Simon Davies: Father of Internet Privacy

2016-02-20 01.31.39 (2)

Image credit: Margaret Leigh Sinrod

I met Simon Davies, the so-called “father of internet privacy,” two years ago in Rome, Italy.  I was on assignment for John Cabot University, taking photos and writing an article on the course.  Honestly, I expected another dry academic pitching his most recent publication.

Davies opened by nonchalantly informing the audience that 95 percent of our daily routines are under surveillance.  He further warmed us up by pulling out his brick Nokia and declaring that after the lecture, he would be forced to throw it into the Tiber, the fabled river snaking through Rome.  For his own protection. And he recommended we all do the same.

We millennials squirmed in our chairs, sliding our hands in our pockets in search of that smooth, comforting touch of our iPhones.  Who is this guy?

Simon Davies became a privacy advocate thirty years ago, when data protection was still a rather niche issue.  He was the first person to campaign for a global perspective on privacy – from border surveillance to CCTV and identity systems.  In this effort, Davies founded the watchdog group Privacy International with the commitment to monitor all spheres of privacy.  And over the past three decades, Privacy International has been the leader in exposing spy agencies, governments, and corporations worldwide.  Davies ran a successful campaign against the implementation of mandatory identity cards with trackable microchips in Australia and Great Britain, making him quite unpopular among the likes of Tony Blair.

At the end of Davies’ lecture, my SD card was embarrassingly void of photos.  I had been so taken by his narratives of personal threats as a result of his activism and accusations against trusted government agencies that I forgot to document the lecture.  Truthfully, I also felt strange snapping photos in the face of a man advocating for privacy.

“People in this room are going to run this planet and change future landscapes,” he told us.  “Think about the most influential and important people in history.  They would not have wanted everyone to know details of where they’ve been and what they’ve done.”

My mind was itching with suspicions and questions.  I wanted to delete my Facebook and toss my phone into the Tiber.

I was lucky enough to audit Davies’ course at John Cabot the following semester, where my suspicions were confirmed and elaborated upon.  I pledged to protect my identity using encrypted email systems and providing false user information.

Two years later, Davies is still at it.  And I caught up with the London School of Economics Professor and learned about his new initiative, Code Red. He also shared his take on the US Department of Justice vs. Microsoft case, as well as tips on how to protect privacy in an increasingly digitized world.

Here’s my email interview with him:

Tell me about your new initiative, Code Red.

In 2013 and 2014, I had been traveling the world in an attempt to figure out the new directions needed for privacy.  The revelations by Edward Snowden broke in the early stages of this work.  We knew this was a critically important moment, but none of us could gauge its true impact or significance.  So, I brought dozens of colleagues from around the world together to produce a hard assessment of just how much reform had come about because of Snowden.  The worrying conclusion was that there had been no reform – or very little.  It became very clear, very fast, that we needed to find a way to accelerate activism.

My decision was to start an initiative called Code Red.  Its aim is to go to the very heart of the issues that block privacy reform and that nurture the surveillance society and find solutions.  There’s a galaxy of awesome people involved in this effort.  For example, my co-director is Annie Machon, former MI5 intelligence officer, and my technical director is Bill Binney, formerly Technical Director of the NSA.  These are people who operated at the center of the global power establishments — and then turned whistleblower.  Our key people range from David Cameron’s first chief of staff to former members of the US Congress.

What are some of the issues Code Red is tackling right now? 

Curiously, our first major project turned out to be something quite mainstream and respectable.  We’re at an advanced stage of building a new indexing framework for all human rights information.  In the consultation phase for Code Red, it became clear that most of this important data simply disappears or becomes invisible.  This is an attempt to build a simple numeric system that can ensure that anything you publish online can be found.

Beyond that, we have some very powerful initiatives in the pipeline.  One that I’m particularly excited about is “Scrambled X,” which is a technology intended to thwart governments that intercept (and sometimes block) financial contributions to human rights groups, trades unions, and so on.

The US Government has requested access to private emails stored on Microsoft cloud servers in Ireland.  The emails pertain to a 2013 narcotics case.  Microsoft appealed the ruling, claiming the government does not have the right to access private data stored on foreign soil.  The case is now in the Second Circuit Court of Appeals, and a decision is expected in late February.  What’s your take on the case?

I’m firmly on Microsoft’s side in this case. The company has done a huge service to privacy and rights by standing up to the Department of Justice on this one.  My plan is to become far more active in coming months, evangelizing for European governments to back Microsoft’s position.

The UK is, of course, fully behind the DOJ in this case.  Indeed, the UK is pushing hard for a bilateral agreement with the US allowing the two countries to bypass many legal protections over data transfers and surveillance.  Europe, thankfully, is becoming a little more skeptical, and I have reason to believe that there’ll be some pushback from countries like Germany.

If Microsoft is forced to give the DOJ access, what are the global implications?

There’s a lot at stake in this case.  If Microsoft loses, the US will see much of the data environment throughout the world as its own dominion, to do with as it pleases.  And if we lose this territorial rule, then the likes of China, Uganda, and Russia will have a moral basis for seeing the world exactly the same way.  If you’re happy for such countries to have access to your information, then please do go ahead and support the DOJ position! 

I personally think Microsoft has an uphill battle on this case.  I think the best outcome we can hope for at this stage is that the Second Circuit Court of Appeals signals the need for an overhaul of the treaty arrangements in such matters.  In reality, I’m almost certain – one way or the other – that the Supreme Court will be asked to rule.

As a millennial journalist, I can’t exactly abandon my smartphone.  What are some crucial steps for protecting one’s privacy — short of throwing out all of our devices?

There’s a car analogy here.  If you go onto the highway, your risk increases.  There’s no way around that fact, regardless of how many safety features you engage.  Same with privacy.  If you used advanced systems, the risk increases.  End of story. 

Having said that, the landscape is changing.  The Microsoft ship is turning around, as is privacy awareness at Apple and other companies. A huge amount of research is going into finding ways to protect privacy.  I can name fifty products, but the essential problem is that most are simply not user friendly.  Another huge problem is that as soon as genuinely useful privacy products like the ToR browser are adopted, they are infiltrated and compromised by the security establishment.

I refuse to get depressed about all this.  Privacy is a relatively young public issue, and the battles are far from over. In the meantime, my suggestion is that you remain vigilant and skeptical, and keep in mind that for the past thirty years all of us have been systematically deceived and hoodwinked over the privacy issue.  We will find a way through this, but the privacy community needs support from a public that has learned not to buy into the lies spewed out by companies and governments.

On February 16th, a week after my conversation with Davies, a US federal court ordered Apple to unlock Syed Farook’s cell phone.  Farook and his wife Tashfeen Malik committed the 14-person massacre in San Bernardino, California.  The F.B.I wants access to the locked iPhone 5c in order to determine whether Farook and Malik were in contact with the Islamic State.

On February 17th, Apple vowed to appeal the ruling in a 1,100 word letter to its customers.  CEO Timothy D. Cook called the demand to bypass iPhone security a “chilling” breach of privacy.  If the ruling stands, Apple engineers will be forced to develop technology to bypass the security feature that wipes the device after 10 unsuccessful password attempts.  He wrote, “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

“It is unfortunate,” responded the Department of Justice, “that Apple continues to refuse to assist the department in obtaining access to the phone of one of the terrorists involved in a major terror attack on U.S. soil.”

The FBI maintains the locked data could be crucial to preventing further terrorist attacks.

Meanwhile, the two tech giants Apple and Microsoft, which have brawled frequently on the public stage, now find themselves on the same side of major litigation with the US government.  The issue of data protection has certainly made for unusual bedfellows.