share all this info. Often target neighborhoods where many POC live.
- Black Lives Matter program, spying on by Department of Homeland Security, local police have, etc. This is all protected 1st Amendment action aimed at civil rights, but heavily surveilled anyway. Muslim communities also heavily surveilled. “Countering Violent Extremism” programs as well.
- Should see all these things (War on Drugs, War on Terror, Profiling & Policing of POC, the unequal incarercation of POC) all involved. Assemblage all comes together. Law around it is either too outdated or the law directly supports these actions. Also DEA routinely breaks the law with no repercussions. Used against lawful activities by marginalized peoples/communities.
- Everyone is caught up in the dragnet, but certain communities are currently & historically have been the target of these. This historical context lets us know the purpose of these surveillance programs.
Letter to MLK from the FBI #
- Letter telling MLK to take his own life or be shown to be “a fraud” who has slept with other women besides his wife. (Apparently based on recordings of his hotel rooms.)
- Determined to be from the FBI, information about MLK’s sex life as blackmail
Companies & Data Mining #
- No right to privacy because of Third Party Doctrine, if given to a non-governmental agency, you have no expectation of privacy
- Google is the scariest one. They have a total picture of who you are & use it for advertizing. They have a troubling relationship with
- Google Ideas (Jerod Cohen) also works with US on counterterrorism, he’s a State Department guy who also works for Google. Worth reading Julian Assange’s interviews with Schmit & Cohen.
- NSA is ~70% {I think I heard that right?} private contractors.
- Great image of Google as Iron Giant, looming behind Facebook & Big Brother robots lurking over laptop user
Libraries! #
- “Nothing to hide” approach suffers from profound failure of imagination. We all have curtains in our home windows & are all wearing clothes.
- Pew Research Center: “Public Perceptions of Privacy and Security in the Post-Snowden Era”
- PEN America, “Chilling Effects: NSA Surveillance Drives U.S. Writers to Self-Censor”, 1 in 6 writers has avoided writing or topics because of security. Another 1 in 6 has seriously considered doing so.
- There’s also a newer, even more profound study out (also by PEN America)?
- Would someone write Lolita today? Probably not. No one is putting those search terms into Google.
Librarians and Technologists Can Fight Back! #
- Teaching & building freedom-protecting technologies
- This is what she does with the Library Freedom Project!
- She teaches librarians because librarians have relationship to all kinds of people, varied in academic libraries & even more so in public libraries. Libraries are often the only free public computer system in a community. Her high school still doesn’t have a computer tech class, for instance.
- Kade Crawford writes the Privacy SOS website, ACLU Massachusetts
- ACLU lawyers as well
- Works with TOR Project, the TOR browswer, etc. They build the tools that she ends up teaching; she does outreach & informs them on how to make tools more user-friendly.
What she teaches:
- Threat modeling
- Encryption
- Free & Open-Source tools
- “Encryption works” - Edward Snowden
Tools:
- TOR Browswer
- How to run TOR relays, easier for institutions to assume some of the legal risks
- DuckDuckGo & other search browsers
- Privacy Badger
- No Script
- Disconnect Me
- Jabber
- Red Phone
- TXT Secure / Signal (works automatically), What’sApp is based on similar encryption but doesn’t work as well by default or advanced implementations
- TAILS, Linux Debian (The Amnesiac Incognito L~? System), useful for using a computer that’s not your own w/o leaving anything behind; lets you subvert computer filters
- KeyPass
- Dice Generator (?)
Principles:
- If it’s not saved, it can’t be subpoenaed
- Encrypting sites with HTTPS, also how to do HTTPS Everywhere
- Let’s Encrypt, free, open, automated certificate authority
- should be out at the end of 2015
- Jeremy Hammond, now in prison, hacker responsible for the leak that exposed the Dow Chemical disaster in Bhopal, India. He was caught because his password was Chewy123 (his cat is named Chewy).
- We can make surveillance more expensive for the spies, makes more work, therefore make a sort of herd immunity, harder to de-anonymize a particular person.
- Libraries are great places to teach this because we’re a trusted space that already is structured around privacy issues.
- A lot of these security-building institutions are excited that librar* are involved.
Q & A #
{I’m paraphrasing heavily for this section}
Q1. What’s a PGP Key?
- She uses Thunderbird, Enigmail, a PGP suite, then make your keys, etc. It gets easier as you go along, other person also has to use it.
Q2. Epistemological question: how do we know these technologies work? We seem to be safe in aggregate already, but that’s changing?
- We’re not already safe in the aggregate. Google’s ties with the security departmant. Shouldn’t overtrust any software. She trusts free & open-source software because she can look at it & how it works. She might not read that particular programming language, many people can look at it together. Many eyes that scrutinize it; it’s the most transparently examined. She says that individuals should think for themselves.
- Sandstorm, is all former Google security people doing a self-hosted Google Drive alternative.
Q3. I have made a strawman out of your nuanced positions and talk. Discuss? {My heavy paraphrase}
- Alison calmly interjected “Do you want me to answer your question or not?” when the asker made a litany of supposed (demonstraby incorrect) premises. I thought she handled this exceedingly well.
- Alison says she teaches domestic violence victims about privacy tools, which is often over their heads but their threat model means that they’re willing to learn about it. She desperately wants to make these tools better.
- She wants people to know what decisions they are making. Leave it up to the users.
Q4. What’s out there that is accessible for disabled users?
- TAILS is good because Debian has accessibility tools built into it.
- TOR project could use expertise on disability issues.
Q5. Ron Day: I think what you’re doing with public libraries, gives us a mission & is empowering. With so many library things outsourced to private enterprises, how does this sit with librarians who have their collections pushed out to private vendors?
- If there’s a relationship between LFP & that outsourced problem, it’s that thinking through privacy leads to thinking through outsourced. Adobe data breach, for example. She also shows that there’s a way to have relationship with community-based efforts (FOSS), not just privatized ones.
Q6. Currently having a lot of data isn’t equal to being able to use the data. But as artificial intelligence & other technologies become more sophisticated, will they be better able to actually use the data?
- She disagrees with premise that data isn’t currently being used. It’ll definitely get worse as analysis of large data sets becomes easier, also important how individual circumstances change & people become surveillance targets.
Q7. Why is Snowden such a purportedly revelatory thing?
- Stasi archives in Berlin, 2 city blocks, 4 stories high. Great tourist thing. If make NSA to equal height, it’d cover all of North America, down almost to bottom of Mexico, plus parts of the ocean.
Q8. What about the arms race of escalating privacy technologies?
- { Did her answer imply that Silk Road dude got powned by NSA because of social engineering rather than the technology itself? }
- Alison: If I were NSA, I’d try to run every TOR exit node so I could analyze things.
Q9. Hacking Team leaks, a malware for surveillance thing
- Hacking Team also works with campus police departments!
- When leaked, read Email, learned source code, capabilities, had 3 zero-day exploits just for Flash, which made Flash immediately get patched.
- Leaks work well for this.
- WikiLeaks has Hacking Team data dump, you can search for it.
Q10. Internet of Things?
- Don’t use smart fridges, basically. Avoid Internet of Things.
- Someone hacked into an IoT rifle, hacker does it. Sousveillance (the things we carry are watching us), also watching people who are watching us.
Q11. Statement rather than question: Insurance companies & data logging
- ACLU & EFF are trying to fight back against data logging. EasyPASS trying to make it so that you can’t pay toll roads with cash, only cards. “It’s like trying to catch a tornado with a teaspoon.”
- EFF was trying to get classic car tinkerers fired up about this, because new things make it impossible to alter things with your equipment.
Q12. Ron Day: General question about how you set up these sessions, how it sets in with ACLU. Why is this different than ECHELON? It affects the perversion of entire state. Now dealing with vast corruption, Fisk court pretty dubious. How do these problematic issues of national corruption get displaced by arms race idea? Does it lead to escalation of tools & entrepreneurial class?
- Not technological determinism, not buy/get new thing. She’s interested in technology for what it can do for us while we continue fighting for legal change & other justice issues without fear of reprisal. Reforming law takes a long time, tools necessary in the interim. Also technology is an easier first step than legal fights.
- Ron: almost like an addiction (as William Burroughs argued) between the hackers hired by NSA & then the counter-hacking. Interesting that it’s really a 4th Amendment issue. I want to apologize if I implied criticism.