‘We Live in a Golden Age of Surveillance’ (Audio and Transcript)

In this week’s episode of “Scheer Intelligence,” host and Truthdig Editor in Chief Robert Scheer talks with Nate Cardozo, the attorney for the Electronic Frontier Foundation, on the struggle to protect free expression, privacy, and innovation in a hyper-connected world.

Listen to the interview in the player above and read the transcript below. Find past episodes of “Scheer Intelligence” here.

RS: Hi, this is Robert Scheer with another edition of Scheer Intelligence, where the intelligence comes from my guests. I sometimes make a little joke that I’m the poor man’s Central Intelligence Agency. But that is actually appropriate to today’s discussion, because I’m talking to the senior staff attorney for a great organization called the Electronic Frontier Foundation. I’m talking with Nathan Cardozo. But let me just get him to talk a little bit about what I consider to be the most important organization, outside of the American Civil Liberties Union, dealing with freedom on the internet. And it’s started by some real pioneers who created the internet; John Perry Barlow, who died recently; Mitchell Kapor; John Gilmore. And they’ve been operating, way back in the early days of the internet and to the present, fighting the good fight to keep the internet free from government interference. So why don’t you give us that historic picture, and then we’ll get up to contemporary issues of what is happening to our freedom right now.

NC: Sure, thanks, Bob. And thanks for having me on. As you said, EFF, the Electronic Frontier Foundation, was founded all the way back in 1990. That’s before the World Wide Web was even a twinkle in Tim Berners-Lee’s eye. The first web browser is a couple of years younger than the organization I work for. And in fact, our first case was a case involving a bulletin board system, a BBS, back in 1990. There was no conception of whether or not the Fourth Amendment applied to computers, whether we had a reasonable expectation of privacy in our digital documents. You know, the Fourth Amendment talks about our papers and effects; it doesn’t talk about our .txt files or anything like that. And in 1990, a game developer, a board game developer in Austin, Texas named Steve Jackson Games, had a BBS, a bulletin board system where you could dial in and download all sorts of files, including The Anarchist Cookbook, that famous text file that gives dubious instructions on how to create things like bombs. And the Secret Service raided Steve Jackson Games, and they seized all of the computers, not just the computer that ran that BBS, but all of the computers that Steve Jackson needed to run his business. And they did it without a warrant. And that pissed off a lot of people on the nascent internet. There was a forum called The Well, which was frequented by all sorts of luminaries like John Gilmore and John Perry Barlow and Mitch Kapor, among others, and Steve Jackson. And some folks who had made a lot of money in computers in the eighties got together and decided that they were going to hire lawyers to make sure that our freedoms, our Bill of Rights, followed us into the digital age. And they took Steve Jackson as their first client, and they got his servers back for him. And the resulting organization is the Electronic Frontier Foundation. We were originally founded in Cambridge, Massachusetts; moved to D.C. in about 1992, and then fled the swamp screaming in ‘94, and we’ve been in San Francisco ever since.

RS: So, just to make it clear, I mean, I sometimes think of you as having, or your organization having something of a libertarian bias–

NC: Indeed.

RS: [Laughs] You said “indeed”?

NC: Yeah.

RS: OK. So we got to make clear, as opposed to the ACLU, which is sometimes thought to swing a bit to the left–I think unfairly; I mean, the ACLU actually supported the Citizens United decision in a show of consistency in free speech matters; whether you agree with them or not, at least they lean in the direction of First Amendment purists. But you do get funding from Silicon Valley, you have support among luminaries, and have always had support in Silicon Valley. And yet you’re guarding the gates for separating government from private enterprise, right? That’s sort of your main task.

NC: Our task is to defend users’ rights online. And we focus on three areas: we focus on free expression, we focus on privacy, and we focus on innovation. That mission often brings us into conflict with the companies in Silicon Valley, but often we’re representing the Silicon Valley rank-and-file, if you will, against their managers. Our budget is about five or six percent corporate donations and 75 or 80 percent individual donations. Most of those are Silicon Valley types, whether or not they actually live in Northern California. We have worked against a number of regulations that sought to regulate speech on the internet. We’ve pushed for regulations that would seek to impose privacy restrictions on the companies. So we’re not strictly a libertarian group; we’re politically non-aligned, seeing as we’re a 501(c)3. But I would call our politics a mix of civil libertarian and progressive. So we almost always find ourselves on the same side of the issues as ACLU; we don’t always find ourselves on the same side of the issues as someone like the Southern Poverty Law Center, because they take a much stronger anti-hate speech position, and we take a much stronger free speech, First Amendment absolutist position.

RS: Something big has happened since the last time I consulted with you and with your organization. And that was, we were in the aftermath of Edward Snowden’s revelations about the massive government spying on Americans and on people around the world; the, you know, leaders of Germany and Brazil and other places, and getting their information. And a big battle developed; there was pushback from private companies like Apple and Google and Facebook against the government. And the real issue, of course, in constitutional protection, is restraining government, rather than restraining the private sector in these matters of the First, Fourth Amendment, what have you. And there was a lot of momentum for finding out, what do they do to us, and what do they know about us? And then we ran into this election, and with the loss of Hillary Clinton to Donald Trump, suddenly the whole energy shifted to sort of celebrating the FBI and the CIA, and really asking them to be more vigorous in their prosecutions. And a whole new Red Scare, without reds, against Russia and Putin, developed. And the whole, all that set of issues raised by Putin and others sort of left the room; they were gone. So why don’t you give me an appraisal of what has been happening?

NC: Ah, since Snowden, we had two major legislative actions. The first was a couple of years ago now, in 2015. The 215 Program was up for renewal; it was supposed to sunset. 215 was the section of the Patriot Act that permitted the NSA to collect the telephone metadata of every American. This is the to, from, when and how long–every single phone call in America. And the NSA gleefully sucked all that up from early 2002 until 2015. In 2015, the Patriot Act was up for reauthorization; it was set to sunset. And we had what was frankly the first legislative victory against the NSA since FISA, since the Foreign Intelligence Surveillance Act of 1978. And in 2015, Congress ordered that the bulk telephone metadata collection program end. And so far as we know, it did. So in 2015, 100% of Americans’ call records were Hoovered up by the NSA, pun intended. In 2016, that number was down to only–and I use scare quotes around that–only something over 100 million telephone metadata, pieces of telephone metadata. In 2017, that number jumped right back up to well over 500 million pieces of metadata. So even though Congress ordered the quote, bulk, unquote telephone metadata program to end, it appears from a transparency report released last week by the office of the director of national intelligence, that the NSA has essentially picked up right where it left off.

RS: So basically, you’re saying that these secret agencies, the NSA, CIA, are unaccountable. We don’t know what they’re doing, it doesn’t matter what Congress says. And, but I want to stress, we are now in a moment where a lot of liberal people, people who care about civil liberties, are willing to give a blank check to the FBI and the CIA because they think, you know, the president, Donald Trump, is such a bad guy, and they’re so unhappy with the results of the election, that they want to unleash these secret agents to just, I don’t know, run amuck.

NC: You know what doesn’t make sense to me, Bob, is when we give power to the CIA and the NSA, like we did last December–last December, the prison program was up for renewal, and despite our and ACLU’s best efforts to stop it, it was renewed without changes. When we give those sorts of tools to the CIA, to the NSA, to the FBI, we’re giving them to Trump. Right? We’re not giving them to Robert Muller; we’re giving them to the man in charge, and he is able to use them pretty effectively, and essentially without accountability. You know, the House Intelligence Committee is led by Devin Nunes, who is threatening to subpoena, or threatening to hold Jeff Sessions in contempt; over what, we don’t know. But the oversight committees, the intelligence committees in Congress, as you pointed out, they’ve been completely overwhelmed by Russia, Russia, Russia, and they’re not looking into the spying that’s going on within this country. You know, 520-something million Americans’ telephone metadata were swept up last year by the NSA. What investigations were those? Who is going to be held accountable for that? And the answer right now is, essentially, nobody.

RS: Everybody’s sort of–not everybody, but a lot of people are under the assumption that somehow these agencies were reined in, and that there’s less collection of this data, and what have you. And I wonder also what happens to the data. And interestingly enough, a lot of it is stored on these clouds, right? These collections of computers.

NC: Amazon is one of the government’s biggest data repositories.

RS: OK, yes. And so you’re jumping in on me. Because I was thinking about that. You know, Amazon has been building these clouds; it’s a private corporation, ostensibly believes in private free enterprise. But yet they’re a big, huge military contractor. The owner of Amazon, the bigger shareholder, with his private pocket change, was able to buy The Washington Post. A paper that, you know, at some point had–whether it was the Pentagon Papers in the Vietnam War, and Daniel Ellsberg; whether it was more recently the revelations from Snowden and others–you know, could play some kind of counter role. But now, here is a military-industrial contractor, the kind that President Eisenhower warned us against, building the cloud for them. And then you have another organization, Palantir, which is one of the major builders of these clouds, again a private defense contractor. And so we have this massive data collected by the government–our data–basically entrusted to systems that are built by companies that, particularly in the case of Amazon, that otherwise are mining our data daily for profit. This is an Orwellian world. I’m sorry, it’s an overused image. But we’ve lost sight of it. We don’t even care anymore. That’s what I’m sort of getting at here.

NC: I think that’s unfortunately right. I think we’ve become numb to the overcollection and oversharing of our personal data. Cambridge Analytica was an interesting example, right, because Cambridge Analytica did exactly what Facebook told us they were doing. Facebook permitted–and to some extent still does; they’ve reined it in a little–but Facebook permitted developers on their platform to view not just the people who interact with those apps, but all of their friends’ private information. You know, if any one of your 1,000 Facebook friends clicks on FarmVille, FarmVille got all of your data as well, even if you never clicked on it. They advertised that fact. That was designed in. That’s the whole point of Facebook, is to collect all that kind of data. And of course it went to an organization like Cambridge Analytica. That was the kind of thing that, back in 2008, we were all cheering when we saw the Obama administration use microtargeting for the first time in a political campaign. It worked for Obama; of course it was going to work for Trump.

RS: It’s interesting that you bring up Obama, because it’s thought that somehow what was done now is particularly odious. But in the Obama campaign–which, you know, I voted for the man, actually made financial contributions, as much as I could afford, believed in it. But I managed to overlook the fact that he was the first presidential candidate in some time who shunned public financing, all right? And the argument was because he was up against particularly difficult odds. And he also pioneered–at the time, everyone on his side bragged about it–pioneered the very tactics that are now thought to have stolen the election.

NC: I think the difference wasn’t just that the internet generation, you know, abhors President Trump. The difference is, we’re all more aware today than we were eight years ago about the amount of personal data that exists on us. In 2008, you probably knew more than a handful of people who weren’t on Facebook. Now you might know more than a handful of people who weren’t on Facebook, but that’s only because they deleted their accounts in the past several months. Everybody’s digital lives are enormously sensitive today in a way that they probably were in 2008, we just didn’t recognize it.

RS: This was the point made by another conservative that is often criticized by liberals and civil libertarians, Chief Justice Roberts. And in that decision, preventing the police from breaking into your cell phone, his argument was that the Fourth Amendment that you referenced before, the right of the individual to be secure in their homes and not be invaded by warrantless searches, or general searches, he argued there was more information on a cell phone than was ever in anyone’s home. And that if we didn’t extend the protections of the Fourth Amendment, it would have no meaning in the modern world. And I thought that was an amazingly important decision, coming from a conservative court. And yet we’ve lost that message. No one now seems to care, again, about the government’s ability to do what the King of England or the Czar of Russia or Joseph Stalin or Adolph Hitler could never do, which was invade the most intimate information–movement, reading habits, musical habits, and personal life of all of the citizens on an incredibly detailed scale.

NC: Yeah. So that’s the Riley opinion out of the Supreme Court, from I guess about a year and a half ago now. In Riley, the court held that the cops couldn’t search a cell phone incident to arrest, even if they had an arrest warrant, unless they also got a search warrant for the phone. I think we’re about to see another round, if you will, of that fight. And it’s going to center around encryption. So in December 2015 there was a shooting, a mass shooting in San Bernardino; one of the shooters left one of their iPhones on the floor of their vehicle; and the FBI demanded that Apple crack the encryption and let the FBI into the phone. Apple refused; the FBI went to court. And on the eve of the court hearing, the FBI backed down and said that they had gotten a third-party contractor to break the encryption for them. It’s our understanding at EFF that the encryption debate is likely going to heat up again over the summer, this summer, or over the fall. Christopher Wray has followed in Jim Comey’s footsteps as director of the FBI in calling for the technology companies of Silicon Valley to build a backdoor. In Christopher Wray’s, director Ray’s magical thinking, of course, this would be a backdoor that only the FBI could use. The cryptographers and computer scientists say that no such backdoor exists; if you built one for the FBI, the Russians, the Chinese, organized crime, identity thieves, you name it, will walk right in that same backdoor. But I think the American people are going to be asked to decide whether we think we should sabotage our own security in order to let the FBI into our phones. I don’t think that that’s a fight that the FBI is going to win easily.

RS: [omission for station break] We’re back with Nathan Cardozo, the senior staff attorney for probably–well, I won’t say probably–the most important organization, outside possibly of the ACLU, the Electronic Frontier Foundation, the most important when it comes to protecting our privacy and letting us know what the government is doing in cooperation, much of the time, or in opposition to the major internet corporations. And we were left with this case, decision that your data on your cell phone is protected. Now, on some of those decisions, I just want to be clear about what’s happened with Russiagate and everything. We’ve lost sight of the fact that the US government has pioneered this ability to monitor citizens, interfere in politics, you know, take the conversation of Angela Merkel or anyone else on their cell phone. And so give me some perspective on what our ability, our technological ability as far as spying, collecting data, analyzing it, compares to the rest of the world. And are we not providing a very dangerous model for China, Russia, Saudi Arabia, everyone else to follow?

NC: Well, the short answer is, if the National Security Agency wants something, they’re going to get it. And it essentially doesn’t matter where that something is, or what technological measures its owner has taken to protect it. I’ll give you an example. And this is now from almost a decade ago, the Stuxnet example in Iran. So the NSA, working reportedly with the Israelis, developed a piece of software that was able to infiltrate computer systems in an Iranian military laboratory. This laboratory was what we call air gapped; it was not connected to any computers outside, wasn’t on the internet, there was no way of remotely accessing these computers. So what the NSA did was they developed a system that could pass messages back and forth using USB drives. And not using USB drives operated by spies or anything like that; using USB drives just in the normal course of the Iranian scientists’ business. They sent malware to a whole bunch of Iranians who were on the internet, infected their USB thumb drives, infected other people’s USB thumb drives, infected other people’s USB thumb drives, until that malware eventually got across the air gap into the Iranian enrichment facility in Iran, did some reconnaissance autonomously on its own, without instructions from the NSA or the Israelis, and then passed messages back along that same system of USB drives, that eventually ended up allowing the NSA to send a command inside the Iranian nuclear laboratory, across the air gap, onto systems that were not connected to any sort of network, that caused them to self-destruct and destroy the centrifuges. That is an incredible piece of engineering effort. It used ten previously unknown vulnerabilities in Windows and another handful in the industrial control systems of the centrifuges. And from what we know, that was a decade ago. We can assume that the NSA’s capabilities have advanced just as much as Apple or Google or Facebook in the last decade, which is of course considerable. So the issue is, do we want state and locals, do we want every podunk law enforcement agency in America, and of course around the world, to have that kind of, that kind of technical capability? Do we want them to be able to break into anything? My answer is no. Even if you trust the NSA, and I don’t necessarily, but even if you do, they’re at least professional; is the San Francisco sheriff professional? Ah, as yet to be determined. And do we want to be giving them the same sorts of tools that we give the NSA? I would argue absolutely not.

RS: Well, let me ask you about the connection between these local police authorities and the government. You have a company, Palantir, a very mysterious organization, that was started in part with funding by In-Q-Tel, which was a CIA bank, basically, or venture capitalist firm. And so they got money, but more important, they had access to the CIA’s systems to perfect their data mining and investigation. And not only do they, are they involved in creating systems for all of the national intelligence agencies, but I’m broadcasting here from Los Angeles, and the last time I checked, they still seemed to have a secret headquarters down here in the LA Police Department. They’re in many local police departments, state police departments, and so forth. What control is there, and what does it do to your libertarian sensibility, or to Silicon Valley’s libertarian sensibility, that these companies are as tightly interconnected with the federal bureaucracy government–this great separation of wall between private and government sector–as ever, as ever Boeing was, as ever Lockheed was, in the old days. Does this alarm your colleagues? Does it alarm the people you know in Silicon Valley?

NC: It absolutely alarms us. We have been attempting for almost a decade now to get information about how exactly Palantir–and folks like Palantir, but Palantir is I think the easiest example here–are collaborating with law enforcement, both at the state and local level and on the federal level. We know that they do data mining and so-called predictive policing, but their algorithms are all black boxes. We don’t know who they’re targeting, we don’t know why they’re targeting, and we don’t know the results of their targeting. The only metrics that we have are, you know, police department press releases that say “arrests are up.” That doesn’t mean anything to me, right? You can make arrests go up simply by putting more officers on the street and having them arrest anyone with a broken taillight. That doesn’t say anything about crime. And yes, we’re desperately worried about these algorithmic black boxes that our civil liberties depend on these days. We don’t know what goes into Palantir flagging someone as a gang member, or Palantir flagging someone as a potential terrorist, or Palantir flagging someone as a potential undocumented immigrant. Palantir is working with ICE and Customs and Border Protection these days. I can only imagine that what they’re doing is trying to find undocumented immigrants.

RS: We’re providing a model for the world, OK? So the fact, if the Russians hacked into our election, which is one of the things that’s argued, we certainly provided models of our ability to hack into any election, or to monitor any political activity anywhere in the world. And I just want to give one example that you might comment on. We had the Arab Spring, and there were people when I was writing my book, you know, in Silicon Valley, who were very happy–I know folks at Google and so forth–here is the Arab Spring, and we contributed to it with social networking, with people being able to communicate, alternative networks, and so forth. Now the news out of Egypt is that there’s an incredibly large prison population. Many of the people involved in the Arab Spring were jailed. And they were jailed because their records could be monitored, their electronic communication could be monitored. The very same tools that our NSA or CIA use are modeled there as well. And so there is, all these other countries in the world can use these same tools to more effectively control their population. Isn’t that the legacy of the internet, despite your organization’s best effort to keep it free?

NC: Yeah. We live in a golden age of surveillance. It used to be that you and I could have a conversation, Bob, over the phone or by postcard or whatever, and if the cops wanted to go back in time and monitor that conversation that we had a month ago, they were out of luck. The phone call had ended, the postcards had been delivered. Now, all of that leaves a trace. You and I cannot have a conversation with each other without leaving a record of that conversation unless we do it in person in an open field and we leave our cell phones behind at home. We’re being tracked quite willingly by the magic tablets in our pockets. And we’ve created a world where everything is recorded. Not just this podcast, but you know, I have my iPhone with me; the fact that I’m sitting in a studio in San Francisco is known to at least AT&T and Apple, probably also to Google, probably also to my employer. The fact that you’re sitting in a studio at USC is known to your equivalents of all of those as well. The ISDN line connection that’s connecting these two studios is leaving a trace. And all of that data will be there, if not forever, at least for several months or years. And we live in an era where all of that is recorded. My car knows who my doctor is, my car knows where I work and where I spent the night, my car knows where I eat, my car knows who my therapist is, who I’m having an affair with, if I’m having an affair; my car knows where I worship. And that’s just my car, that’s not even to say my cell phone or my laptop. My cell phone and my laptop know way more about me than that. So yes, we’re living in a veritable panopticon.

RS: People should realize, we had a fantasy about our country that we were exporting a model of representative government, of limited government, of individual freedom; this, after all, is the city on the hill that Ronald Reagan trumpeted; this is something that we have believed all through the Cold War. We were the free world, right, as a nation. And we believed in limited government, we believed in privacy, the power of the individual. And then we had this internet revolution, in which you’ve been centrally involved. And again, it was supposed to be this great tool for education and empowering people, and that’s why I brought up the Arab Spring, all over the world. Well, it’s a two-edged sword. And it’s turned out to be the most effective instrument for totalitarian control–totalitarian–on the part of any government in the world that wants to monitor the minutiae of their citizens’ life. And I’ll give one example–Mueller, now this hero to many democrats, who was head of the FBI when they were perfecting a lot of these things–that’s the same FBI, or an earlier version of it under J. Edgar Hoover, who went out to destroy Martin Luther King and, through that, the Civil Rights Movement. What would have happened to Martin Luther King if he were alive in today’s world of information monitoring?

NC: Ah, well, he wouldn’t have been able to organize anything in secret. Nothing that a social activist does today is truly done in secret. But let me leave you on a little bit more of a positive note, if I will, Bob. Electronic Frontier Foundation, the organization I work for, produces what we call a surveillance self-defense guide. It’s available at SSD, for surveillance self-defense; SSD.eff.org. And we teach you how to use encryption, we teach you how to use Signal, which is an encrypted messenger app for your cell phone that doesn’t leave your text messages open for the government to read. We teach you how to turn fill disk encryption on in your laptop. We teach you how to use encrypted email. And we teach you how to use the Tor browser, which is a way of browsing the web anonymously, without giving up your identity. So there are ways that individuals can take at least a modicum of their privacy back from the government.

RS: I want to thank you, Nathan Cardozo, for sharing all this insight with us. Our producers are Joshua Scheer and Rebecca Mooney. Kat Yore and Mario Diaz are our engineers at KCRW. Here at USC where we’ve been broadcasting from the Annenberg School for Communication and Journalism, Sebastian Grubaugh has been the excellent engineer. And over at Sports Byline, where Nathan Cardozo has been broadcasting, we have Darren Peck to thank for making that facility available. See you next week.