AlterEgo

Digital Identity Management in the Surveillance State


I’ve become quite accustomed to being the most paranoid person in the room. Before June of last year (the Snowden Revelations), I quite regularly needed to defend myself as a conspiracy theorist. Its truly amazing how quickly suspicionless dragnets have become the new normal.

Now, I try to be prepared with an answer, when I am sometimes asked, ‘Why would I need to worry about the NSA [CSEC, GCHQ or your government’s equivalent]? I don’t have anything to hide.’ My response will vary according to the circumstance. And I’ve found the question arises less frequently lately.

I give much ongoing credit to Ed Snowden. In June 2013, he revealed publicly for the first time that, since the 9/11 attacks, the US government established sweeping, illegal dragnets that captured not only the metadata, but also the content of every phone call and email traffic of every American, and internet users globally (there are fewer restrictions if the NSA thinks you are a foreigner). Until then, I truly was simply written off for my suggestions surrounding privacy.

Snowden has been on a virtual speaking tour recently, with presentations to SXSW, in Austin , and a March 2014 TED Conference in Vancouver. Interestingly, Richard Ledgett of the NSA took the chance to respond at the latter. Ledgett leaves us with his ‘idea worth spreading’ as: “Learn the facts. This is a really important conversation. The issue of privacy and personal data is much bigger than just the government…and finally, Look at the Data.” I think we can all agree with that.

The Stasi Files

A world of indiscriminate tracking, where institutions (government, enterprise and freestylers) are stockpiling data about individuals at an unprecedented rate, can result in unexpected and quite extraordinary circumstances.

Its worth remembering that under some recent illegitimate regimes, people were classified, promoted, demoted and otherwise categorized, based on data (and, in fact, meta-data). We are trusting the storage in perpeptuity of vast troughs of our own personal data to enterprises, governments, marketers, freestylers, political campaigns and others.

‘The truth, when you finally chase it down is almost always far worse than your darkest visions and fears.’ H.S.Thompson

Seemingly innocuous behaviors (searches, browsing patterns, telephone calls, travel patterns, or some combination) taken out of context or easily recharacterized in the future, by authorities (legitimate or not), competitors, marketers, hackers and others, for various purposes, including discrediting, sanctioning, disenfranchising, selective marketing, manipulative bipartisan political messaging, reinforcing harmful segregations, classifications or otherwise perpetuating the status quo.

‘Personal Data is the new the oil of the Internet and the new currency of the digital world,’ (Meglena Kuneva, EC 2009). Companies worth a glance in this context, include Acxiom (recently partnered with Facebook, to extend their Audience Operating System) which brags in its annual report that it has more than ‘3,000 propensities for nearly every US consumer.’ (Its worth checking out the PersonX function on Acxiom’s website, allowing you to enter your age, marital status, income and age of children to determine your PersonX cluster).

Similarly, Datalogix claims to have data on almost every US household and more than $1 Trillion in consumer transactions. The real concerns begin when these technologies reach us on mobile and through facial recognition in our daily lives. Permission marketers, data profiteers, and others parcel and sell our data to the highest bidder— our searches and interests are reflected and marketed back to us, on an ‘one-to-one basis,’ throughout our daily lives, on every platform we use.

Taking back Control

Fortunately there are those that are far more untrusting of their government than I. There are still others that see way farther into the code, and the collusion among data giants, communications providers, bipartisan delegations and governments. Julia Angwin (introduced below) calls this the ‘dark circle of trust.’

In her recent book, former WSJ Privacy Editor Julia Angwin, entitled Dragnet Nation: A quest for privacy, security and freedom in a world of relentless surveillance, points out (p. 34): “The reality is that corporate and government dragnets are inextricably linked: neither could exist without the other.” She then rigorously goes through her own process of digital identity transformation. In the end, she produces a digital doppleganger, complete with a personalized credit card, burner phone and cross-platform identity— enter Ida Tarbell, Angwin’s digital alterego.

If we accept that Privacy is the right to selectively reveal oneself to the world (from A Cyberpunk’s Manifesto, circa 1993) then perhaps taking a pro-active approach to managing our online identity is the next logical step. Since we collectively face governments, large enterprise and hackers’ attempts to subvert this right, here are a few tips and tricks I’ve learned recently, from Angwin, Snowden and others:

Determine your Threat Model.

In her book Dragnet, Angwin first builds her threat model by looking at her own situation (her own identity, that of each member of her family) her objectives, her strengths and vulnerabilities, and her own personal guidelines, which she sums up at page 71:

Using caricature icons is a good way to take control over your identity data, potentially avoid some facial recognition algorithms
  • Don’t break the law
  • Continue to live in the modern world
  • Use conventional tools
  • Aim for zero data retention
  • Engage in data pollution
  • Protect her traffic
  • Use realtime communications
  • Spread data around
  • Pay for performance
  • Don’t succumb to fear

Truth is, you may not be that concerned about your privacy. You may wish to adopt some or all of Angwin’s guidelines, or none. You may seek greater control over how anonymous hackers view your data, or how you are viewed by members in your network, or suitors or trackers outside you network? Are you more worried about passive surveillance, or are you more worried about getting hacked?

Some tools will work for one objective and not both (For example, there is no browser that optimizes for both privacy and security). Regardless, you may wish to rethink your experience with the data collection companies. If you do have some interest in increased control over your personal data and online identity, consider conducting a personal data audit.

Conduct an Audit.

Know your data. Know what organizations and what types of organizations are collecting, and selling your data: commercial data brokers, huge marketing and targeting organizations. It can be quite unsettling. With a few hours work (or for a few hundred dollars), anyone can assemble quite a dossier on anyone they choose (or themself), including:

  • Every address you have ever lived
  • Every phone number you have ever used
  • The names of nearly all your relatives (and in-laws)
  • A list of everyone with who you have exchanged email in the last several years
  • Records about your web searches, neatly sorted into categories such as ‘Maps’ and ‘shopping’
  • A glimpse of your shopping habits
  • Your credit data, and credit card purchases
  • Your vehicle license records
  • Your mobile roaming data
  • Your archetype, marketing profile, and probably some of your propensities and brand categories.
  • other data

Much of this data is being held by commercial data brokers, and can be swept into government dragnets at any time.


Opt Out

There are over two hundred big data brokers that probably have some form of data on you. Angwin offers in a recent blogpost at her new gig, ProPublica, her cross platform list of links for opting out of all data brokers (download .xls file here). (Quite helpful!).

Get Encrypted.

Companies are not going to give you privacy by default. Fortunately, getting encrypted is no longer a ‘dark art’— you don’t have to be a hacker to get encrypted. Its quite easy really (if perhaps a bit of a pain).

If you are serious about being free from the prying eyes of governments (legitimate and roque alike), marketers and data capitalists (including Facbeook, Google, others), and others, you should follow Ed Snowden’s recent advice to the SXSW in Austin:

  • Use Full disk encryption: This protects your hardware, meaning your physical computer. TrueCrypt is a good free option. It is open-source encryption for Macs, Windows 7/Vista/XP, and Linux.
  • Use Tor. Mixed browsing network, encrypted from user through the ISP — so you avoid the dragnet (If there is warrant-based search, you will still be vulnerable). It’s a network of virtual tunnels (a mix routing network) that sends your ISP to a cloud through a network of routers, making it impossible for your telecommunications provider to spy on you by default. Learn more at TorProject.org.
  • Insist on Network Encryption— Browser plug-ins and SSL (Secure Sockets Layer) will suffice. Block Prism for Chrome secures Facebook messaging. NoScript for Firefox,ScriptSafe for Chrome, and Disconnect for Safari are viable plug-ins.

Snowden recently revealed Optic Nerve, a program through which GCHQ has been watching you during your unencripted Yahoo Chats.


Ever wonder what you look like through an innocuous looking camera on your computer, tablet, or phone, to the NSA and others, writing a blog, or an email, reviewing a contract, coding, talking by Skype, watching netflix, other stuff?

Be wary if you see that any website you visit or use regularly does not have ssl encryption— open territory for any government, enterprise or hacker worldwide. What you read, search for, upload and chat about. How you look through your camera. (Fortunately, since Snowden’s latest revelations, Yahoo and Linkedin have recently established themselves with https://, as do some other of the services I like. Hopefully Amazon, and others, will do so soon).


Turn off your Wi-Fi on your Android and iPhone

You can avoid most ‘sniffers’ if you simply turn off your Wifi on you mobile device.

In 2012, Verizon launched a business called Precision Market Insights to sell data about its cell phone users’ “age range, gender and zip codes for where they live, work, shop and more,” as well as information about mobile device habits. “including URL visits, app downloads, usage, browsing trends and more.” In 2013, AT&T said it would begin selling information about user’s locations and browsing habits.

If you want to be more cautious, you may consider either removing your sim card (a hassle when re-booting), or perhaps an OffPocket Pouch.


Use suffix _nomap for your home Wifi nomenclature.

Google uses your home wifi to produce data maps of your neighborhood. If you wish to opt-out of having your home SSID in the Company’s location database, simply add the suffix _nomap to your wifi name.


Use DuckDuckGo

Angwin suggests (and provides instructions for) quitting google entirely. Google is a marketing firm, and makes public their annual earnings from selling user data here ($31.5B Net in 2013). (Anytime you use a Google device or service, your data is being sold). You may at least want to consider using DuckDuckGo for some of your more delicate search requirements. Duck.co sponsors the DoNotTrack.Us which gives a great, quick overview of the creepy tracking and direct marketing campaigns that result. DuckDuckGo also sponsors fixtracking.com and donotbubble.us.


The best defence is a good offence.

Its simultaneously important to most of us to have a prevalent profile in search results, defining our experience and how we personally identify, what we hope to achieve etc.

Most often our colleagues and prospective colleagues need to find us through varied and varying platforms. It is important to project our cross-platform identity in a consistent way, and to take advantage of services that let you leverage your identity to get what you want.

There are many good (some free, others paid) services to assist in managing our personal digital ‘brand’ and identity, including:

  • Brandyourself—the first product that empowers us to control what people find when they Google our name.
  • Strikingly — the best website builder for anyone to build a well designed, mobile- friendly website easily. Quick, simple and stylish. Easily turn your linkedin profile into a stylish website. Come and grab yours.
  • About.me—makes it easy for people to learn about you and find your content. Create a free page in minutes with no coding required.
  • RebelMouse—Create a blog, website or social page in seconds by connecting your social networks like Twitter, Facebook, Instagram, Google+ and LinkedIn.
  • Use MaskMe to mask your credit cards and emails.

Disaggregate

It is also important to separate your communications platforms, and your digital doppleganger and presence, from your analog life. There are many people that are really good at managing their digital identity— maintaining a strong twitter and public presence, while simultaneously carefully guarding their own personal privacy and security, including (among many others): @Jason, @bfeld, @pmarca, @ev, @naval and @hunterwalk.


Consider using a caricature for your Face-icon.

Know your Audience

There are also many ‘data aggregation’ services that help me know my audience, in my digital and physical world. A quick, cross-platform profile has become almost ubiquitous and expected, in Gmail, Outlook and Saleforce apps. In my mobile world, I personally use the Refresh and People+ iPhone apps regularly in my daily professional life.

I also use the Gnito iPhone App— Rapid rich profiles on Accredited Angels and Entrepreneurs, and introductions made simple. Simply search by name or twitter handle. And a Privacy Snapshot that lets you quickly glance through, understand and alter your own cross-platform data and settings.