Five Things To Do To Protect Yourself Under a Trump Surveillance State

Trump’s election has serious ramifications for us all. And when it comes to the surveillance state, it’s unlikely that a person who ran as the self-described “law and order” candidate will attempt to constrain surveillance programs or work to limit law enforcement access to private data. As a former section chief for internet freedom in the U.S. State Department’s Bureau of Democracy, Human Rights, and Labor argued, “We can’t trust Trump with today’s NSA.”

Surveillance is a feminist issue. At its core, contemplating the surveillance state, as Dr. Nicole Shepherd writes, “necessarily involves questioning its underlying power relations” and drawing upon “decades of [feminist] experience in dealing with precisely [the same] questions in different contexts.” What’s more, the people most targeted by and vulnerable to surveillance don’t look like me. As Alvaro Bedoya, the Executive Director of Georgetown Law’s Center on Privacy & Technology, argues, “There is a myth in this country that in a world where everyone is watched, everyone is watched equally.” People of color, activists, and community organizers disproportionately are targets of the surveillance state.

Here are five things you can do to help you protect yourself from the surveillance state under a Trump administration. Many of my suggestions will echo those already made by others, so please do check those out too.

1. Stronger passwords and better password management. Simply put, you want strong, unique passwords for your various accounts and profiles online. It’s a lot harder for an adversary to crack ‘bhK94F6R$MkxUP`qjCV’ than ‘password123.’ Also, beware of security questions like: ‘What’s your mother’s maiden name?’ In this case, your mother’s maiden name isn’t  ‘Richards,’ but  ‘eOD|EKAMbHid78)rBN3.’ In order to manage what may seem an unmanageable password mess, consider using a password vault service like 1password or LastPass.

2. Enable two-factor authentication (2FA) where possible. 2FA means that you’ll need to receive a second code — often a random string of six-digits — sent to a separate device in order to complete a login attempt. Set this up where possible. Here are ways to set-up two-factor authentication on Google, Slack, Twitter, Facebook, and Apple.

3. Have an Android phone? Ensure you have full disk encryption on by default. Encryption protects sensitive data on your phone by keeping it in a scrambled, unreadable format for computers or people without a key to access the data. Without getting too in the weeds, if you own an iPhone, your phone’s encrypted by default. But that’s not necessarily true for Android phones. Here’s how to enable it.

4. Use Signal. If you’re seriously concerned about communicating securely, you should use Signal — an encrypted messaging service run by the folks at Open Whisper Systems. To be clear: Apple’s iMessage does offer end-to-end encryption, but only when two Apple devices are communicating with one another and there’s a good data connection. If neither of those criteria are met, iMessage defaults to insecure SMS texting.

So why Signal? A couple reasons. First, it’s open-source, so experts can inspect it and debug it. Second, it supports something called “forward secrecy.” What this essentially means is that if someone does steal your encryption key, they’ll be unable to go back and decrypt messages they might have previously collected. Finally, while OWS can see the metadata (not the content) of your messages, the service doesn’t log it. This greatly limits their ability to turn over information about your communications to law enforcement — a point I’ll reiterate more broadly later. And when the government does come knocking, all they can provide is the “date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.”

Theoretically, the government could in the future require OWS to modify its software or create modified version of its software for law enforcement access — like the Apple/FBI San Bernardino incident — but, for now, that’s a future battle. Finally, to the extent you’re an activist coordinating and organizing, avoid Facebook Messenger and Google Allo, which only offer “optional” encryption settings.

5. Use Tor. Tor (‘The Onion Router’) was actually originally designed, implemented, and deployed as a project of the Naval Research Laboratory. What Tor does is route web traffic through several different computers within the Tor network so that someone at the end of some communication can’t actually trace the traffic back to you. Ed Snowden called it the “most important privacy-enhancing technology project being used today.” Overall, Tor is probably the “easiest” way to use the internet anonymously. But beware: Tor does come with some serious performance and experience drawbacks. Webpages may take significantly longer to load, or may not load at all.

Wondering what else you can do?

First, you should try, where possible, to support companies, apps, and services that collect as little information and data about you as possible. Simply put: the easiest way to prevent the surveillance state from accessing private data and information is to ensure that companies don’t have it — or store it for long — in the first place. If there are sites, services, or apps out there that use and store a lot of your personal data, and you want to continue using them — try to start a conversation with the company. Why is it necessary for them to collect X data for Y amount of time? Sometimes it’s for a legitimate business purpose, other times it’s to help create a profile the company can sell to marketers or data brokers.

Second, it seems likely that the “Crypto Wars” are due for a revival. During his campaign, President-elect Trump urged a boycott of Apple products after Apple refused to help the FBI create a modified version of their firmware so the FBI could break into the San Bernardino gunman’s iPhone. Going forward, it’s possible that the Trump administration would support and sign legislation requiring technology companies like Apple to build “back doors” into their products to allow law enforcement to bypass devices’ encryption and other forms of data protection. Just last year, Senator Richard Burr (R-NC) — chairman of the Senate intelligence committee — introduced legislation to do just that. Given that Senator Burr also won reelection Tuesday night, expect “back door” legislation to come up again. “Back doors” are universally decried by security experts, civil libertarians, and technology companies as a terrible and dangerous idea. We’ll need allies in this fight, should it come. Support organizations like the Electronic Frontier Foundation, Access Now, and the ACLU, to name a few.

Header image via Gage Skidmore.