Digital security concerns rise with increasing crackdowns on speech

---

Crackdowns on free speech. The tracking and deportation of immigrants. Threats to come after journalists and whistleblowers alike. 

In the first four months of his presidency, Donald Trump and his allies have sought to use the state’s power to attack dissent. Already, he has deported immigrants from western Massachusetts and revoked 14 international students’ visas at the University of Massachusetts Amherst. That comes on top of U.S. Immigration and Customs Enforcement’s abductions of legal residents, including in Boston, for speaking out against Israel’s war in Gaza. 

Amid that backdrop, The Shoestring has heard rising concerns from across the region about the government’s ability to surveil and collect data on people.

Americans are in uncharted waters when it comes to the technological capabilities of both state and private actors to collect and analyze information on average citizens. The advancement of artificial intelligence-powered technology, layered upon a self-sustaining social media ecosystem that incentivizes sharing online, has helped generate an environment in which personal information can be easily accessed, analyzed, bought, and sold.

One of the most valuable currencies in the digital age has been data. Data on purchases, call data, and location information. How much time you spend on one app over another. What times you are most likely to pick up your phone and click on an errant notification. 

This information, referred to as metadata, is packaged by the various private actors who provide digital platforms we all use every day. Companies like Meta and Google make vast profits from the data they leverage in deals with third-party advertisers. Beyond that, there is a web of private data brokers and aggregators who buy and package bulk metadata from various service providers to sell on essentially an open market. 

But what are the ways that people can take some control over this part of their lives? The Shoestring spoke with two local experts on digital privacy about how to keep your data safe, and how communities can press their local leaders to divest from an expansive digital surveillance state.

Claire Lobdell is a librarian at Greenfield Community College and was part of the inaugural cohort of the Library Freedom Project — a consortium of librarians dedicated to digital privacy that formed in 2013 after Edward Snowden blew the whistle on the National Security Administration’s illegal surveillance.

At its core, Lobdell said privacy is “the autonomy to decide who gets to know what about you.” 

Kade Crockford is the director of the Technology for Liberty Project at the American Civil Liberties Union of Massachusetts, focusing on surveillance systems. 

“I think it’s pretty obvious that at this point that the people that the police and the FBI and the Trump administration are the most interested in are folks demonstrating in support of Palestinians or organizing in support of Palestinians and Palestinian human rights,” Crockford said.

To start to claw some of that privacy back, both Crockford and Lobdell recommended a practice called threat modeling, which lays out five questions to help people get a better sense of how they can interact with their digital footprint and start to think about keeping it safe: 

• What do you want to protect? 
• Who do you want to protect it from? 
• How likely is it that you will need to protect it? 
• How bad are the consequences if you fail? 
• How much trouble are you willing to go through to prevent it from being accessed?

“Everybody has a different threat model. So, if you’re a U.S. citizen, that’s one thing. If you’re not, that’s something else,” Crockford told The Shoestring. “The issues that you’re working on may impact the kind of scrutiny that you’re subjected to by the government.”

Each person’s threat model will be unique to their circumstances, and is largely influenced by proximity to scrutiny, either by the state or private third parties. If you are an organizer, or an immigrant, your personal data or private messages may be much more sensitive, and the consequences much more dire if they were able to be accessed. All of these factors come into play when determining what steps you want to take to protect that information, the experts said.

“It might be stuff like your data, information about your purchases, but it also could be things about your physical safety or your ability to make decisions about your own reproductive choices, or your citizenship status, or your green card,” Lobdell said.

Given the Trump administration’s recent actions targeting immigrants in the country who have expressed what they call “negative sentiments towards U.S. foreign policy” — going so far as to kidnap immigrant activists in broad daylight — and the White House admitting they’re looking into ways to send U.S. citizens to El Salvador’s notorious mega-prison, the consequences for key personal information being accessed appear to be escalating. 

One of the constitutional issues in the fight for digital privacy is the ability for the government to access data freely that they otherwise would need legal standing for, often using data brokerage companies. 

“Data brokers raise a lot of privacy concerns,” Crockford said. 

Crockford said that one of those concerns is the government skirting the Fourth Amendment’s protections against unreasonable searches and seizures. Instead of submitting a court order or a warrant to a company to obtain information about someone, the government could just buy that information straight from a data broker.

One data broker, for example, that worked with apps that collected prayer time information from Muslims was found to have sold that information to military contractors around 2020. Many brokers claim to anonymize their data to prevent any serious privacy breaches, though research has found even anonymized data is highly individualized. Crockford also warned that as tech billionaires who control social media platforms, like Mark Zuckerberg and Elon Musk, get increasingly cozy with the Trump administration, the risk of data being extrajudicially shared with the government increases.

“You’re not only trusting that the information isn’t going to be obtained by the government through some sort of legal process or hacked or something like that, but you’re also trusting that the other parties to the communication aren’t going to share it,” Crockford said.

---

The Shoestring relies on reader support to make independent news for western Massachusetts possible. You can support this kind of labor-intensive reporting by visiting our donate page.

---

For organizers, activists, and immigrants, there is also the threat of direct data intervention by the government itself, either federally or through other local law enforcement agencies. The State Department has recently announced its intentions to surveil social media for instances of antisemitism, though historically this administration has used that term to rhetorically shield their actions against pro-Palestinian activists.

Local police departments often use data management software that can be subpoenaed or directly accessed by federal agencies like the Department of Homeland Security or ICE, even if their state or community has attempted to restrict cooperation with those agencies. For example, CrimeTracer (formerly Coplink X) is an information network developed and maintained by a private company that attempts to centralize a police department’s data for easy search capabilities, access to which is available to ICE in multiple states.

Local police departments, including in Northampton, have previously contracted to use Coplink. At the end of 2022, the company that owns the software — the same company that owns the controversial gunshot-tracking system ShotSpotter — announced it had secured a multi-year contract with Massachusetts for the statewide deployment of the software.

Police departments also have a bevy of data collection tools, the security limitations of which aren’t clear to the public. Things like license plate readers, CCTV cameras, Cellebrite devices, even body-worn and vehicle-mounted cameras can be linked to private third parties and collect vast swaths of data with few safeguards to prevent that data from being used beyond their intended purposes. The widespread use of facial recognition technology by both law enforcement and private companies also creates another stockpile of personal data with no solid restrictions on its use.

***

Crockford and Lobdell both highlighted secure messaging apps like Signal. The third-party messaging app is run by a non-profit organization that offers end-to-end encryption, and is a good way to beef up your digital security easily, the experts said — as long as you don’t accidently add a reporter into your group chat.

End-to-end encryption means that only you and the recipients receive the encrypted data, which can only be understood by your devices. Crockford also recommended using some of the advanced privacy tools that Signal offers, like disappearing messages and the choice to communicate through a username rather than a phone number. 

“The primary thing that I recommend to people is to use encrypted communications,” Crockford said. “And I recommend that people use Signal for everything, not just for sensitive communications related to organizing, but when you’re talking to your roommates, when you’re talking to your partner or your family or your coworkers about anything, paying the rent, grabbing milk from the store.”

Beyond encrypting your messages, you can also protect yourself when browsing the internet. The Tor browser, Crockford said, creates a sort of digital tunnel between your computer and a website which prevents cookies and other digital trackers from following you around the internet. You can also use ad blockers and virtual private network services, known as VPN, to try and circumvent some of the stickiest digital tracking methods from even your internet service provider.

Lobdell and Crockford  both expressed disdain for social media platforms like Facebook, Instagram, and X (Twitter), all of which collect user data and track users across the web. They recommended just deleting the apps, or at the very least restricting the permissions they are typically granted by users. 

“I personally don’t use Meta products because I wouldn’t want to download something like that on my phone,” Crockford said. “Given that Meta is, like Google, basically a surveillance advertising company.”

For activists and organizers who are on the ground at protests or other organized actions, there are also key steps you can take to prevent surveillance. Lobdell and Crockford agreed that for sensitive protest actions, it could be best to leave your phone at home, or at the very least set it to airplane mode, to prevent getting caught in wider surveillance webs used by police.

“There are devices called Stingrays — or IMSI catchers or cell-site simulators —where it looks like your text messages are going through, but really they’re being caught by this device that is deployed by some sort of law enforcement so they can see who’s texting whom,” Lobdell said. 

Lobdell also recommended turning off any biometric measures like FaceID on your devices before bringing them to protests, as they can be used to access your information with less legal restrictions compared to a password. 

“If a police officer or someone holds up a phone to your face and unlocks it with face print, that is legal,” Lobdell said. 

Wearing a mask is also a low-tech but effective way to combat facial recognition, and possibly resist the use of your biometrics to access devices, Lobdell and Crockford said.

Ultimately though, Crockford said, the best way to protect digital privacy is for lawmakers to craft policies that restrict how much data service providers can collect, buy, and sell. 

“There’s nothing that anybody can do to fully protect their own privacy, absent laws that restrict technology companies from doing certain things with our private information,” Crockford said. They highlighted legislation that’s been put forth by the ACLU of Massachusetts, on both the state and municipal level, to limit what types of information can be collected or sold.  

These proposals also offer a legislative framework for communities to come together and demand their right to privacy from local governments and law enforcement, they said. The ACLU helped spearhead campaigns to restrict the use of facial recognition in Massachusetts communities like Springfield, Easthampton, Boston, and Somerville. That model could be strengthened and  could ask municipal agencies to divest from networks like CrimeTracer, Motorola, and Flock Safety, or place limitations on how private data from municipal technologies can be used.

As artificial intelligence is rapidly folded into this massive apparatus, and the ability to parse massive amounts of data to determine insights on human behavior and movement improve, the right for individual citizens to control their sensitive information becomes more and more crucial, both experts said. They told The Shoestring that advocacy and support for digital privacy movements can help build the momentum to put that power back in the hands of everyday people.

“I mean, frankly, these are all problems with our democracy,” Crockford said. “We need to not elect autocrats. We need to protect voting rights and ensure that lawmakers are working on behalf of their constituents and not bowing down to industry pressure and rejecting privacy rules that the vast majority of their constituents support.”