Jacob Appelbaum — American human rights advocate, hacker, and cybersecurity expert — considers himself part of the “cypherpunk” generation. A master of encryption, he worked with Julian Assange of WikiLeaks and was among the early recipients of documents revealed by Edward Snowden. Today, the 32-year-old is waging a war against governments that engage in mass surveillance of their citizens. After US intelligence agencies began following him closely, Appelbaum left for Germany. A passionate advocate of online privacy, in an interview with Digital.Report, Appelbaum speaks against state surveillance and promotes the use of encryption software.
For many years, Appelbaum has been an ambassador for one of the most popular internet anonymizers, TOR. Created for anonymous communication online, TOR helps users, such as the WikiLeaks founders, for example, remain incognito. Human rights activists and dissidents all over the world rely on TOR for the same reason. TOR has a wide range of backers including Google, the UN Human Rights Committee, the United States and Germany, as well as individual donors. State funding of TOR, however, does not curb Appelbaum’s criticism of government approaches to surveilling their own populations.
What is TOR and what is its appeal?
TOR is run by a human rights, non-profit organization that focuses on one of the most fundamental rights, in our view – the right to privacy. We produce free anonymizing software and help disseminate it to people all over the world who use our encryption programs. By using them, you can communicate and search the Web without the fear of being monitored and intercepted. TOR was launched in 2002, and I joined the project in 2004. It’s hard to tell exactly how many people use TOR globally, but we can presume no fewer than dozens of millions. According to our statistics, around 3,000,000 people go online daily via TOR, but these figures are constantly changing.
Does TOR have competition?
No serious competition. TOR has many advantages; it’s easy to navigate and works with all existing operating systems – iOS, Linux, Windows. We are continuously perfecting it, and following the latest technological development to see what we can apply to ensure online security for our users. Some people use a VPN, which is also a great way to protect your personal data. And it’s necessary to keep them protected these days, because potentially anyone can access them – it’s really not that difficult to do. The problem is that most people are not technically savvy. Imagine a world where we can be – and are – monitored. If people knew they were being monitored, many would change their behavior. So understand this: after 9/11, we are all being surveilled. Every time you send a text message, or make a call, or open your browser – it is not confidential, and it is easy to intercept your correspondence or conversation.
State surveillance never stops. I worked with WikiLeaks after 2010, and we had to suspect everyone because at the time it felt like everyone was connected to intelligence services. I can no longer make a call without thinking that I am being wiretapped. I lost trust in the system and intelligence services that so often act outside the law. And they don’t inform you that you are under surveillance or that surveillance has stopped. Why should I be vulnerable? I only have one demand for intelligence services: when you want to surveil me, please, let me know in advance. Every time. Then I will be able to challenge your decision in court, if I find it unjustified.
TOR secures the transmission of data, but technologies are always evolving – is it really that difficult to decrypt encrypted information?
Yes, in theory, you can decrypt encrypted correspondence. But, for one, it is not easy to do from a technical standpoint, plus it requires a court warrant. Secondly, TOR challenges the balance of power by erecting barriers in the path of those who want to “listen in” on you. For example, my associates and I use encryption programs and live in a world practically free of mass surveillance.
Perhaps, we should be talking about limiting mass surveillance, and not its full removal? Doesn’t it sometime help to locate criminals? How do we keep the balance between security and freedom – especially these days, when the terrorist danger is so acute?
I think the framing of this question is wrong. Before the Paris terrorist attack in November, I am sure, all of France was under mass surveillance. Phone calls, meta data, online searches – the authorities were monitoring the entire internet. What was the result? Nothing. Mass surveillance did not prevent the terrorist attack. People on the internet became less free, but did not become more secure. So positioning security and privacy as opposites is misleading. I look at it this way: no one can tell me that I have to get undressed right now for security purposes, right? And it’s not a matter of privacy, but dignity and freedom. We have to have a say: Do we want to be mass surveilled? Do we want to lose online freedoms and privacy for nothing? The answer, I believe, is obvious – no, we don’t want that. So, we need secure systems. TOR ensures secure transmission of data because today the Internet does not guarantee that.
What about terrorists using anonymous messengers and browsers?
Yes, I understand that everyone, including terrorists, may be able to use encryption software. But I think that there are many more good people than bad ones, and that their privacy should not be violated. The state security apparatus has many other means to provide security for their citizens. They should be focusing on improving those instead.
What countries have a higher demand for encryption software?
Challenges to internet freedom are acute everywhere. Intelligence agencies surveil their citizens in all countries, which means that human rights are regularly violated. It is a mistake to think that advanced democracies are any exception. Yes, perhaps in the United States and Europe the situation is somewhat better than in developing countries, but they also use computer technologies for illegal collection of mass data. When I was working on WikiLeaks, intelligence agencies were following me as a terrorist suspect, although I was only doing journalism work. So TOR is in demand everywhere – and everywhere for a different reason.
Everyone should be guaranteed the right to privacy, regardless of the county they live in. The only way to avoid surveillance is to use encryption. Yes, TOR has flaws, which need to be dealt with, but it lowers the chances of us being harmed—and there are many of those who would like to cause us harm. Large corporations, spyware producers, criminal organizations, or governments –all of them carry out illegal data collection. Use TOR – sometimes it’s the only way to remain anonymous. Or Signal-Messenger – only by using it can you be sure that no one has access to your data: contacts, photos, or messages.
But sometimes, on social media, people willingly give away their information…
Yes, this is an interesting phenomenon. The internet, on the one hand, did a lot of good. It simplified communication between people, gave them an opportunity to connect with whoever whenever. Large corporations created systems that give people a sense of simplicity and security of such communication. But it’s a trap – the internet is not safe. Social media are an allurement where our personal data and our profiles end up with a third party. This third party uses them without our informed consent for their own purposes, often making money off of it – in ways unbeknownst to you. So you can’t only blame Facebook and Twitter – users should also understand that by posting personal information online they allow corporations to use it in not always benign ways.
You lived in the United States and then moved to Germany. How would you compare cybersecurity in the US and Europe?
I’ve been living in Germany for three years. I think the human rights situation in Europe is also not great. For instance, recently some French politicians recommended preemptively arresting Muslims. But it is fruitless to compare Europe to the US or any other place. We have to think about what concerns people in Europe today. We are now in France – what are the French concerned with these days? Migrants. What should be done about the flow of refugees ? Why are they being placed in isolated camps? This should not be happening in a democracy. And this will not stop terrorism, because the people being put in these camps are refugees who are themselves fleeing terrorism.
When I observe all this, I’m thinking that we need to return to an open democratic society – a society where migrants are protected and integrated, their communication with the rest of society is encouraged and not halted. I am diverging a bit from discussing the internet, but it is an acute issue in Europe these days. Mass surveillance does not foster democracy in any way, but only harms society – Europe’s history in the past century illustrates this well. It is not the first time that the Old World is facing terrorism. The Council of Europe, the European Court for Human Rights – the very existence of these organizations shows that the danger of terrorism has been around for a while. We haven’t learned from history thoroughly enough.
How do you propose we go back to this open democracy?
It requires a radical step – getting rid of mass surveillance. Completely. My colleagues and I created a team called the Engineering Task Group. If you want to make the internet more free and secure, we are open to collaboration. Even if you are not working on technologies – we need people who are concerned with online security. We are ready to help you learn cryptography because this is one of the ways out of the current situation, though not the most important one. Existing regulations needs to be altered and political measure taken. Every one of you can take part in the struggle for privacy – only then can we win this battle.
Yana Israelyan is a journalist and producer based in Tbilisi, Georgia, who covers digital developments across the Caucasus for Digital.Report.