What is the NSA collecting about activists, reporters and you? The NSA gathers the phone numbers, locations, and length of virtually all phone calls in the United States. It collects records of nearly everything you do online, including your browsing history and the contents of your emails and instant messages. It can create detailed graphs of your network of personal connections. It can create phony wireless connections in order to access your computer directly. It can intercept the delivery of an electronic device and add an “implant” allowing the agency to access it remotely.
Companies, too, undertake surveillance. Investigative reporter Adam Federman found that the “American Petroleum Institute (API) paid private global intelligence firm Stratfor more than $13,000 a month for weekly bulletins profiling activist organizations and their campaigns … from energy and climate change to tax policy and human rights, according to … WikiLeaks in 2012.” Federman reported that when a community group of 10 people met to screen environmental films and attend local environmental forums, a private security firm identified them as likely planning an eco-terrorism attack. A bulletin with the group’s information – where and when they met, and upcoming protests – was sent to the Pennsylvania Department of Homeland Security alongside information about other groups such as Al-Qaeda affiliated groups and pro-life activists.
When reporters cross borders, they are at increased risk of surveillance. As the 2013 federal district court case of Abidor v. Napolitano showed, border agents in much of the U.S. can search, copy, and detain a U.S. citizen’s laptop computer, cell phone, or other electronic device even when the agents have no reason to suspect any wrongdoing. The court held that the government had reasonable suspicion to search and detain Abidor’s laptop because Abidor, a Ph.D. student in Islamic history, had pictures of Hamas and Hezbollah rallies on his computer, and because he possessed both U.S. and French passports. When the laptop was returned, evidence showed that agents had examined Abidor’s personal files, including photos and chats with his girlfriend.
How, then, do reporters protect themselves and sources in an era of surveillance? At the TMC/IIT Chicago-Kent workshop, Gavin MacFadyen, Director of the Centre for Investigative Journalism at University College London, warned, “The first minute is the most crucial when the whistleblower calls a reporter.” At the workshop, a group of technical experts discussed technological tools and practices that journalists can use to protect themselves and their sources. Eva Galperin of the Electronic Frontier Foundation discussed threat modeling, in which a journalist or organization assesses potential threats to determine the level of protection needed. Threat modeling involves building a comprehensive list of people or entities who might be after information in one’s possession (say, an opposing lawyer, the NSA, or a foreign government). It then considers the nature of the information to determine the tools, such as encryption, which are required to protect it.
Once the level of threat is determined, reporters can use specific tools for defending against online surveillance. They can protect themselves and their sources by maintaining strong and unique passwords, detecting and avoiding fraudulent “phishing” emails, encrypting their laptops and other electronic devices, and using two-factor log-in authentication where available. They can protect anonymity with Tor, a powerful tool that works by obscuring the source and destination of online communications. They can use tools such as GPG to encrypt their emails and other communications and render them illegible to third parties.
Journalists can also use tools such as ObscuraCam, developed by the Guardian Project (unaffiliated with the U.K.’s Guardian news organization) to remove potentially identifying data from digital photos, and to obscure the faces of people appearing in photos in situations in which being identified might put them in danger. And news organizations can implement SecureDrop, a secure submissions system for receiving documents from anonymous sources.
No single tool or practice can render a journalist “NSA-proof” or immune to corporate spying, but appropriate tools and strong security practices can significantly evade surveillance and increase the reporters’ ability to deliver a well-researched, convincing story without exposing sources to harmful retaliation.
Susan, a professional woman in her 30s, met a man she thought she’d ultimately marry. Their relationship was sufficiently intimate that she sent him a naked photo of herself. When she caught him cheating, she broke up with him. He took revenge by posting that selfie on a revenge porn website, along with her name, the name of her town, and her social media contact information. She received messages from complete strangers asking for more naked photos. As she went about her daily life, she was afraid that one of those men would stalk her. She worried that her co-workers might have come across the photo. She knew that if she applied for a new job, that nude photo would come up in a Google search of her name. She’d been branded with a modern Scarlet Letter.
Across the Web, thousands of people attack their exes by posting disgusting comments about them, warnings not to date them, or nude photos of them. On October 1, California Governor Jerry Brown signed into law a bill criminalizing what has become known as revenge porn. The law assesses a thousand dollar fine in a narrow situation. It is a misdemeanor for a person to photograph “the intimate body part or parts of another identifiable person, under circumstances where the parties agree or understand that the image shall remain private, and the person subsequently distributes the image taken, with the intent to cause serious emotional distress, and the depicted person suffers serious emotional distress.”
But the law has serious limits. The law wouldn’t help Susan because it doesn’t cover selfies; it would only apply if her boyfriend had taken the photo and then later posted it. Even when an ex-boyfriend did take a photo and post it, it would be hard for the woman to prove that their understanding was that it would remain private. Didn’t she know there was at least a chance he was going to show it to his friends? And the requirement that he must have “the intent to cause serious emotional distress” is both hard to prove and too narrow. A man might evade punishment by claiming that by posting the photo he was just trying to brag that his girlfriend was hot. Or what if they were law students competing for the same job and he said he posted it to reduce her chances of winning the job? That wouldn’t be covered by the law.
And while the men who posted nude photos of their exes could be prosecuted under the law, it would provide no remedy for the women who want to get their photos removed from the web. Nude photos posted on one revenge porn site are often re-posted on dozens of other sites. A particular ugly or revealing photo might be replicated in hundreds of places on the Web.
A state law, such as that in California, can’t reach the main offenders— the websites that host revenge porn. A federal law adopted in the infancy of the Web, Section 230 of the Communications Decency Act, says that interactive computer services are immune from the types of suits for defamation and invasion of privacy that can be brought against traditional publishers. That makes sense with providers such as Comcast and websites such as Facebook (why should they be sued if I defame you in an email or post?), but it doesn’t make sense to grant immunity to websites whose sole purpose is to defame or invade privacy. It’s time to strip those websites of the ability to digitally gang rape women whose photos they post.
On revenge porn websites, the posting is just the beginning. Hunter Moore used to run a website, Is Anybody Up, where other men would write savage comments about the ugliness or sluttiness of the women in the photos. (“No sex with her unless she had a bag over her head” is one of the milder comments.) The more hits Moore’s site got, the more money he made through ads. “Hate can be monetized,” wrote Kelly Bourdet of Vice. Hunter Moore told the Village Voice how much he’d benefit if someone killed herself because of his posting her nude photo and comments about her: “So if someone fucking killed themselves? Do you know how much hate I’d get? All the Googling, all the redirects, all, like, the press…”
As I advocate in my book I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy, we need to revamp Section 230 to allow people to sue the revenge porn websites for defamation and invasion of privacy and to grant people the right to have their photos removed. The rationale for protecting internet service providers (that they shouldn’t have a duty to police transmissions to see if people are defaming each other) should not apply to protect websites whose whole business model is to defame and harass. Women like Susan should have a right to have her nude photo—intended for an audience of one—to be removed from a website that is exposing her to the world.
Are you in control of your digital self? ABA Journal web producer Lee Rawles talks with Lori Andrews, author of I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy about the lack of online privacy rights and the need for a social media constitution.
They discuss the changes that social networks have brought to all areas of the law, including evidence gathering; what evidence is admissible in courts; how social media can affect the right to a fair trial; and the right to control one’s image. Andrews touches on how secret data aggregation about your online activities can affect the price of your health insurance, the advertisements you see, what jobs you qualify for and the limits on your credit card balance.
Today is the 101st anniversary of International Women’s Day and women are facing a new threat to their rights—and sometimes even to their lives. The vast array of information available about us on the Web is leading to new forms of harassment and discrimination against women.
In a chilling revelation, a woman writes about a man who raped her years ago and was never brought to justice. She moved to another state and yet her rapist was able to find her and torment her. She speculates that he was able to find her on a website called Spokeo. The website, she said, provided “incredibly detailed” information about her and about her apartment where her rapist tracked her down. “It listed everything from the types of pets I had to my profession, and included a street-view map showing our building.”
Spokeo and other data aggregators collect personal online and offline information about individuals without their consent and sell that information. Other institutions—from employers to courts—use information from social networks and other websites against women. One third of employers say they’ve rejected job candidates because of a photo where they had a drink in their hand on a social network page or wore provocative clothing. But who does that apply to? Women.
Women have also lost custody of children, not because they’ve done anything wrong as a mom, but because they have posted something sexy on their boyfriend’s MySpace page. And when a male rival wanted to intimidate a woman, he posted a Google map of her house with a message that she had a rape fantasy and men should come and rape her.
The tactic of using sexual messages to put someone into harm’s way is standard on social networks and could be thought of as a new form of sexual harassment. A study by University of Maryland researchers found that users in a chat room with a female user name received twenty-five times more harassing private messages than users with a male name. Rather than being cornered and beat up in a dark alley, women now need to be concerned about being ganged up upon on the Web.
In my new book, I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy, I call for a right to privacy on the Web and penalties for sexual harassment and discrimination on the Web. It’s time that offline rights apply online as well.
Credit: Web Ranking Images.
Social networks are transforming how relationships begin and end. One in five relationships now starts on social networks. But social networks also contribute to breakups and divorce. Instead of catching a whiff of another woman’s perfume on your husband’s shirt, you might instead find an X-rated photo that your husband accidentally tweeted to a woman in public mode rather than private mode. Or—as happened in a Connecticut case—your husband and his girlfriend might be sending each other Facebook gifts such as “Love Birds” and posting about the need for discretion. (Husband: “[n]o more Facebook. . . to public for me.” Girlfriend: “LOL o.k. under the radar . . . flying low. . . ”)
Social network information can be a smoking gun when people divorce. In an American Academy of Matrimonial Lawyers poll, 81 percent of divorce attorneys mentioned an increase in the use of social networking evidence over the past five years. Most of that evidence was found on Facebook (66 percent) or Myspace (15 percent).
Posts or photos indicating that one spouse cheated or has dangerous habits can help the other spouse receive more money in the split or gain sole custody of the kids. Divorce lawyer Linda Lea M. Viken recounted a custody battle where a father posted on his Facebook page that he was “single with no children looking for a fun time.” Divorce lawyer Kenneth Altshuler said, “Facebook has made it very easy to show lack of credibility and that is what can win a case. Once you catch them in one lie, nothing else they say is credible to the judge.”
The only way to guarantee that your posts won’t come back to haunt you in a custody case would be never to have had a social network page or to act like a Stepford parent and post only positive and glowing things about your every moment with your child. (Perhaps even doing that would backfire since it could be used to show that you are too enmeshed in your child’s life and won’t give your child enough space to grow.) Erasing a page you’ve previously created or deleting your social network presence entirely won’t help. Projects such as the Wayback Machine have probably captured screenshots of that page in its earlier incarnation.
Since parenthood is rewarding, demanding, and frustrating all at the same time, people may unthinkingly blurt out their frustrations in social media. What if you once tweeted that you didn’t want children? Should that statement be used to terminate your parental rights? In In re T.T., a Texas case, the court allowed such a statement from a dad’s Myspace profile to be used against him. What if you failed to mention kids on your Match.com profile? Would that show you were a bad mom? How about if you said, “I love my motorcycle” or “I love my iMac” but didn’t mention your children? Would that indicate that your kids played second fiddle to your possessions?
My personal view is that any social network statements about the child should be kept out of the case unless they indicate that the parent is likely to harm the child emotionally or physically. And a lack of statements about the child (or even a statement that one doesn’t have children) shouldn’t be used as a way to show parental unfitness.
U.S. Supreme Court. Credit: Mike Renlund.
As technology makes surveillance easier and cheaper, courts are grappling with how to apply the Fourth Amendment in the digital age. Prior to beepers, GPS, people checking in on Foursquare, and social networks, law enforcement monitoring of suspected offenders was limited by the constraints of manpower, budget and the risk that the officers following suspects might themselves be seen.
But now an increasing amount of information about people’s whereabouts, activities, purchases and intentions can be gleaned digitally, without an officer ever leaving the station. The U.S. Supreme Court’s decision this month in United States v. Jones provides little guidance about which activities might be considered searches, which require warrants, and which voluntary disclosures to third parties might waive Fourth Amendment rights.
Without a doubt, social networks like Facebook have enhanced the Constitutionally-protected freedom of association since they allows groups to form. But social networks have opened the door for people’s associations to be used against them. Read my post about this at the National Constitution Center's blog.
Sleigh bells ring…and people get lax about computer privacy. Your comfort and joy might be headed south if you don’t think about what you unwittingly reveal during the holidays:
Is Your Seatmate Stealing Business Secrets?
As you travel for the holidays, you’re probably focused on flight delays, the unfinished work you left behind, or how to avoid certain relatives. You may be thrilled about the chance to see old friends, get a change of climate, and stop thinking about the work you left behind. You probably aren’t thinking about your seatmate stealing business ideas or information by peeking at your screen. Unless you make an effort to protect that information when you nod off, your on-screen information could be fair game to that nosey passenger sitting next to you or across the aisle.
Did you know that key features of your smartphone—its camera, microphone, and its ability to connect to the Internet—can be surreptiously used against you? Read my blog about it on Time.com.
Could you be in hot water with the cops based on what you post? Cops routinely search Facebook photos, Myspace posts, Twitter feeds and YouTube videos to gather evidence and build a case. Even innocent people can be ensnared in these digital dragnets. Are you wearing a jacket that looks like one that was shoplifted from a local store? Did you offer to sell homemade jewelry on Etsy while IRS agents were scrutinizing the site? Are you Facebook friends with someone in Cuba or Iran? Have you Googled the word “chloroform”?
View video in HD on Lori's Youtube Channel.