December 10, 2014 | By Thomas Fraki

When Judge Richard Leon was presented the facts regarding Klayman v. Obama, he described the situation as “almost Orwellian.” While we may not use telescreens or rely on Newspeak; laptop cameras and the automated simplicity of texting language have a definite, albeit benign, resemblance to the instruments used by Big Brother. When Orwell wrote 1984, the dystopian novel that Judge Leon was referring to, he imagined that future culture would be coerced into using these devices and not that they would be the natural result of information sharing technology. Nevertheless the same technologies that are used to streamline and simplify our social lives and ability to communicate can be gathered to keep an uncomfortably close eye on the information that we exchange between one another.

On June 5, 2013, the Guardian published a story given to them by Edward Snowden, a contractor working for the National Security Agency. The leaked classified documents that the story concerned illustrated the NSA’s clandestine electronic surveillance programs. The largest of the indentified operations was an electronic data-mining program called PRISM. At first, what the documents described seemed unbelievable to the point of absurdity. It was revealed that the NSA been collecting internet user data since 2007. This comprised information from sites such as Google, Facebook, and Skype. The targets of this data gathering were global, including United States citizens and world leaders.

The leaked documents also showed that the NSA was able to collect ‘telephony metadata’ from Verizon Business Network Services that included call records and location data on a daily basis. They were able to gather this information with an order that was issued by the United States Foreign Intelligence Surveillance Court.

Within the week after the initial publication by the Guardian, Larry Klayman, founder of Judicial Watch and Freedom Watch, along with other plaintiffs filed a lawsuit against Verizon, President Obama, the Director of the NSA, the Attorney General, and US District Judge Robert Vinson. It also incorporated a second suit filed shortly after against AT&T, Sprint, Google, Facebook, and several other internet companies. 

US District Judge Richard Leon heard the case and gave his opinion in December of 2013. He ruled in favor of the plaintiffs that a mass collection of personal information used for the purpose of creating and analyzing datasets is likely to be unconstitutional. Leon also described the program as an ‘indiscriminate’ and ‘arbitrary’ invasion that surely violates the intension of the Fourth Amendment, which he stated needed to be updated to accommodate the digital age. A notice of appeal was filed on behalf of the government following the decision. Arguments for the appeal were heard in the D.C. Circuit Court of Appeals last month on November 4th.

The American Civil Liberties Union, along with the Electronic Frontier Foundation, filed an amicus brief for the latest hearing which illustrates two of the greatest concerns surrounding Klayman v. Obama: metadata is far more revealing than it is led on to be and the logic behind “third-party doctrine” is outdated and damaging to privacy. 

Metadata provides the context of information transfers. At a glance, that might sound relatively harmless. However, when that type of information is collected and analyzed en masse, it is much easier to create a profile of an individual based on their communication habits. In an article published by the EFF, Nadia Kayyali gives the example that “an hour-long call at 3 A.M. to a suicide prevention hotline could be very revealing.” Not unrelated to this is the idea of “third-party doctrine,” the reasoning that the FISC used in its decision to allow the NSA to access telephony metadata. This American case law arose during the 1979 Supreme Court case Smith v. Maryland. The reasoning behind this doctrine is that because an individual is offering information through the service of a third-party, there cannot be a reasonable expectation of privacy. Though this may have been a reasonable assumption at the time it was created, it takes on a new and drastic meaning when it is translated into the digital age. 

Whether or not the government is scrutinizing your personal information, it is important to consider that any information published to the internet is being published to a system that has the potential to be broken into. Many internet and tech companies are now creating products that work on the basis of a zero-knowledge structure. This type of framework encrypts and decrypts data on the users end of a transfer, meaning any information stored on the applications servers are always encrypted and cannot be compromised or accessed.

SpiderOak, a zero-knowledge tech company, developed an encrypted service similar to DropBox. I was able talk to Cameron Pedersen who is a lead programmer on Crypton, one of SpiderOak’s projects to provide zero-knowledge frameworks for building private applications. I asked him about how we can change our online habits to be more conscious of privacy and what the future looks like for personal data encryption.

What do the revelations of PRISM and the use of online user information say about the public’s ability to trust entities like Google or Facebook?

The web has always been built upon trust, but the PRISM leaks have shown that there are certain parties that cannot be trusted. This doesn’t mean those named are necessarily malicious, but there are plenty malicious entities on the Internet. Informed users knew not to trust any important data to any Internet services before this happened. I think that the newfound proof of privacy breaches has widened that group of informed users.

Do you think that the average internet user is likely to change the ways in which they conduct themselves online in light of these developments?

There is already a huge shift in consumer demand toward privacy-based services, and a lot of capital is being spent on building the next generation of those services. The best protection is had in a group. Unfortunately, there will always be those that don’t care.

What are some simple adjustments that a person could make to ensure that their personal information is more secure online?

Only post things you’re okay with the world knowing, including chat messages. Stop using DropBox. Use a VPN. Use a browser plugin to remove cookies after you close a tab to prevent being tracked. Use plugins like AdBlock and Ghostery to stop other trackers and ads from being loaded. Use the HTTPS Everywhere plugin to automatically switch to an encrypted version of websites you visit if they provide one. Use a tool to encrypt your hard drive - for example if you are OS X, use FileVault. 

Have many companies begun to encrypt their users' information? Do you think this trend will continue?

Other than services originally designed to encrypt data, it is hard to add that ability to a product. Implementing cryptosystems is hard. Even if a service has end-to-end (user-to-user) encryption, if a service holds the users’ keys, it will be compromised - see LavaBit. If a service uses outdated or improperly implemented algorithms, it is also comprisable. Choosing a service comes down to who you trust to get it right, not who you trust with your unencrypted data. The demand is clearly there, so we will see a lot of new companies and products built around data privacy in the coming years, but because of the roadblocks I think incumbents will hesitate to add these features.

Although the idea having your personal information and correspondences used to profile you by your own government is a frightening thought, there will always be threats to our privacy in one form or another. What is more frightening yet is a culture that is complacent with the fact that it is happening or, as Mr. Pedersen said, “[doesn’t] care.” 

In a popular culture that assesses value in ‘likes’ and ‘retweets,’ the average internet users are more likely to offer themselves social networks and applications and be less concerned about the implications of doing so. New technologies and better abilities to obscure the information that we want to keep private are helping to protect ourselves, but that is only if we make the effort. So, at price do we hold our privacy? How would Orwell’s vision of the future differed if he had been able to anticipate the utility of a ‘like’ on a status update?