2019年11月12日 星期二

The Privacy Project: Are you a target?

A former NSA whistle-blower discusses privacy.
John Tye co-founded the Whistleblower Aid nonprofit law firm.Stephen McCarthy/Sportsfile, via Getty Images
Author Headshot

By Charlie Warzel

Opinion writer at large

Last week, at a conference in Portugal, I met John Napier Tye. He is a former State Department employee, a whistle-blower and a co-founder of Whistleblower Aid, a nonprofit law firm that represents individuals trying to expose wrongdoing. As you may have noticed, whistle-blowers are very much in the news these days, and Tye is very much in the center of that world.

Today’s newsletter is a Q. and A. with Tye. We talked about whether it’s possible to stay anonymous in 2019, how to protect your privacy like a spy, whether regular people are at risk of becoming targets and how to become a whistle-blower if you’re a witness to something troubling.

This is a condensed and edited version of our conversation:

What are the biggest threats right now to privacy for normal citizens?

It’s useful to distinguish between bulk collection and targeted surveillance. Both are threats. The average citizen is likely already caught up by bulk collection, although the proliferation of targeted surveillance technologies are increasingly threatening whistle-blowers, journalists and others that find themselves on the wrong side of unaccountable governments and security agencies.

Bulk collection affects everyone. A number of governments and companies have the goal of building databases with detailed profile information for every person on earth, or at least every internet user — including where you are at any given moment, who your friends are, what kind of messages and photos you are creating and how you think about the world. They are closer than you might expect.

Continue reading the main story


Some entities, including the American government, effectively capture and store a huge portion of all the private data worldwide, perhaps even a majority. The last decade or so is the first time in human history that such a thing has even been possible, and we’re only just now starting to wrestle with the implications.

I hear objections that regular people without public profiles or those who don’t deal with sensitive information don’t need to worry about spyware swooping in and compromising their devices. What’s your response to that?

The best thing you can do is avoid being a target. Because if you are a high-value target, there is no safe way to use digital communication devices. Companies, like NSO Group, sell surveillance software to governments with terrible human rights records, no questions asked. NSO surveillance software was found on Jamal Khashoggi’s phone before he was murdered, and on the phones of other journalists, human rights defenders and opposition figures.

It’s not just journalists and activists — more people than you would expect are targeted for individual surveillance. There are auction sites where anyone can pay to get targeted surveillance software in a matter of minutes. It’s not just governments, but also run-of-the-mill criminals and jilted lovers who are using this kind of surveillance software at a lower cost than you would expect. And the victims almost never even learn they were hacked. A lot more industries than you would expect are targeted for penetration by foreign governments. And it’s not just the top executives; most hacking starts with junior employees and then escalates.

What about tech companies or companies with some security savvy?

Hopefully, employees at Facebook and other internet and telecom companies understand by now that they are being targeted. But we know that foreign governments are hacking energy companies and utilities, state and local governments, financial firms, airlines, hospitals, universities, manufacturing, Hollywood studios, rideshare companies, even agriculture, fashion and retail. The costs of hacking are so low, and the value of our data is so high, that targeted surveillance happens a lot more than we expect.

Continue reading the main story


If you’re in an industry of any interest at all to foreign governments, even if you’re a junior employee, then you might be individually targeted for hacking. Even if you work as a hair stylist, public-school teacher, restaurant server or some other job with a very local focus, it appears that there’s more targeted hacking in local disputes and by intimate partners.

You deal with incredibly sensitive information every day. What’s your setup to ensure communications stay private?

Unfortunately, security is expensive and inconvenient, and there is no easy way to secure yourself. Whistleblower Aid has gone to great lengths to create systems that are harder to hack. While we aspire to become the most secure legal organization on earth, we know that there is no such thing as 100 percent security. Whenever possible, we do things in person with no devices nearby, or in hard copy, and then we burn the paper. We have a manual typewriter with the old-fashioned ribbons.

How does Whistleblower Aid protect potential clients’ privacy?

After someone becomes our client, we typically give them a new device that they use only for communication with us. But because it’s so easy to hack any particular device, and we expect that we are being targeted, we have to ensure that our clients’ devices are not associated with ours in any way.

Continue reading the main story


From the moment a client reaches out to us, we make an extensive effort to protect their communications with us and advise them about how to be safer in the rest of their life. From burners to Faraday Bags and other tried-and-true techniques to avoid surveillance, we invest heavily in providing clients with alternate technological means to communicate with us, and work hard to avoid physical and location tracking.

We have a special system for receiving new inquiries from prospective clients. Prospective clients must install a special browser called Tor onto a personal laptop and send us encrypted messages to our custom platform called SecureDrop. Tor is the only browser that strips off all the metadata like IP addresses from all traffic, so that if our SecureDrop is somehow hacked, even we aren’t holding identifying data.

With the presumption that Whistleblower Aid is under surveillance, we’ve deliberately disabled all other ways to contact us so that we aren’t inadvertently exposing new clients before they even get started. We don’t have emails or web forms or even a mailing address.

What’s your advice for how people can replicate this practice themselves? Can it be done without burner phones and dead drops?

For someone who’s truly a high-value target, there is no way to safely use a digital device. The surveillance systems that we face are designed to track people with resources and motivation to hide what they are doing. It is a terrible irony that journalists trying to protect their sources, and lawyers trying to protect their clients, must borrow digital tradecraft techniques from the world of espionage in order to make their essential contributions.

It is hard to be totally secure. Invariably, people want that one device or app that will protect them. Unfortunately this won’t happen. What we recommend instead is that people consult a guide like this one. Avoid email, which is always insecure.

Can a whistle-blower stay truly anonymous in 2019?

Sometimes, but it can’t be guaranteed. Even when the law says you have a right to be anonymous, some people may have an interest in trying to identify you. On the other hand, there are still a lot of whistle-blowers, including some of our clients, who are able to make disclosures and hold institutions accountable while remaining anonymous.

It’s possible that somebody reading this now has seen something in their line of work or has evidence they’d like to come forward with. What’s the best way to become a whistle-blower? And what should they absolutely avoid?

Before you do anything else, you should talk to a lawyer you trust, who can protect your conversation with attorney-client privilege. Do not talk to anyone at work, do not forward any emails. Following the advice of counsel, you should preserve the evidence of misconduct. But you should be careful to follow all laws that apply; for instance, you can’t just take classified files home with you. Every case is different, so the only universal advice is to speak with experienced counsel.

If you’ve seen something troubling, you can find instructions here to get in touch with Whistleblower Aid.

Send me your thoughts at privacynewsletter@nytimes.com. Your responses may be shared in an upcoming edition of this newsletter.’

This Week in Voter Targeting

We’re less than a year away from the 2020 election, and the presidential campaigns are ramping up their operations to collect data on all of us. I’ll try to use this newsletter to keep track of those developments so that you can know how the campaign data battle is playing out (another helpful link is this newsletter run by a Democratic digital company). This week’s example comes to us from The Atlantic and is about how campaigns are trying to wring sweet, sweet user data out of our smart TVs.

It goes like this: Three-quarters of American households have at least one internet-connected TV. Those TVs, regularly referred to as Smart TVs, are collecting information “on a second-by-second basis.” That includes viewing habits, location, device ID and more.

For now, voting records are getting matched with smart TV information from third-party data brokers to put users into audience categories and deliver them political ads. It’s a newish variation on standard targeted advertising. But as always, it gets more alarming the farther into the future you look. All that “anonymized” data your TV is collecting isn’t so anonymous if it gets paired with just one other piece of your personal information. As Sidney Fussell writes in the Atlantic article:

It’s possible the data collected could be combined with other data sources to identify users by matching known devices (the smart TV that already has your email address) to websites or other IoT (internet of things) devices that use the same Wi-Fi. This could create a more complete picture of what users watch and browse, the websites they visit, some offline behavior, and other devices they use.

The end result?

Matching user databases between IoT devices, phones, laptops, and offline behavior such as voting patterns gives campaigns working with big data significant insight into our lives. That’s likely to continue into 2020 and beyond.

Continue to watch this space!

I want to hear from you

Send me your pressing questions about tech and privacy. Each week, I’ll select one to answer here. And if you’re enjoying what you’re reading, please consider recommending it to friends. They can sign up here.

What I’m Reading:

This interview with Zadie Smith about resisting the algorithm is incredibly thoughtful about many of the things this newsletter discusses each week. Her definition of privacy as “the sacred space in which you do not know what the other thinks of you” is particularly striking.

Building a world where data privacy exists online. Perhaps the most comprehensive and technical approach I’ve seen to the “data as property” argument.

Google’s “Project Nightingale” gathers personal health data on millions of Americans. A pretty shocking report about the kind of information Google is collecting (“lab results, doctor diagnoses and hospitalization records … a complete health history, including patient names and dates of birth”). Especially sobering in light of Google’s plan to purchase the wearables company Fitbit.

Continue reading the main story

Need help? Review our newsletter help page or contact us for assistance.

You received this email because you signed up for The Privacy Project from The New York Times.

To stop receiving these emails, unsubscribe or manage your email preferences.

Subscribe to The Times


Connect with us on:


Change Your Email|Privacy Policy|Contact Us

The New York Times Company

620 Eighth Avenue New York, NY 10018