Jacob Appelbaum lives in Seattle and has been heavily involved in the Tor project and and is the only known American member of the Wikileaks project. A few months ago, he gave a revealing interview about domestic spying, electronic (in)security, and more with n+1.
Resnick: What should we know about cell phones? It’s hard to imagine going to a protest without one. But like all networked technologies, surely they are double-edged?
Appelbaum: Cell phones are tracking devices that make phone calls. It’s sad, but it’s true. Which means software solutions don’t always matter. You can have a secure set of tools on your phone, but it doesn’t change the fact that your phone tracks everywhere you go. And the police can potentially push updates onto your phone that backdoor it and allow it to be turned into a microphone remotely, and do other stuff like that. The police can identify everybody at a protest by bringing in a device called an IMSI catcher. It’s a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybody’s cell phones will automatically jump onto the tower, and if the phone’s unique identifier is exposed, all the police have to do is go to the phone company and ask for their information...
Resnick: Okay, so one thing I’ve heard more than once at meetings when security culture comes up is that . . . well, there’s a sense that too much precaution grows into (or comes out of) paranoia, and paranoia breeds mistrust—and all of it can be paralyzing and lead to a kind of inertia. How would you respond to something like that?
Appelbaum: The people who that say that—if they’re not cops, they’re feeling unempowered. The first response people have is, whatever, I’m not important. And the second is, they’re not watching me, and even if they were, there’s nothing they could find because I’m not doing anything illegal. But the thing is, taking precautions with your communications is like safe sex in that you have a responsibility to other people to be safe—your transgressions can fuck other people over. The reality is that when you find out it will be too late. It’s not about doing a perfect job, it’s about recognizing you have a responsibility to do that job at all, and doing the best job you can manage, without it breaking down your ability to communicate, without it ruining your day, and understanding that sometimes it’s not safe to undertake an action, even if other times you would. That’s the education component.
So security culture stuff sounds crazy, but the technological capabilities of the police, especially with these toolkits for sale, is vast. And to thwart that by taking all the phones at a party and putting them in a bag and putting them in the freezer and turning on music in the other room—true, someone in the meeting might be a snitch, but at least there’s no audio recording of you.
