This is Part II of Kevin Roose's day-long attempt to escape all forms of government surveillance. For Part I, click here.
It's 10:30 a.m., and I feel like I've had a full day already. Surveillance-proofing my life has been exhausting, and it's taken hours to set up an encrypted Hushmail account; install HideMyAss, Wickr, Seecrypt, and Tor (the apps I'm using to foil would-be snoops); wrap my cell phones in aluminum-foil Faraday cages to avoid unwanted transmissions; and wire my red baseball hat with infrared LEDs to make myself invisible on security cameras. These measures — the first steps in my quest to investigate the modern security state by living surveillance-free for an entire day — have made it harder for the NSA and other authorities to track me inside my own house. But since my goal is to have a somewhat normal day while staying below the radar, I've got to test my arsenal in the outside world.
I head to my local café to get some writing done. I take a new route, since I normally walk past a school, a post office, and other camera-ridden zones on my way. I’m feeling pretty confident as I stroll the side streets, even though there’s a faint burning smell coming from my surveillance-proof hat. (My electrician skills are amateurish, and I may have left some wires exposed.)
When I get to the café, I approach the counter.
“I have a weird question,” I say to the barista. “Do you guys have any … surveillance equipment?"
The barista, a youngish Asian guy with three-day stubble, lets out a nervous laugh and says “nah.”
Browsing the Internet on the café's public Wi-Fi network proves to be a frustrating experience — HideMyAss is routing my traffic through a particularly slow server in Amsterdam, and certain sites won’t load because I’m using Tor instead of a traditional browser. Yelp, for one, won’t let me look up reviews — when I try, it returns a cryptic error message. And when I go to nytimes.com to check the news, I get a pop-up window telling me that some of the content I'm viewing is unencrypted.
But my biggest problem, I quickly realize, isn’t what’s happening on my laptop screen. It’s what’s all around me at the café — customers using their laptops, phones, and tablets. All of these devices double as video and still cameras, and each of them could be used to spy on me. My expert guides warned me that the biggest threat to my privacy today would be the inadvertent snooping of my fellow citizens. Given the ubiquity of smartphones and other location-aware gadgets, and the ability of the NSA to cull and parse the data that comes out of those devices, we’ve become our own distributed network of unwitting spies, one whose collective reach is nearly infinite.
“When you’re walking around public spaces, 95 percent of people have a camera on them,” Gary Miliefsky, one of my security consultants, told me. “Some of them are being used.”
Gary's advice was to “look boring” and blend in with my surroundings, so I’ve worn my plainest brown hoodie and a dull pair of gray pants. Battery-powered hat aside, I look like any other dot-com slouch.
After I spend about an hour writing a piece, e-mail it to my editor, and write a few encrypted e-mails to my friends and family, it’s time to make my next move: to a restaurant in San Francisco for lunch.
Normally, I’d drive into the city. But given the number of stoplight cameras I know exist between here and there, and the fact that I’d have to get my license plate scanned at a toll booth on the Bay Bridge, it seems too risky. Gary told me about the existence of a license-plate blocker spray, which sounded like a promising workaround, except that it appears to be illegal in California. So public transportation it is. I know BART has cameras in every station (because those cameras caught that crazy naked gymnast guy a few weeks ago), but I’m hoping that I’ll be able to fool them with my infrared hat, or at least keep my head down until I’m safely on the train.
Once I’m off BART, I hop in a cab and zoom off to my lunch spot. When my two lunch companions arrive they, of course, start laughing at my hat.
“You look like a crazy person,” one says.
Both friends are reporters, and both of their jobs involve paranoia. They’re the kind of people who use burner phones and prefer in-person meetings with sources. And yet, even by their standards, my project seems extreme. When I offer them sheets of aluminum foil so that they, too, can enclose their phones in Faraday cages, they politely decline.
After lunch, I find myself tempted to whip out my iPhone, take it off airplane mode, allow it to connect to the nearest cell tower, and give myself a five-minute break to see what e-mails and texts I’ve missed. But every time I resist. The amount of data I'd leak in one unsecured e-mail check would nullify my whole project. I imagine an alternate reality where there's a room full of NSA snoops, all crowded around a computer screen, trying to locate me. “Aha!” they say, as a little red dot appears on the screen. “I knew he couldn’t stay away from Instagram for an entire day.”
Still struggling with digital withdrawal, I think back to something one of my friends said over lunch about Edward Snowden’s leaks about the PRISM program. “It’s not a scandal!” he said. “We approved of all of this when we renewed FISA" — the Foreign Intelligence Surveillance Act, the law that paved the way for PRISM. "We might have forgotten that government could get this information, but it’s not unexpected or illegal.”
He’s right, of course. Most the surveillance I’ve encountered today isn’t part of a vast conspiracy. In fact, a lot of it has been explicitly authorized by law, and by decisions I’ve made consciously. I’ve known for years that Google’s algorithms scan my Gmail in-box in order to show me more targeted ads, and I’ve been aware for weeks that Facebook has cooperated with the NSA. And yet, even after learning about PRISM, I kept logging on, because I like having free, useful web services. If those services compromise my privacy, I’ve typically accepted the intrusion as part of the bargain.
But today is making me rethink my habits. As I walk back through San Francisco to the BART stop, I find myself looking in wonderment at strangers using smartphones. Don’t they know that they’re giving the NSA their exact coordinates? Do they know that every time they buy a new Candy Crush level or geotag an Instagram photo, they’re just fattening their profiles on government — and private-sector — servers?
Of course, not everyone is equally bothered by surveillance. In a recent Washington Post/ABC News poll, 74 percent of respondents said the NSA's data-collection efforts were a violation of some Americans' privacy rights. But 39 percent of those people — the ones who called the NSA's programs an intrusion — said the surveillance was nevertheless justified.
This view — the idea that government is violating our rights by spying on us but correct in doing so — is one often employed by people who think that the benefits of a wide surveillance net (averting terrorism, solving crime, making neighborhoods safer) outweigh the costs to personal freedom. It's a position I can sometimes sympathize with, but the main reason for my ambivalence on the issue of surveillance has historically been simpler: Namely, I like technology and don't want to give it up. In a blog post after the Snowden revelations, The Wire creator David Simon captured this view well:
I know it’s big and scary that the government wants a data base of all phone calls. And it’s scary that they’re paying attention to the internet. And it’s scary that your cell phones have GPS installed. And it’s scary, too, that the little box that lets you go through the short toll lane on I-95 lets someone, somewhere know that you are on the move … But be honest, most of us are grudging participants in this dynamic. We want the cell phones. We like the internet. We don’t want to sit in the slow lane at the Harbor Tunnel toll plaza.
I’m thinking about Simon’s post as I ride the train home, before dinner and a night out with friends, when I hear a fellow subway rider telling her friend that the Bay Bridge has been shut down in both directions because of a suspicious package found at the midpoint. It’s the kind of routine scare that happens somewhere every day, but today it seems more poignant than usual.
It's hard to know what effect surveillance has in moments like these. Cameras on the bridge may have caught a deadly package before it exploded, and saved innocent lives. Or they may have triggered a costly false alarm, delaying thousands of commuters unnecessarily. Some surveillance does actually make the world safer. But how do we know how much is the right amount? In practice, we have to try to figure out whether we are overcollecting and risking the erosion of any remaining sense of privacy, or undercollecting and risking missing a major threat. The question is: Which is worse?
[To be continued ... ]