net of Things devices, do the same. Credit card companies, health insurers,
internet retailers, and social media sites all have detailed data about you --
and there is a vast industry that buys and sells this intimate data.

This isn't news. What's different in a techno-authoritarian regime is that this
data is also shared with the government, either as a paid service or as demanded
by local law. Amazon shares Ring doorbell data with the police. Flock, a company
that collects license plate data from cars around the country, shares data with
the police as well. And just as Chinese corporations share user data with the
government and companies like Verizon shared calling records with the National
Security Agency (NSA) after the Sept. 11 terrorist attacks, an authoritarian
government will use this data as well.

Personal Targeting Using Data

The government has vast capabilities for targeted surveillance, both technically
and legally. If a high-level figure is targeted by name, it is almost certain
that the government can access their data. The government will use its
investigatory powers to the fullest: It will go through government data,
remotely hack phones and computers, spy on communications, and raid a home. It
will compel third parties, like banks, cell providers, email providers, cloud
storage services, and social media companies, to turn over data. To the extent
those companies keep backups, the government will even be able to obtain deleted
data.

This data can be used for prosecution -- possibly selectively. This has been
made evident in recent weeks, as the Trump administration personally targeted
perceived enemies for "mortgage fraud." This was a clear example of
weaponization of data. Given all the data the government requires people to
divulge, there will be something there to prosecute.

Although alarming, this sort of targeted attack doesn't scale. As vast as the
government's information is and as powerful as its capabilities are, they are
not infinite. They can be deployed against only a limited number of people. And
most people will never be that high on the priorities list.

The Risks of Mass Surveillance

Mass surveillance is surveillance without specific targets. For most people,
this is where the primary risks lie. Even if we're not targeted by name,
personal data could raise red flags, drawing unwanted scrutiny.

The risks here are twofold. First, mass surveillance could be used to single out
people to harass or arrest: when they cross the border, show up at immigration
hearings, attend a protest, are stopped by the police for speeding, or just as
they're living their normal lives. Second, mass surveillance could be used to
threaten or blackmail. In the first case, the government is using that database
to find a plausible excuse for its actions. In the second, it is looking for an
actual infraction that it could selectively prosecute -- or not.

Mitigating these risks is difficult, because it would require not interacting
with either the government or corporations in everyday life -- and living in the
woods without any electronics isn't realistic for most of us. Additionally, this
strategy protects only future information; it does nothing to protect the
information generated in the past. That said, going back and scrubbing social
media accounts and cloud storage does have some value. Whether it's right for
you depends on your personal situation.

Opportunistic Use of Data

Beyond data given to third parties -- either corporations or the government --
there is also data users keep in their possession.This data may be stored on
personal devices such as computers and phones or, more likely today, in some
cloud service and accessible from those devices. Here, the risks are different:
Some authority could confiscate your device and look through it.

This is not just speculative. There are many stories of ICE agents examining
people's phones and computers when they attempt to enter the U.S.: their emails,
contact lists, documents, photos, browser history, and social media posts.

There are several different defenses you can deploy, presented from least to
most extreme. First, you can scrub devices of potentially incriminating
information, either as a matter of course or before entering a higher-risk
situation. Second, you could consider deleting -- even temporarily -- social
media and other apps so that someone with access to a device doesn't get access
to those accounts -- this includes your contacts list. If a phone is swept up in
a government raid, your contacts become their next targets.

Third, you could choose not to carry your device with you at all, opting instead
for a burner phone without contacts, email access, and accounts, or go
electronics-free entirely. This may sound extreme -- and getting it right is
hard -- but I know many people today who have stripped-down computers and
sanitized phones for international travel. At the same time, there are also
stories of people being denied entry to the U.S. because they are carrying what
is obviously a burner phone -- or no phone at all.

Encryption Isn't a Magic Bullet -- But Use It Anyway

Encryption protects your data while it's not being used, and your devices when
they're turned off. This doesn't help if a border agent forces you to turn on
your phone and computer. And it doesn't protect metadata, which needs to be
unencrypted for the system to function. This metadata can be extremely valuable.
For example, Signal, WhatsApp, and iMessage all encrypt the contents of your
text messages -- the data -- but information about who you are texting and when
must remain unencrypted.

Also, if the NSA wants access to someone's phone, it can get it. Encryption is
no help against that sort of sophisticated targeted attack. But, again, most of
us aren't that important and even the NSA can target only so many people. What
encryption safeguards against is mass surveillance.

I recommend Signal for text messages above all other apps. But if you are in a
country where having Signal on a device is in itself incriminating, then use
WhatsApp. Signal is better, but everyone has WhatsApp installed on their phones,
so it doesn't raise the same suspicion. Also, it's a no-brainer to turn on your
computer's built-in encryption: BitLocker for Windows and FileVault for Macs.

On the subject of data and metadata, it's worth noting that data poisoning
doesn't help nearly as much as you might think. That is, it doesn't do much good
to add hundreds of random strangers to an address book or bogus internet
searches to a browser history to hide the real ones. Modern analysis tools can
see through all of that.

Shifting Risks of Decentralization

This notion of individual targeting, and the inability of the government to do
that at scale, starts to fail as the authoritarian system becomes more
decentralized. After all, if repression comes from the top, it affects only
senior government officials and people who people in power personally dislike.
If it comes from the bottom, it affects everybody. But decentralization looks
much like the events playing out with ICE harassing, detaining, and disap

--- BBBS/LiR v4.10 Toy-7
 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1)