For years, attorney and activist Heidi Boghosian has fought to protect American civil liberties as the executive director of the National Lawyers Guild, a progressive bar association. Now as the executive director of the A.J. Muste Memorial Institute, Boghosian works to oversee the legal defense of people targeted by the government. She is also one of the co-hosts of the weekly civil liberties radio show Law and Disorder, which airs on WRFI here in Ithaca.
But in Boghosian’s new book titled “I Have Nothing to Hide, And Twenty Other Myths About Surveillance and Privacy,” she addresses the growing problems that many Americans face as their privacy and their civil liberties are steadily taken away and what can be done to safeguard and reverse the trend.
Ithaca Times: Your book “I Have Nothing to Hide, And Twenty Other Myths About Surveillance and Privacy” lays out some alarming cases over time when it comes to trampling on individual privacy by corporations and the U.S. government. You cite the common myth that if I have nothing to hide why should I mind who sees what I write, read, or buy online? Can you give one or two cases that would address this issue?
Heidi Boghosian: Everyone has something to hide, whether it's from family members, friends, or at times even the government. At issue is if, how, and when we may elect to share personal information. Two students at the University of Texas made every effort to keep private their sexual identities from their parents. Despite their precautions, Bobbi Duncan and Taylor McCormick were outed on Facebook — even though they had set their privacy functions to prevent this — after a classmate added them to a group for gay choir members. Friends can add others to Facebook Groups without their permission or approval, and newsfeeds are then shared with online friends. The move was devastating to both young persons: Duncan because she didn't want her father to learn she was a lesbian and McCormick because he came from a family who belonged to a fundamentalist church, and he'd kept his preferences from his father. Both lost control over their ability to divulge information when and if they chose to.
Another instance involves journalists and whistleblowers who need to share information in the public interest. Without protections for confidential sources, we see retaliation and sometimes harsh prosecutions. Society loses out in several ways — government employees are reluctant to come forward with reports of fraud, abuse, or waste, and journalists feel less secure in undertaking investigations and reporting critical stories. In a larger sense, it stifles creativity and dissent because knowing we're being monitored breeds conformity.
IT: Talk about what the role our government has had in reversing the legal protections Americans have long expected when it comes to an individual right to privacy?
HB: Since the advent of the electronic age, governmental agencies have failed to enact adequate legal protections to protect Americans' privacy. That's largely due to lawmakers' digital illiteracy — they can't craft effective laws that keep abreast of rapidly changing technology if they don't know the ABCs of our connected world. The Computer Fraud and Abuse Act of 1986 amended a 1984 computer fraud law, and prosecutors have been misusing it for years. They use it as a cudgel against young hackers who outsmart their weak security systems to make a "tough on cyber crime" statement, without listening to explanations of how their systems were vulnerable in order to fix them. Courts have failed to enforce anti-trust laws against big tech, or hold corporate profiteers accountable for reckless data aggregation and marketing practices. Such failure to act has allowed Big Tech to stake a claim to, and profit handsomely from, the nation's personal data.
IT: What are some of the ways other corporations shadow people on the web while controlling what they read and see? And how does the profit motive seem to take center stage over public safety and personal privacy when it comes to the web?
HB: Online tracking and behavioral advertising gathers raw personal data and then refines it, through marketing profiles, into a valuable commodity akin to refined oil for much of corporate America. Cross-device tracking — that's when marketers, platforms and advertising companies connect our activities over many devices, from smartphones to desktops — affords a more in-depth analysis of our behaviors.
Algorithms control what we read or see, and more consequential life choices. For example, algorithms help in decisions about whether to accept applicants to rent an apartment. Background check software creates tenant profile(s) relied on by landlords in deciding who to give a lease to. The problem is, as with any online data, these reports may compile faulty data that then has a detrimental impact on the decision. Confusing someone with another person with a similar name, who may have bad credit, is a common problem. These background checks are frequently not checked by a human being.
Clinical algorithms in the healthcare field can inject bias in decisions about access to and quality of care, especially for minority communities and persons who are economically disadvantaged.
Predictive admissions algorithms are used in many schools to assign applicants a score out of 100 in terms of how strong a match they are for the institution. The score factors in home address (which can lead to discrimination based on the neighborhood), transcripts, test scores, what websites they've visited.
IT: Facebook has been in the news and the Washington Post recently ran an article on how to leave Facebook. However the problem seems to be that 70% of Americans are on Facebook and leaving it is next to impossible by design because so many are invested in it with their photos of friends or family. And talk about the “like” and “follow” buttons, and how the buttons overshadow a user without a person fully knowing their privacy is being shredded? Do you have any suggestions on leaving Facebook and joining other sites that do a better job of protecting its user’s privacy?
HB: In addition to an attachment to friends and family through Facebook, there's more glue keeping many users hooked. Facebook runs other highly popular and engaging social media platforms, such as Instagram and WhatsApp. So if someone wants to permanently divest from Facebook they should consider making a clean break from the entire family. Also, merely closing your account doesn't retract all the information you've posted. Posts to Facebook Groups will remain visible unless you delete all of them before closing your account(s), as will messages sent to friends. That can be time consuming and requires, for many, a month or two of deletions.
Like and follow buttons are website plugins. One of their goals is to influence user behavior, and emotions. They can sway opinions, including about politics, healthcare, and misinformation. Researchers have found the "like" is a way to measure social support, and can be detrimental to some users' mental health. In some cases, a relationship exists between "likes" and envy, some of it malicious and even including a desire to harm someone. Many companies embed "like" buttons on their websites to promote their products on social media websites. In terms of users' awareness that their privacy is being invaded through these buttons, most users are so transfixed with finessing posts to be clever or humorous (to get more 'likes') that the engagement overshadows privacy concerns.
There are well-documented benefits from quitting Facebook. Researchers have found that the longer one is on the platform, the less happy they feel. Students' exams grades can increase by removing the distraction of Facebook, and people generally have more time for real-life engagement. Hints of steps to take before cutting the chord: Enlist a friend to stop at the same time so you have mutual support. Stop posting personal photos and messages, and remove yourself from all groups. Download your data by clicking Your Facebook Information and viewing your Profile information. Check what other apps and sites you have connected to your count, then change the logins for each of those accounts, then remove them from your Facebook account. Then set your internet settings to block Facebook from opening on your browser.
Finally, go into Settings, tap Account Ownership and Control, tap Deactivation and Deletion, and select Delete Account. Then tap continue to account deletion and select Delete Account. Enter your password. During the 30 days it takes for Facebook to delete your account (and can take up to three months to delete your data from FB's backup systems) find other ways to stay in touch with your real friends and colleagues.
IT: Talk about the myth from your book that says biometric tools (that measure or take unique physical or behavioral characteristics) are safe, but the identity and authentication systems are actually weak, and how this is an ongoing problem for people who value their privacy.
HB: Biometric identification is sweeping the nation, as our faces are increasingly captured from public places and a variety of sources online. In the case of facial recognition technology, however, scanners that read nodal points unique to each face lack standards for how many nodes need to be matched or for how analysts are trained. Fingerprinting, for this reason, is more accurate than facial recognition. Add to this the problem of racial bias entering into the technology especially as it pertains to persons of color. Congress has failed to pass laws regulating police use of facial recognition. Some jurisdictions are banning its use, such as Portland, Oregon in places of public accommodation, including retail stores, restaurants and public gathering places. Portland, Maine also bans the city from using facial surveillance software of any groups or members of the public. Amnesty International has launched Ban the Scan, focusing initially on New York City, calling for a “total ban on the use, development, production, and sale of facial recognition technology” by police and government agencies.
IT: The media is also under attack, can you explain what Operation Merlin was and how James Risen, then with the New York Times, was affected by the U.S. government?
HB: Operation Merlin was the code name for a covert CIA operation designed to sabotage Iran's nuclear program by passing flawed plans for a nuclear weapon trigger system. It was approved during the Clinton administration and supported by George W. Bush.
The flaws were supposed to be so well concealed that the blueprints would steer Iranian scientists in the wrong direction. But a Russian nuclear scientist on the CIA’s payroll and serving as Merlin frontman, quickly saw the flaws. When he handed the blueprints off, he included an apologetic note saying the design had some problems. In his 2006 book “State of War,” James Risen disclosed Operation Merlin, noting that instead of thwarting Iran's nuclear program, it may have hastened it.
In response, the Bush and then Obama administrations tried for seven years to strong-arm Risen, a New York Times national security correspondent, into revealing his source. They opened a criminal investigation into “State of War” for “unauthorized disclosure of classified information” putting Risen under continued threat of imprisonment. Prosecutors ultimately moved to exclude Risen as a witness.
But journalists and news outlets watched his case with trepidation, both for the message it broadcasts to reporters and also because they saw how much information the government was able to obtain without his testimony. Prosecutors gathered the journalist's phone and email records, credit reports, credit card and bank records.
IT: What advice can you share on how people can work to prevent companies and their government from invasion of privacy and the overreach of surveillance, and work to reverse the harm it has caused?
HB: Think of your personal data as if it were your life saving, and be as stingy about giving it away as you would your money. That means thinking twice before you join loyalty programs, or add an app to your smartphone. Don't write your social security number on forms (just leave them blank), guard your email address, change your passwords often and use phrases or full sentences instead of your pet’s names or birthdates. Get savvy about so-called "smart" internet-connected devices, and don't use voice-controlled virtual assistants like Siri or Cortana. Read up on ways to protect your data. Use Signal for messenging. Avoid public WIFI networks. Clear your browsing history cache on a regular basis. Don't link social media accounts. Turn off Google tracking. Get a virtual private network (VPN) to encrypt your data as it moves to and from your computer. Check out Crypto parties in your area to meet others interested in online security and to learn and share skills. Rediscover the personal rewards of writing a letter to a friend.
