He starts petty fights on Twitter, he’s cool with Vladimir Putin, and when he takes the oath of office on January 20, President Donald J. Trump will assume control of the most advanced internet surveillance system the world knows about.
The relationship between politics and technology is increasingly volatile, dynamic, and important. President-Elect Trump’s perspectives betray severe misunderstandings of that relationship. In calling for an Apple boycott while the company resisted FBI efforts to break encryption on a phone belonging to one of the San Bernardino shooters, Trump outed himself as an enemy of the fundamental technology that makes it possible to securely transmit information online. From a 2015 debate stage, he suggested “closing the internet up” as a means to fight radical Islam, which is as impractical as it is impossible and hyperbolic.
Far from outlining specific technology directives beyond a soundbyte, or offering any other consistent policy, the Trump administration-to-come should raise anxious question marks about one’s personal information security. In 2013, notorious NSA whistleblower Edward Snowden acted through a series of journalists to expose secretive government programs with names like PRISM and XKeyscore, making it plain to the world that the U.S. government had significant means to spy on its citizens’ internet and phone activity. Snowden’s politics-rattling revelations helped elevate conversations about formerly niche tech topics like encryption, but according to one tech professional, there’s still work to be done to make the masses care.
“Security is not an app you can download,” says Dan Guido, CEO of New York-based cybersecurity research firm Trail of Bits, whose client list runs from Facebook to DARPA. “Keeping yourself safe on the internet means thinking about what you’re keeping yourself safe from.” Guido’s cheeky suggestion to those seeking to make their online activity completely invisible to third parties: Give up the internet altogether.
“It’s hardest to steal data that does not exist,” he says. “If you can’t tolerate having it stolen or snooped on, then don’t use a computer or phone to send it.”
There are still seats to fill in Trump’s cabinet, and several high-profile names are rumored for Director of National Intelligence, including former NYC mayor Rudy Giuliani and CNN national security commentator Mike Rogers. One of the strongest candidates might be a different Mike Rogers, the Navy admiral and current director of the National Security Agency — the same federal arm Snowden shook up by exposing its domestic spying program.
Depending on your political attitudes, you may not be agreeable to the notion of your internet activity being easily monitored, whether it’s by a garden variety hacker in search of credit card numbers, or your own government seeking information to foil a terrorist plot. For as long as there has been an internet, there have been people violating others’ privacy — it’s just that now, there are greater ramifications.
Whether your motivations are political or protective, it requires nothing less than the adoption of a new mindset if you want to meaningfully push back against those seeking to follow your internet footprints. We asked the experts for instruction on how to significantly close the security gap for John and Jane Internet-User. Here are their guidelines.
Use Messaging Apps Built on Strong Encryption
Founded in 2013 by Russian entrepreneur Pavel Durov, Telegram has its roots in a project designed specifically to avoid government surveillance. When Durov’s former business VKontakte ruffled the Kremlin’s feathers in a significant way, he and his brother designed a system for undetectable communication.
“We developed Telegram as an encrypted communications tool in order to avoid eavesdropping by Russian security agencies while we were running the largest social networking service in Russia,” Durov says. “When we left Russia, we realized the problem of eavesdropping was global,” so they formalized the project and released it as a free app presently used around the world.
Use a Password Manager
Software like LastPass and 1Password can run as an extension in your web browser, automatically generating complex, symbol-filled keys sure to pass any security requirements. These solutions remember your passwords for you, then automatically fill them out and log you in when you visit the appropriate page later.
With one login into the manager, you never need to type another password. And as your password keystrokes are never actually generated by the user, they effectively don’t exist and are therefore incredibly difficult to steal. “I use 1Password,” Guido says, “but any reputable service will do as long as you use it consistently.”
Use Two-Factor Authentication When Available
Google and other major platforms now make use of your cellphone number to enable an additional layer of security on your accounts. When Google texts you a security code after you log in on your computer, it’s confirming that you have both the password and the phone associated with the account.
A strong password is its own strong defense, but two-factor authentication makes your digital security barrier more physical. Consider the example of Wall Street Journal reporter Christopher Mims, who publicly shared his Twitter password a couple years ago. He emerged unscathed from the infosec stunt and retained control of his account, with his only saving grace being that he still possessed his smartphone.
“Two-factor authentication will keep your data safe even if you lose your password,” Guido says.
Location Services wants to know where you are. A webpage would like to initiate an unprompted download. These external requests execute locally on our devices because we grant them permission, so train yourself to be skeptical in going along with the dialogs that pop up on our devices and ask permission to carry out a process. Short of knowing exactly what that process is or asking for it yourself, the better answer is often no.
Durov suggests you “tap ‘Decline’ every time your mobile OS suggests you to opt in to something that is not 100 percent necessary.”
Have a Plan
How well-prepared are you if someone gains access to your bank account? Your email address? Your smart home? Skilled cyberthieves can steal your frequent flier miles, your health insurance, or open credit cards in your name. As more and more of the infrastructure we rely on to manage our daily lives moves to the internet, security compromises can have significant real-world impacts. The nature of what it means to “get hacked” is beginning to change.
“For most people, getting hacked means resetting a password, getting mailed a new credit card, or another minor inconvenience,” Guido says. “I think people will care more when getting their information stolen or abused causes more harm. Consumer attitudes about security will likely shift as we see more inventive methods of abusing data.”
Keep Calm and Carry On
We won’t know what Trump’s technology policies are like until we’re living under his administration. Will things proceed as they always have? Or in an emotional rage, will he block Twitter, just as Russia blacklisted LinkedIn from its own internet earlier this month?
While it remains impossible for any single person to dismantle the internet or seriously change how it works, an exception is perhaps possible if that person is President of the United States.