Information security is everywhere—if you know where to look. Most people don’t know they can take simple steps—like using smart phone apps Signal or WhatsApp to encrypt text messages and phone calls, or browsing the web using anonymizing free browser Tor—to reduce their vulnerability to some common forms of attack (at the low-level criminal level) and monitoring (at the state-level attacker level). But everyone knows the lyrics to that M.I.A. song about evading surveillance… Right? No? Did the U.S. Supreme Court yesterday potentially kill off the fruit of the forbidden (or poisonous) tree doctrine, weakening Constitutional and common law protections against arbitrary search, seizure, detention, and interrogation, and no one knows the playlist that addresses this problem?
1. M.I.A.’s “Paper Planes.” How should you call me if you know corrupt intelligence and police agencies worldwide are scooping up meta-data (e.g., who calls/emails who for how long and how often) without warrants and using it to map social relationships that then feed into robot killing programs on which they won’t release civilian casualty data—and you’re either paranoid or brown and Muslim, so that freaks you out a little? You could use Signal or WhatsApp, but that provides end-to-end encryption that at best (if your endpoints are secure-ish) protects your content. Your meta-data still gets scooped up. Maybe it’s just the fact of the phone call that gets some people robot-killed. So maybe you want to “hit me on my burner pre-paid wireless.” (Can somebody also please just take Defense’s money already?)
2. “Manning: Gaga.” Take Lady Gaga’s “Telephone”—a song Chelsea Manning allegedly lip-synched to while leaking classified documents. Add WikiLeaks’ “Collateral Murder“—a video edited from footage Manning allegedly leaked showing (still unprosecuted) American war crimes in Iraq. Shake. Stir. Shake again. Stir again. Move around your cell a little more. You have time for all this and more if you’re serving the longest sentence ever served for disclosing classified information to the media by a factor of wtf.
3. Lady Gaga’s “Poker Face.” If you’re ever interrogated, it’s probably a good idea to shut up, stay calm, and remember that there’s no such thing as “lie detection” because there is no unique behavioral, physiological, or verbal lie sign to detect. Police tend to think they can do things like telling true from false confessions… But they’re really no better at it than untrained people (which is to say, wrong about half the time). They are just more sure than regular people that they’re right. So say “lawyer” or “embassy” a few dozen times (after the “respectfully, sir” part), and know that “he can’t read my poker face.”
4. “The Sound of Silence” (Simon & Garfunkel) is what your line is after that.
5. Rick Astley’s “Never Gonna Give You Up.” One of the only hit songs that has a line you can sing to interrogators, and another you can sing to your friends! To wit:
Police: Why you no confess?
Astley: “You know the rules and so do I.”
Friend: Are you gonna give me up?
Astley: “Never gonna give you up/ Never gonna let you down/ Never gonna run around and desert you/ Never gonna make you cry/ Never gonna say goodbye/ Never gonna tell a lie and hurt you.”
6. Lianne La Havas’s “What You Don’t Do.” Maybe you don’t always take your phone with you when you go for a run or on a vacation—so that pattern of leaving it at home for a while when you’re elsewhere is normal. Maybe you don’t write down passwords on stickie notes, or ever give them to third parties—so that they are actually secure-ish. Maybe you do all those things but could stop. Sometimes, better security is what you don’t do.
7. Sting’s “Every Breath You Take.” The original creepy stalker song. But when you have to wonder if your webcam has been re-engineered as a tap or something, because we actually live in a world in which the NSA does that—you might as well sing it to the surveillance state.
8. Did you know that in some countries and U.S. States, you can actually say “My name is Trouble/ My first name’s A Mess” when stopped and asked for identity? You probably shouldn’t because widespread police use of torture has a long historical tradition in America and abroad. And it might not help you in the U.S. now anyway, since yesterday the Supreme Court ruled in Utah v. Strieff that police can use what’s traditionally called (and excluded from evidence as) “fruit of the poison tree,” or evidence from an illegal stop and search. But Strieff is specifically a case about police stopping someone on an anonymous drug tip, then ID’ing and running the dude’s name, getting an outstanding warrant, and then searching him. Without the ID, it seems they would not have had a name to run—thus no search for the warrant, and perhaps then no search. This points to one of the reasons Strieff and other cases that weaken Fourth and Fifth Amendment protections are dumb: they incentivize non-cooperation with police, at the level of refusing to give your name unless you are legally required to do so.
Keren Ann must have known this, because she put it in a song. At the everyday level, this is about asking if you’re required to do something police ask, before complying. At the infosec level, one application of not giving your name (or, per Ms. Ann, giving your name as “Trouble A. Mess”) is also not having your electronic devices on and accounts signed into when you’re crossing borders. Those are forms of electronic ID that you’re not really required to give, but protections are hazy (e.g., for foreign nationals crossing the U.S. border). So don’t show that you even have them, or you may be asked by border guards to search your own email so they can read it. Then, like police in Strieff, they can use the results (e.g., if you’ve been looking for work without the right visa) against you. This has actually been the reality for non-U.S. citizens for, well, all of U.S. history.
9. Sometimes I think I should have always kept my damn fool mouth shut about all th
e things, instead of spouting off when I must and ending up penniless in Mexico City with a bad haircut (for example). But actually, I don’t regret standing on the side of people who at least try to “Yell Fire,” as Michael Franti says. Sometimes you figure out what you’re trying to say by trying and failing (and trying and failing, and trying and failing) to say it. That’s not an infosec thing so much as a free speech thing… Unless you don’t want to learn this the hard way, and just blog pseudonymously from the beginning. The downside of hiding properly is that you might not meet a bunch of cool people who get it. The upside is that you will probably be a lot safer.
10. But what do you do when yelling fire doesn’t work? When your voice can’t affect change in the declining firm, organization, or state to which your loyalty is presumed? According to A.O. Hirschman, your alternative course of action is exit. In (Nancy Sinatra’s) other words, “These Boots Were Made for Walking.” That can mean getting your data off American servers in infosec terms, since a European high court ruled in October that, in effect, American law and intelligence agencies’ cozy relationships with big data-holding companies like Google, Facebook, and Amazon was violating Europeans’ human right to privacy, reminding them of Stasi surveillance on steroids—so the Safe Harbor treaty governing storage of that data was off. (See also the third point in this essay.)
Or you could read that exit option in a broader way. Just as no device is absolutely secure, no place is absolutely safe. But chocolate in Europe is better.