On August 28, 1789, Thomas Jefferson wrote to James Madison from Paris about the French revolutionaries, relaying an important piece of strategic information: “Mirabeau is their chief.”
Except, what he really wrote was “589.510.491.1341.1006.1354.581.738.” Jefferson was writing in code, and not just about the French Revolution. The letter also contained changes to the language of what would eventually become the First Amendment.
When he visited the White House last summer, Geoffrey King brought printed copies of Jefferson’s letter with him. King, a visiting lecturer at the UC Berkeley media studies department and a First Amendment lawyer, was there to advocate against government backdoors to encryption, secret mechanisms that allow unauthorized access to encrypted information.
While many proponents of backdoors say that they are vital to intelligence gathering processes, privacy advocates like King believe that the very premise of a backdoor is faulty. “If you put a backdoor in for law enforcement, you put it in for China, you put it in for Russia,” King says. Meaning: if you engineer a backdoor for one purpose, you can’t guarantee that it won’t be exploited for another.
King distributed copies of the letter to the officials he met as a reminder of encryption’s history in the United States. Jefferson and Madison, like many of their contemporaries, often corresponded with the help of ciphers—Jefferson even invented one himself—which were used to encrypt sensitive information at a time of great political upheaval. They were hardly engaging in a novel practice, as forms of encryption have been used around the world for at least two thousand years. In the United States, the use of encryption constitutes what King calls a “long, beautiful tradition.”
“The Bill of Rights itself owes its existence to strong encryption,” he says. “Also, the First Amendment protects the use of encryption, as does international law.” The reciprocity is striking: the very amendment that the Founding Fathers drafted with the help of encryption is now the same one that covers our right to use it.
That’s because encryption is considered a form of protected speech under the First Amendment, a classification established by Bernstein v. U.S. Department of Justice. Daniel Bernstein was a Berkeley graduate student who sought to publish the source code for an encryption algorithm he developed. At the time, the United States Munitions List classified encryption as a weapon, analogous to a bomb, which could only be exported—or, in Bernstein’s case, published—with State Department approval.
After Bernstein, encryption export restrictions were eased. Most importantly, the court ruled that software source code was entitled to First Amendment protection. “Essentially, the conclusion the court came to was that you could think of encryption source code as another language, or like music or mathematics,” King says. “You can’t ban people from speaking Spanish or exporting things in Spanish, and you can’t stop people from writing a sonnet or a symphony and exporting that. Encryption source code is similarly protected.”
Many, including lawyers, activists, and journalists, routinely use encryption to protect themselves and their work, especially after the Snowden revelations emerged, which revealed that Americans today are subject to unprecedented levels of domestic surveillance. Invasions of digital privacy can also be corporate in origin, as in the case of data brokers that sell information about users to online advertisers; malevolent actors can piggyback off this information.
Digital Rights Under Trump
The outcome of the presidential election did little to quell concerns about the preservation of digital rights and civil liberties. Trump has advocated for an expansion of domestic surveillance, and King notes, “has said specifically that he plans to expand surveillance of American Muslims, as well as other people who should be ‘tracked.’” The massive surveillance apparatus at his disposal was expanded just a week before the inauguration, when the Obama administration enacted new rules that allow the NSA to share raw streams of data with the FBI, DHS, and other agencies.
Trump’s appointees, who haven’t exactly been proponents of digital privacy, are unlikely to act as institutional checks. Jeff Sessions, his Attorney General pick, has backed crypto backdoors, and new CIA Director Mike Pompeo sponsored legislation that would have reinstated the NSA’s bulk collection of Americans’ telephone metadata. Trump’s new FCC chair, Ajit Pai, has opposed broadband privacy rules
“There’s a history in this country of really incredible abuse of law enforcement and intelligence resources against the LGBT community, against people of color, against activists, against women…”
These policies, along with restrictions on anonymity tools, have the potential to heavily restrict a number of civil and human rights. In a 2015 report, David Kaye, a Berkeley Law alum and the UN Special rapporteur on freedom of opinion and expression, wrote that encryption is inextricably intertwined to the rights of privacy, due process, and freedom of assembly. “States,” wrote Kaye, “should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression.”
According to Kaye, measures taken to promote national cybersecurity, including anti-terrorism efforts, must take privacy concerns and the importance of freedom of expression into account. This was also the position taken by former State Department legal advisor Brian Egan, also a Berkeley Law graduate, in a talk delivered at Boalt Hall just after Election Day. “[Anti-terrorism] efforts must not be conflated with broader calls to restrict public access to or censor the Internet, or even—as some have suggested—to effectively shut down entire portions of the Web,” said Egan, likely referencing Trump’s 2015 remark that he is “open to closing parts of the internet” in an effort to thwart ISIS recruitment. “Such measures would not advance our security, and they would be inconsistent with our values. The Internet must remain open to the free flow of information and ideas.”
This, King says, is worrying given the history of surveillance programs like COINTELPRO, which was used to target social movements and other so-called “subversives,” sometimes illegally. “There’s a history in this country of really incredible abuse of law enforcement and intelligence resources against the LGBT community, against people of color, against activists, against women, and against journalists,” King says
How to Encrypt Your Digital Life
So, what’s a concerned citizen to do? King takes a number of precautionary measures to protect his data and devices, all of which he recommends that others adopt too. “There are so many reasons to do this,” he says. “There’s no reason not to.”
King isn’t the only one on campus calling for the widespread adoption of cybersecurity precautions. In a recent report containing policy recommendations for the Trump administration, UC Berkeley’s Center for Long-Term Cybersecurity likened cybersecurity to a seatbelt: “We need our education system to treat cybersecurity as a fundamental part of computer literacy.”
According to King, this approach is common sense, not alarmist—even for those of us who feel we have nothing to hide. “It’s not about secrecy,” he says. “It’s about safety.” Securing your devices, he says, should be treated like locking the door when you leave the house.
First, King recommends the use of Signal, a messaging app with voice call capabilities that boasts what he calls “the best crypto you can use as a civilian.” Signal’s protocol was developed in 2013 by a team that included Trevor Perrin, who studied electrical engineering and computer sciences at Berkeley. Perrin helped develop an algorithm that Signal uses to carry out something called end-to-end encryption, which makes the content of a communication inaccessible to anyone but the parties communicating. That means that a telecom or internet provider, or even Signal itself, is unable to decrypt the messages sent by its users.
When it comes to protected web browsing, King recommends Tor. Tor isn’t foolproof, however, as vulnerabilities have been exploited by the FBI. The browser was also developed using government funds and requires some technical savvy to operate, which might deter some users. For users who aren’t quite ready for Tor, King suggests Google Chrome. “[Chrome] basically compartmentalizes every single tab, so that if malware tries to take over a tab, it can’t spill out into the browser and then into your system,” King says.
King also says that users should be sure to fortify Chrome with plugins. He recommends HTTPS Everywhere, a browser extention developed by the people behind Tor and the San Francisco-based Electronic Frontier Foundation, as well as AdBlock and Privacy Badger, which minimize the sort of tracking that advertisers use to generate targeted ads.
For passwords, King advocates the use of a password manager like LastPass or 1Password, which allow users to generate passwords for everything from their email account to ecommerce sites, all protected by one master password. “I don’t know what my Gmail passphrase is, I don’t know any of that,” King says. “It seems a little counterintuitive, but the password manager is safe because a strong master passphrase is run through an algorithm that encrypts the database with all of your other passwords.”
He also emphasizes the importance of enabling two-factor authentication on all the sites that offer it. Two-factor authentication adds an extra level of protection to the sign-in process by prompting users to enter a second form of authentication (often a time-sensitive text message) after entering a password.
Other precautions might seem obvious, but King says they’re still important. Accepting software updates as they are released helps to patch your devices’ known vulnerabilities, and backing up important data (ideally, on an external hard drive) can protect you in the event that your device is compromised.
In a 1799 letter (of the non-encrypted variety), George Washington wrote that the best defense was a good offense. But for everyday citizens looking to minimize their risk, that maxim is reversed. “If you’re taking these steps,” King says, “they will protect you from criminal hackers and they’ll protect you from passive surveillance.” While it should be noted that no cybersecurity measures are perfect, King’s strategy is still one worth pursuing. For now, the only offense is a good defense.
And for King, it’s not just a matter of security. “It is downright patriotic to use encryption,” he says. “The founders of the country used strong, perhaps even unbreakable encryption not only to protect their deliberations from the British, but even to talk about personal matters, like the way we would text someone on WhatsApp or Signal.”
Let freedom chime, vibrate, and ring.
Sarah Elizabeth Adler is a CALIFORNIA intern.
Posted on January 31, 2017 - 4:46pm