A couple of months ago, I met up with an old friend who I hadn’t seen since high school. We went for a cup of coffee to catch up on what each of us had been doing for the past decades. He told me about his work of distributing and supporting various types of modern medical devices, and I explained how I’ve spent the last twenty-five years working with Internet security and privacy. My friend let out a chuckle when I mentioned online privacy. “That sounds all fine and dandy,” he said, “but I’m not really worried. After all, I’m not a criminal, and I’m not doing anything bad. I don’t care if somebody looks at what I’m doing online.”
Listening to my old friend, and his explanation on why privacy does not matter to him, I was saddened. I was saddened because I’ve heard these arguments before, many times. I hear them from people who think they have nothing to hide. I hear them from people who think only criminals need to protect themselves. I hear them from people who think only terrorists use encryption. I hear them from people who think we don’t need to protect our rights. But we do need to protect our rights. And privacy does not just affect our rights, it is a human right. In fact, privacy is recognized as a fundamental human right in the 1948 United Nations Universal Declaration of Human Rights.
If our privacy needed protection in 1948, it surely needs it much more today. After all, we are the first generation in human history that can be monitored at such a precise level. We can be monitored digitally throughout our lives. Almost all of our communications can be seen one way or another. We even carry small tracking devices on us all the time—we just don’t call them tracking devices, we call them smartphones.
Online monitoring can see what books we buy and what news articles we read—even which parts of the articles are most interesting to us. It can see where we travel and who we travel with. And online monitoring knows if you are sick, or sad, or horny. Much of the monitoring that is done today compiles this data to make money. Companies that offer free services somehow convert those free services into billions of dollars of revenue—nicely illustrating just how valuable it is to profile Internet users in mass scale. However, there’s also more targeted monitoring: the kind of monitoring done by government agencies, domestic or foreign.
Digital communication has made it possible for governments to do bulk surveillance. But it has also enabled us to protect ourselves better. We can protect ourselves with tools like encryption, by storing our data in safe ways, and by following basic principles of operations security (OPSEC). We just need a guide on how to do it right.
Well, the guide you need is right here in your hands. I’m really happy Kevin took the time to write down his knowledge on the art of invisibility. After all, he knows a thing or two about staying invisible. This is a great resource. Read it and use the knowledge to your advantage. Protect yourself and protect your rights.
Back at the cafeteria, after I had finished coffee with my old friend, we parted ways. I wished him well, but I still sometimes think about his words: “I don’t care if somebody looks at what I’m doing online.” You might not have anything to hide, my friend. But you have everything to protect.
Mikko Hypponen is the chief research officer of F-Secure. He’s the only living person who has spoken at both DEF CON and TED conferences.