Intervention at Mydata 2016 Helsinki on data protection, privacy and encryption

 

After the adoption of the EU General Data Protection Regulation – what next? Join DR.  MALTE BEYER-KATZENBERGER (Policy officer, European Commission, DG CONNECT), KASPAR KALA (Advisor at Ministry of Economic Affairs and Communications), TARU RASTAS (Senior Adviser in the Finnish Ministry of Transport and Communications), PHILIPPE DE BACKER (Belgian State Secretary for the Fight against Social Fraud, Privacy and North Sea), DIEGO NARANJO (Advocacy Manager of EDRi), JARNO LIMNÉLL (Professor of Cyber Security, Aalto University) in a Panel Discussion on policy making for personal data at the mydata2016 conference.

MyData 2016 was an international conference that focuses on human centric personal information management.
MyData is an initiative to help people gain more control over their personal data.

Interview at Críptica.org (English translation)

6912948733_c69c164f99_o

(Note: This is the English translation of the interview I did for Críptica.org, orginally in Spanish. You can find the original interview below or at the original site: http://www.criptica.org/2016/02/10/entrevista-a-diego-naranjo/ )

1. For those who do not know you, could you please present yourself?

My name is Diego Naranjo and I work as Advocacy Manager at European Digital Rights (EDRi). EDRi is an umbrella organisation of civil rights groups working for the defense of human rights in the online environment.

2. When did you become aware of the importance of protecting your privacy? Was there any specific moment that affected your current views on this subject?

The “dystopian” books 1984 by Orwell, Fahrenheit 451 by Bradbury and A brave new world by Huxley made an impact on me during my teenage years. Since then the idea of resisting the Big Brother influenced my way of thinking and marked my political positions.

3. Do you want to talk about any of the projects related with security or privacy (regardless of their technical, social or political nature) in which you are currently involved?

This year we are focusing in EDRi in a campaign against the EU PNR Directive, that may be passed in the European Parliament in the following weeks; we will also work in the review of the e-Privacy Directive, since after the initial agreement of the General Data Protection Regulation (GDPR) needs to be reviewed; finally, we will start working on the implementation of the GDPR and be alert on the attempts of establishing new data retention laws at national levels.

4. What kind of practices do you do in your every day life to protect your privacy, both in the digital and in real life?

I do similar activities in both the digital and non-digital environments:

In the online environment:

1. I only use Free Software in my computers.
2. I use end-to-end encryption (PGP) daily.
3. To communicate with friends and working colleagues I do not use Whatsapp, but Signal and Telegram instead.
4. I do not use social networks which are especially invasive as Facebook.

In the non-digital world:

1. I advocate for the use of free software tools by public institutions through my regular advocacy work, for example via proposing amendments in non-legislative reports or in the proposals of EU legislation.
2. When using snail mail, I use envelopes for private information and postcards for not so private information.
3. I try to do more meetings in person and public speaking than online, when possible.

5. What would you tell the ordinary Internet user, who says that he has “nothing to hide” or that believes that privacy is something that should worry those to “do evil things”?

This is a “zombie argument” that comes back to life after every pro-privacy initiative. The reply to that statement is that privacy is not related to “hiding things”, but with freedom of expression, freedom of assembly and other fundamental rights. Everyone should be able to talk with their friends, express their fears and opinions without being constantly under surveillance. Otherwise, this leads to self-censorship and people not being themselves. This could lead to all sort of problems, including health related ones. Would you look up the address of a clinic that performs abortions if you think your boss might be reading your private messages? Are you going to look up for information in Google about ISIS si that could lead you to be in some data base as a suspect of supporting terrorism?

This “chilling effect” can be seen in other scenes in our daily life. For example, when you drive and you notice that there is a police car driving next to you, no ones stays indifferent: You revise everything mentally: You wonder if you have the documentation of your car insurance and if your seat belt is correctly fastened, if the speed is under the limit and, generally, you put yourself in some sort of “alert mode”. If we all take our smartphone everywhere and we communicate more and more often using the Internet we can potentially have “a policeman” looking over our shoulders constantly. Who wants to live in a state of permanent alert? What kind of freedom would that be?

6. What kind of tools, habits or practices would you recommend to non-technical users to improve their privacy?

Edward Snowden has proposed several easy tips that can improve your privacy easily without being a very technical person.

For those who have what it could be called “below user level”, my recommendation would be not installing those apps that require access to your information without needing it to perform correctly (for example, the torch app which asks ro access your contacts). A step further from that would be using by default apps that are on the Free Software repository F-Droid, since they are are free and ‘gratis’, and only in case you do not find what you need going to Google Play or Apple Store.

You could also use search engine DuckDuckGo.com instead of Google, in order not to be tracked.

A step forward would be using Free Software daily. There are already many distributions out there (Ubuntu, Linux Mint…) that debunk the myth that Free Software is only for geeks.

7. To what extent do you think that the criticism of massive surveillance involves the involuntary legitimation of targeted surveillance that, nevertheless, violate rights of those affected by those measures? (Example: #Spycops case in the United Kingdom)

Indiscriminate mass surveillance is, by definition, contrary to human rights, as the courts in Strasbourg and Luxembourg have said repeatedly (cases Digital Rights Ireland and Schrems –in the CJEU, case Szabo and others in the ECtHR).

Targeted surveillance, on the other hand, is not a blank check. It must be prescribed by law and follow the criteria of necessity and proportionality. In order to be lawful targeted surveillance should include a system to prevent abuses: In cases of spying agencies (“intelligence agencies”) being the ones doing this surveillance, they must be subject to the control of the State, including judicial supervision. In the case of the surveillance performed by law enforcement agencies, this also needs to be done following the Rule of Law, including that no one si subject to surveillance without judicial authorisation and that, in some cases, this cannot be done even with that authorisation (for example, conversations between a client and their lawyer and a doctor and his patient).

8. Which institutions, acts or institutions are a threat for freedom and privacy online? Who should defend these rights?

The Internet of Things and Big Data are threats that need to be neutralised right now. The effects of these technologies lead to the creation of profiles and the ways they can be used to control population is alarming. Multinationals that make profit out of our personal data (Google, Facebook, Skype-Microsoft and others) are a constant threat, as we have seen after the Snowden revelations.

Defending these rights is the duty of citizens. Rights, as muscles, are strengthened by exercising them daily. If we do not do this, we become weaker as societies and as individuals. Since policies related to privacy are decided increasingly at the European level, we call citizens to get organised in associations and to get involved in the campaigns organised by organisations like EDRi, Xnet, Access Now, BEUC and others. If we want to shape our future freedoms in the digital world, the moment is now.

9. Do you believe that there are important differences between “traditional” political activism and the activism focused in the defense of human rights online or “hacktivism”? We at Críptica see a “gap” (generational, technical, gender based…) between both ways to intervene in politics.

Inevitably, human rights activism in the online world requires some technical skills (sometimes, very basic ones), which can leave outside some activists (for example, older generations). When this is not the case, we see that digital rights activism is identified with hackers and geeks, when it is obvious that almost everyone has a smartphone, uses e-mails and therefore the risks affect all of us.

When I introduce EDRi, I always highlight that we EDRi is a human rights organisation. Otherwise, when we talk about “digital rights” it seems like we are talking about “human rights for the developed world”, when in fact we are talking about the same human rights we already have offline, but applied to the online environment.

There is another issue, maybe more important. It is true that there are fights which are more urgent than privacy: climate change and social inequalities are two of the main ones. However, these battles are going to be fought, to an increasing extent, using digital tools. If we do not control those tools and we prevent indiscriminate surveillance we can see these fights seriously threatened and compromised.

10. Finally, what do you think should be, in your opinion, the aspects that as a political movement (from the “digital rights” organisations) we should have to improve?

1. We need to create a global discourse about surveillance and privacy which is not connected to the rhetorics of the Big Brother so we can get closer to citizens. We need to find and use positive examples (talking about freedoms rather than fears) in order to reach a wider audience.

2. Support economically (via donations, crowdfunding…) free software and privacy tools in particular, and use them. A first step could be, for example, convincing five people with whom you communicate the most to use Signal and communicating with them (sms and calls) privately. Signal is an app that is free of charge, it is free software, it is easy to use, and replaces your SMS app, so you do not need to use two different one for the same purposes.

3. We need to organise at local and national level to work on these issues, and also work in alliances at the European and international level in order to be more powerful. We need to put constant pressure on Members of the European Parliament and on the European Commission, since they are the ones that to a great extent decide on our online freedoms.