Interview with EFF Executive Director Cindy Cohn: "I like to win."

Privacy Guides sat down with EFF Executive Director Cindy Cohn to reflect on her over 30 years of service defending privacy and digital civil liberties at the Electronic Frontier Foundation, the importance of community in activist spaces, and the big picture in our fight for privacy. Cindy Cohn's memoir, Privacy's Defender, is now available at a variety of retailers.

Privacy’s Defender
EFF Executive Director Cindy Cohn’s Journey Inside the Privacy Battles That Shaped Today’s InternetEFF Executive Director Cindy Cohn has devoted her life to the fight for digital rights. She’s tangled with federal officials to keep our online conversations secure from the government’s prying eyes,…
Electronic Frontier Foundation

Her first major case with the EFF, Bernstein v. United States, established the "right to code" and dismantled the USA's unconstitutional ban on encryption exports, paving the way for people to develop technologies like PGP and other strong encryption tools without having to register as an "arms dealer" and face government restrictions on publishing their ideas.

In her career since she's represented many historic cases: suing AT&T for secretly collaborating with the NSA (Hepting v. AT&T), Sony for installing malware DRM, a vote machine company abusing copyright law to silence criticism, the DVD Copy Control Association attacking freedom of speech, and many other fights against the NSA and for internet freedom.

Cohn has been with the EFF or over 30 years, and succeeded Shari Steele to become EFF's Executive Director in 2015. Our interview discusses her works and legacy, the origins of the EFF, and the still-ongoing fight for privacy and digital liberties 💪

Transcript

Privacy Guides sat down with Cindy Cohn, EFF Executive Director in Ann Arbor, Michigan to reflect on her over 30 years of service defending privacy and digital civil liberties at the Electronic Frontier Foundation, the importance of community in activist spaces, and the big picture in our fight for privacy.

Her memoir, Privacy’s Defender: My Thirty-Year Fight Against Digital Surveillance, is now available at a variety of retailers. In the book, Cindy weaves her own personal story with her role as a leading legal voice representing the rights and interests of technology users, innovators, whistleblowers, and researchers during the Crypto Wars of the 1990s, battles over NSA’s dragnet internet spying revealed in the 2000s, and the fight against FBI gag orders.

The following transcript has been lightly edited to improve readability.

Nate (Privacy Guides): Cindy Cohn is the executive director of the Electronic Frontier Foundation. She first became involved with them in 1993 when she was asked to serve as the lead attorney on Bernstein versus the Department of Justice. She has a long list of accolades and awards and co-hosts EFF’s How to Fix the Internet podcast and recently released her first book, Privacy’s Defender.

So, first of all, thank you so much for sitting down and talking to us.

Cindy (EFF): Oh, thank you.

Our first question today, what do you feel was the most impactful case of your career that you litigated?

I mean, I think it’s got to be the Bernstein case, because we freed up encryption: So much of the internet and the security and privacy we have today depends on encryption. It would have been a very different internet without that.

Don’t get me wrong, we still don’t have a secure or private enough internet, but in terms of just the sheer amount of help we were able to give to the world I think the Bernstein case stands alone.

You can feel free to say same answer, but what case are you most proud of?

Oh that’s such a hard decision. I mean I’m definitely proud of the Bernstein case.

I’m also very proud of the work we did against NSA spying, because we were able to chip away in a time when it was a lot harder to to confront the national security infrastructure, and because we inspired so many people to get involved. I think that was the biggest kind of public effort that we did.

I mean, we did lots of little things that aren’t in the book that I’m very proud of. One of them was, you know, we we defended some people who made a video using This Land is Made for You and Me [sic], and we ended up getting This Land is Made for You and Me into the public domain, recognized into the public domain.

So, you know, that that felt really good as well. The Jib Jab case.

Yeah, I noticed the book had like three kind of like “big cases” per se, and NSA was one of them.

Yep.

So, on the note of the NSA, the EFF has a long history of trying to reign in government surveillance, or government generally, but these days government surveillance to me seems to focus a lot more on surveillance capitalism. Like they they buy a lot of location data from private companies and stuff like that. So, do you still feel that it’s best to focus on government, or should we be trying to reign in companies?

Well, I think that this presents a kind of a false choice.

Okay.

Because we don’t have an option to decide which one. In fact, all of the spying that I talk about in the book depends on the government drafting off of private companies.

The NSA spying is the telecommunications companies, it’s AT&T. And in fact, we sued AT&T first and then only secondarily sued the NSA.

And then National Security Letter cases that I talk about in a situation in which the government goes to our service providers and gets information from them and then gags them forever from telling us.

So, it was never really a choice.

I think that now though that it’s a lot clearer how much information about us the government is gathering from private companies, and they’re the number one purchaser from data brokers. and using that data in situations that are very far afield from the kind of narrow scope of national security investigations. But now we’re seeing it used in all sorts of investigations.

I think I just saw that a license plate reader was used to give a a bicyclist a ticket. [Editor’s note: We could not find a news story regarding this precise incident, but there are numerous instances of Flock ALPRs being used for investigations far outside the scope of traffic violations]

You know, I mean, it’s really become part and parcel of law enforcement’s arsenal such that we have to address both, right?

And I don’t know that we will get to the bottom of the government misuse of things unless we address the corporate collection of all this data. But in either event, we don’t have the option or the luxury of choosing one or the other.

Did the EFF anticipate surveillance capitalism back in the 90s?

So, are the issues that the EFF is dealing with now the same ones that you expected to be dealing with when EFF formed? And I was kind of reminded in the book you said sometimes you felt like Cassandra, that you were issuing warnings that nobody heeded. So, for example, was surveillance capitalism one of those things you saw coming?

I don’t think we saw surveillance capitalism coming, but we did warn for a long time that the government having so much data about us could easily be marshaled against us. Right?

I mean, Frank Church, the Church Commission, and some of the early work, he called it the abyss from which we cannot come back if we didn’t stop mass spying. Ed Snowden called it “turnkey totalitarianism.”

So, that’s the Cassandra part: We’ve been saying for a while, all this collection and analysis of data about us in our everyday lives could very easily be turned into something that is marshaled against us by leaders who wanted to do so.

And I think we’re living in a time when people are really starting to see that come to fruition — you know — very literally, and their neighbors are being picked up because of data about them that the government has collected or bought.

So I think that in that way I think we did anticipate this moment when the government would be willing to really marshal this evidence, this information against us.

I think if you think it’s going to stop with just the categories of people who they’re targeting now, you’ve got a misunderstanding of how history works. We’re already seeing it being marshaled against protesters, against people who are engaging in their first amendment right to film the police, and I don’t think there’s any reason to believe it will stop there.

But, having said that, I’m not sure that I that I personally anticipated the absolute domination that surveillance capitalism would come to make.

We called it “creepy, but legal” when Google started placing ads just based on, you know, scanning people’s search terms and things like that.

The contextual ads.

The contextual ads, like we thought that was creepy but legal. And I still think it is creepy but legal, but it’s nothing compared to what came after.

I don’t know that I anticipated that it would become the predominant business model online. Some of that is due to the consolidation of the industry, which is also something that I’m not sure I saw.

You know, in the 90s and the early 2000s, there were little companies that were coming eating the big companies lunch. You might have started off with an Alta Vista search and then and then you used a Yahoo search and used…

Ask Jeeves [laughter]

Ask Jeeves, and then… right, there was a there was a rolling that stopped with Google, right?

And this didn’t stop because there was no better way to search the internet, it stopped because of the consolidation and some business forces, the refusal of the United States to enforce antitrust law in a way that really protected competition, and instead falling prey to some other theories.

Those are things that kind of happened outside tech that I would say as a constitutional lawyer, thinking about the first and fourth amendment, I didn’t foresee because it really kind of affected our rights, but kind of came from this other direction that isn’t really where we lived, but now has tremendous implications for free speech, for privacy, but it really came out of the business side. And so I think those are a couple of things that I didn’t, we didn’t quite foresee.

Of course, we pivoted. EFF has been talking about consumer privacy for a long time. We have definitely got a whole section of the organization devoted to that, and another section devoted to competition. So we were able to pivot and grow and meet those moments.

But if you’d asked “1996 Cindy” if that was where we were going to go, I would not have put those on the list.

Yeah, it’s very holistic. I like you pointing that out. It’s things that happen over here [outside of tech] can still affect our privacy.

Why privacy is fundamental to democracy and self-government

Yeah, and we’re living in a time now where I think that the attacks on privacy are coming from so many different directions that it’s easy for people to feel overwhelmed. And I totally get that.

On the other hand, I really believe it’s foundational, like not just around kind of consumer issues, but increasingly so as we’re seeing price discrimination, right? The amount you pay for something being based on all the other things that the company knows about you from surveillance, rather than a fairness, or how much the thing is worth, or anything like that, but really maximizing out… and I think it’s starting to hit people a lot more clearly than it used to, and I think it feels very unfair. But also in the context of government surveillance.

So I think that we are in a time where we’re seeing some of the impacts of this, and it’s again it feels like it’s coming from all directions sometimes.

But you know the the other reason I care about this isn’t about the consumer side as much. The other reason I care about this a lot is: I think privacy is fundamental to democracy to self-government.

Privacy is a way that the people who have less power have protection from people who have more power. Right? That little zone of privacy is how we can navigate the world in which we might have a government that we want to change.

We might have, you know, my colleague Eva Galperin works with domestic violence victims. These are people who need privacy from people in their own home in order to plan their escape for their lives.

Whether it’s in your own home or all the way up to I want to be able to vote for who I want to and not have the government know— it’s why we have a secret ballot in the United States — privacy is kind of embedded into many, many of the ways that people with less power get protected against people who have more power.

I remember you mentioned in the book and I’ve heard this argument from other people too that like the founding fathers needed privacy to do what they did. Perfect example.

Yeah, absolutely. And you know Jefferson has a cipher if you go to Monticello.

I think you mentioned that he did.

It’s a physical thing: You can see the little, you know, turn the things of it.

And of course, he was in Paris, and John Adams was in London, and the rest of the founding fathers of Continental Congress was in the United States. They had to have a way to communicate with each other across distances that wouldn’t be read by the British, and they used cryptography.

So whether you’re an originalist or somebody who’s really modern, freeing up cryptography I think makes perfect sense.

Little bit shift of direction, but as a personal note, I want to say thank you for saying in your book that you weren’t really drawn to computers as much as other hackers, because I grew up a little bit sheltered: I kind of missed the days of like BBS’s and IRC and all that kind of stuff. I just really appreciate the the message that I took away from that, is that there’s room for people in the privacy space beyond just developers and coders and like… it’s for everybody.

So much, right? We all need privacy no matter what we do.

But I also think that one of the things isthat technical privacy hasn’t been as widely spread and understood, because it has seemed like it’s stuck in this little world, and if you’re not technical you can’t engage in it.

I am trying to break that out a little bit because I don’t think we’re going to win — I mean, I’m a strategist in my heart:

We’re not going to win if the only people who understand how important privacy are, are people who have other technical skills. So, I think it’s really great that you were drawn to it, and you feel like you can have a place in trying to protect privacy regardless of whether you can say, write an encryption cipher in your spare time, right?

Barlow’s “Declaration of the Independence of Cyberspace”

You said that the moment you read John Perry Barlow’s A Declaration of the Independence of Cyberspace, you disagreed with it.

Yes.

Um, would you explain why, please?

Yeah… oh, boy. Barlow and I went round and round about this. I mean, I uh… you know, we became very close in the end of our lives, so he’s a dear friend, and I understand why he did it, so… I want to say that, you know, Barlow was trying to project something onto this this the world in hopes that it would make make it self-manifest.

Uh-huh.

And what he really wanted was the idea that the digital world could be better than the offline world: It could be a place that was more fair, more just, that would treat people equally regardless of who they were, or where they come from, or what color of their skin.

You know, he really came out of a a view that maybe this technology could help make things better. And so he projected it as if, “oh weary giants of flesh and steel, you have no jurisdiction.” I mean, he was a beautiful writer, too. But like the whole point of it was to try to say old world, hands off. We were building something new and we’re trying to build something better.

So that, I think, is gorgeous. It’s beautiful, but it is aspirational. And… the problem that I had with it is: I think a lot of people took him, you know, he didn’t say “oh, this is my aspiration.” He projected it as if it was an absolute truth. And of course it’s not.

First of all, we have brought most of the problems of the non-digital world into the digital world. But also, this idea that governments would have no say in what was going on online wasn’t realistic, even when he wrote it, because wherever your feet touch the ground, you’re subject to the jurisdiction, and those cops, and FBI, and NSA they can come get you. The fact that you did it online is not going to mean that you don’t face any consequences for what happens in the offline world.

And I think he was he was trying to do something that inspired people, and honestly, he inspired a lot of people. But I think that the realist in me, and the lawyer in me, had a hard time thinking about it in inspirational terms.

I think it also led a lot of people to think that the digital world was magically going to be better, like it was inherently going to be better, and I don’t think Barlow thought that at all. He founded the EFF. You don’t found an organization committed to digital civil liberties and hire fighty lawyers like me if you think it’s magically going to be better.

But I think the way and the posture in which he made the declaration led a lot of people to think both that it was inevitable, and that it was already here.

I do think Barlow and I might have disagreed about some of it.

Sure.

But I think, again, he was a poet trying to inspire people and I’m a lawyer trying to litigate, and I would say 80% of our disagreement was due to just that difference in where we sit.

Are our rights inalienable, or do we need to fight for them?

Similarly, you said that Barlow said that no one gives you your rights, you have to take them.

Yes.

But, Edward Snowden argues that nobody has to defend their rights. Rather, the government, for example, has to argue why they need to take them away. So who do you think is right? Are we born with those rights and somebody has to explain why they’re taking them, or do we have to go and get them?

I mean, I think this is one where Barlow’s living in the world of the real, and Snowden is living in the world of the philosophical, right?

I mean, I believe that we all have inalienable rights that we, we’re born and we have these rights. They’re part of the deal of being born in the United States. You might have a slightly different set of rights if you were born somewhere else. And I think we all should have the universal declaration of human rights just by virtue of being born on this earth.

So I do think that they are inherent, and I think that Ed’s right to say that the justification for taking them away, the burden should be on the government who’s trying to take them away, not on us trying to defend them.

I think what Barlow was saying was: the reality is, you can’t just sit back and expect that to happen. We have to take our rights. We have to defend them. We have to… the reality of the lived world is that we’re not going to have a first amendment online unless we stand up and we say we want the first amendment online.

We’re not going to have the Fourth Amendment in our, you know… The EFF was started because of some Secret Service raids and cop raids on early bulletin board systems where the government took the position that the Fourth Amendment just didn’t apply.

And one of our very first cases, called the Steve Jackson case…

Steve Jackson Games.

…was to establish that indeed the Fourth Amendment did apply.

Now, you could say that I think of that as us taking our rights, but it’s not like us taking our rights and creating new ones. It was us establishing that this new context doesn’t diminish our rights.

So, I think Ed’s right that they shouldn’t have even tried, which [laughter] is kind of…

That would be nice, haha.

Yeah. And I think Barlow’s right we can’t just sit back and assume that the government and society are going to protect our rights. We have to give it a fight.

So, shifting gears a little bit: In your your memoir, you talked about a certain trip you took to a music festival where you made some lifelong friends, and you said that “having a place of identity outside of law and technology has been critical to my ability to keep doing the work, even when it’s hard, or we don’t win, or have our wins snatched away.” So, if you could, I’d love for you to talk a little bit more about that, because I’ve seen a lot of people in the privacy space burn out from just doing too much, doing more than they need to. And I think that it’s really important for people to have that space they can get away from.

Yeah. I mean, part of why I wanted to write this as a memoir is I did want to include some of the ways that you do this for the long run.

And that’s both because I think it’s fun and important, but also strategic. The government attorneys on the other side, they have 30-year careers. If we are taking people and they’re burning out after two or three years, we’re always in the eternal kindergartner or first grade on our side and they’re, you know, in junior high, right? Or high school, wherever you want to take the metaphor.

So for me anyway, it is true that having a community of people outside of the work, where I do something else and I’m not the leader, has been the way I’ve balanced being the leader in kind of some of these long and hard fights. And you know, it happened for me that it was a community of people who who I go see music with. And we create our own little festival every year, and in that world, I am not the head of it. I am not the executive director of my friends.

In many ways I’m very much a follower and let other people lead in that, because putting that down too, I just think that when you’re fighting and you’re fighting for your rights and you’re in these long battles, you got to be able to take off your armor sometimes. You got to be able to show up without that. This is the space where I’m able to do that, and it really does nurture me. You know, you put down your armor, you go over here, you listen to some music for a while, dance with your friends, and then you can come back and put the armor on, and you’re ready for the next thing.

I think finding that balance — and what works for me won’t work for other people — but I think that that finding that balance for folks is is really, really important if you want to keep doing this for the long run.

My husband has also been doing this kind of work for a very long time, and you know he builds like blinky art…

Oh, that’s cool.

You know, he’s a pretty geeky person but he does electronics right? His daytime work he does software for human rights, and in the evening he comes home and he’s like hooking up little blinky lights, so

[Laughing]

So everybody, well not everybody, but I think the way to do this in a healthy way for the long run and not burn yourself out is to find something else that feeds you that isn’t that work.

I can relate to that. I have some other spaces where I’m not really “Nate” and so I can, even though I’m not an executive director obviously, I have that space where I’m not “Nate from Privacy Guides.” I can be this other person, and it’s it’s great.

Yeah. And I think you know being able to — not everybody can compartmentalize like that, but I think if you can, it gives you a cushion.

It helps a lot, yeah.

Staying motivated in an uphill battle

On that note, as you noted in your book we often take more losses than wins. Are there any other ways to stay motivated in the face of such a long, drawn out uphill battle?

I mean, I think there’s a couple of things. I mean, I like to win.

You know, there is that old saying, “the real victory was the friends we made along the way.” I don’t — I don’t subscribe to that! It’s not a substitute:

We need to win because people’s lives are at stake, and it’s important.

On the other hand, you do meet amazing people. You do get incredible things to happen in your lives, and again some of them are stepping away for a while, but some of them are just like building a team having a team that works together, sharing the losses and the things so you don’t feel so alone.

We used to joke at EFF that we had an “outrage stick,” like a talking stick, and that we would pass it around, and one day something would happen and you’d be the person holding the outrage stick and you’d be really upset and all your all the rest of the team would be there for you going “yeah that really sucks” and “we’re here for you,” and then the next day it’s somebody else who holds the outrage stick, we would pass it around so that we would kind of take turns both being the people who are really upset, but also the people who are not at the moment, and so can kind of hold it together while, you know, you take your moment to be really pissed off.

That’s another way that you kind of share the load a little bit with other people. I really think that, you know, I joke that I say that privacy is a team sport, and I mean that kind of literally and that you’ve got to communicate with people.

Yeah.

But I also think I mean it in a organizing way: like having a team, having a group of people that you’re doing this with, and they don’t have to be physically present. You know, the digital world makes it possible, but having people who you’re in it with is one of the ways that I have certainly held it together over the long run.

Eva Galperin, EFF’s resident “outrage fairy”

I have to ask, because I follow her on Mastodon. How often does Eva [Galperin] get the outrage stick?

Yeah. You know, for a while, I don’t know if I should say —

We can cut it if you want.

Eva had a little thing on her door at EFF that said “outrage fairy.”

I love her. She’s fantastic.

So, yeah, she certainly takes her takes her turn, right? But she has other times where she’s there with every for everybody else. But yeah, absolutely.

I just — She’s so passionate online. That was my first thought. I’m like, I bet she has that a lot.

She definitely has it. She has her share. But she’s also just more vocal, right?

She’s just more willing to be out there in things, and I really, really appreciate that. I’m not somebody who’s as public a person as Eva is. This is a new experience for me.

But yeah, I think that she does a good job of expressing outrage and channeling other people’s outrage as well. And the other thing that I think she’s really brilliant at is pointing it in the right direction, right?

People get upset, and Eva’s analysis of where you should be mad helps a lot of people kind of focus in on the bigger picture bad guys, rather than the smaller picture bad guys, and also it’s really easy in this world — I’m getting a little philosophical — we have another phrase at EFF which is “point your guns outside the tent,” with the idea that you’re working with other people and they may not see things the same way you do, they may have a slightly different set of priorities, they may have a different way of doing it.

Trying to understand the difference between the people who are basically on your side, but who you disagree with on strategy or tactics or priorities, and making sure that you’re not spending your energy shooting at them, and actually shooting at the people who you’re all trying to to prevail against. And recognizing those differences and not getting caught up in that, because I’ve seen that happen in a lot of joint actions sometimes too, and people end up more pissed at their friends than they are at their enemies, and I’m always like, you know, you can have hard conversations and talk about it, but the guns should be pointed outside the tent.

Absolutely. You said later in the same passage when you were talking about the music festival, you said that “community is my refueling place.” Like we talked about, it’s good to have balance and everything but can you speak to the importance of community?

I think both inside and outside the movement, again you can look at it purely strategic: which is one person by themselves cannot do nearly the amount that a bunch of people together can, and it’s not just one by one, it gets exponential when you get enough people together.

So I think as a strategy matter, one person is never… I mean, we love these little narratives about “the single person who changed the world.” That is never the case in any of the things that I’ve done, except in very, very small situations. And even then when you touch on them, even when you talk to people who are like, “oh, you invented blah blah blah.” They’ll be like, “well, yeah, but that’s because Bill invented this and Joe invented this and Sally invented this and then I came along and I just added this little bit on top and now I get all the the attention.” I’ve seen this on the technical and the non-technical side.

Strategically, community is critical, right? Having a bunch of people who are doing this together. But it’s also just a place, again, where you can put on a different persona, take a different tact and refuel, really get your get your energy back. That’s how it’s worked for me.

Again, I’m an extrovert, I like people. I know there are many, many people who are committed to privacy for whom the idea that they need to go to a music festival to get it will recoil them. And I am absolutely not saying that.

I’m using my story to try to help people see what is it for you, and it might be being all by yourself with your cats for the weekend. That might be the best refueling that you could do, or whatever. I think that it’s not important what it is, it’s important that there is a refueling place.

On that note, how do you think, especially in the privacy community, how do you think we can foster healthy communities?

Well, I think we have to give each other grace. I think if somebody comes in and they want to help, you welcome them, and don’t give them a litmus test about whether they’re cool enough, or they know enough about the tech, or any of those kinds of things that are sometimes done in some of these communities that I think are very unwelcoming and unhealthy.

I joke that “the good guys have better parties,” but what I mean is like bring some joy. Like this is hard work. We don’t always win, but that doesn’t mean we have to be sad all the time or unhappy all the time. There is so much room for joy and engagement in this, that helps people in it for the long run but also helps attract people to it.

So I think those are all things to think about. I also think you know thinking about kind of doable short-term goals even while you’re aimed at the longer one. So, inside EFF we have these long cases, and and I talk about them in the book. In between them we had lots of short cases that we would win easily. We did a whole set of cases that we call John Doe cases that are helping people have the right to speak anonymously online such that the government — or the whoever — that’s mad at them has to make a showing that they did something wrong, before they get their names.

You know people, would have a website that says like “Tesla sucks” — and this is just an example, it’s not a real case… that I know of — and companies would come and try to scare them out of having that place, in part by trying to identify them and [make them] worry about retaliation.

We would take these cases just periodically, along with a bunch of other people, and we started moving the law very slowly towards “if you want somebody’s ident — if they’re anonymous and you want their identity, you have to meet at least a threshold level showing that they did something wrong, not just that you’re mad at them.

And thereby we protected these things. The thing about the John Doe cases is they’re a motion that happens at the very beginning of the case. The whole thing is usually over within 60 days, and a lot of the times we won. I think most of the times we won. Occasionally we wouldn’t win, but like having little wins in the middle of the big fights, and thinking about the work in that way — like is there a chunk we can do now even while we’re doing the longer chunk — that kind of balance is very helpful for longevity as well. And not every fight has those, but if you can get your local community to decide that they need more transparency from the license plate reader company that your law enforcement’s using, and make them do a report about how they work, you might be able to get that on your way to maybe getting the city council to decide to unplug them.

So thinking about like what’s doable in the short term, as long as the short term isn’t getting in the way of the longer term, you might be able to get some wins, get some momentum, bring other people into the cause by doing something that is a little easier to do than your long-term goals.

In the book, you mentioned “jawboning,” which is when governments put inappropriate pressure on companies to get them to do things that the government wants.

This is kind of three questions: How frequent is this? How can projects defend themselves against this? And how can those of us on the outside of those projects know if this is happening or not?

I feel like this is a big concern with a lot of privacy people.

A lot of privacy people… Um, jawboning is something that used to be pretty rare, and something that people on the right would complain about. It kind of grew up during the COVID era, when a lot of people on the right felt like the Biden administration was going too far and trying to get information, get speech taken down off the internet.

And there was a Supreme Court case that happened about that that set the standard. I wouldn’t say we were exactly happy with it, but it wasn’t too bad.

But the Trump administration has ramped up jawboning tremendously. And they’re not even hiding it anymore. And the EFF is representing ICE Block in — So this is a little app that helps people report where they see ICE arrests that the government, Kristi Noem when she was the head of DHS, got taken down off of the Apple store and the Google Play Store.

Google like proactively did it after…

Yeah after, but you know, we don’t know how proactive it was because we don’t know what’s going on in the background.

Sure.

But yeah, they did, they both took them down, and Apple’s actually taken down some other ones that’re not even close to that, right? They’re now self-censoring these kinds of things, so the jawboning worked really well. It worked so well that the companies are now proactively taking down perfectly lawful tools, so we’re seeing a lot more of it, and we’re in this litigation to try to push back on it.

How can you know that’s happening? Well sometimes the app providers don’t even know for a while. I mean, the app stores… it’s pretty hard to know what’s actually going on if your app gets taken down. They’re not very good at being responsive.

But pushing on that, I mean, so the app stores — it’s happening in app stores now, so I’m talking about in terms of app stores, but it could happen in any context —

But having the [developers] who are actually interacting with and putting it up on the app stores tell the community is a really important thing. They are very rarely gagged. I don’t think there’s a situation in which they’re gagged. Sometimes they’re quiet because they’re trying to negotiate.

One of the ways people have traditionally tried to figure out these kinds of things is things like warrant canaries. You know, I would say that they haven’t been nearly as useful as people have thought they would be, in part because people don’t check them very much and so you don’t know.

They’re a little controversial.

I’m a little uh hesitant to endorse them fully, but it is a strategy that some app developers have used for other kinds of government coming in and gagging them. I think most of these app store takedowns are not… there’s no gag. There’s no secrecy that like that the creator of the app is in a position where they can’t tell the community. It’s always just that the app stores are not forthcoming about what’s going on or why.

I don’t know that there’s too much we can do about that, absent congressional investigations or the FTC or… you know, assuming a government or even your state AGs or state folks, I don’t think the federal government is going to be your friend if the federal government is the one getting them taken down.

Although at this point, look, Kristi Noem came out and said, “We did it.”

Like it used to be it was kind of secret, and now it’s not secret at all! They’re very proud that they have the power to take things out of app stores.

So it may be that the community doesn’t need to worry about the secrecy. They just need to mobilize against what’s actually happening, because I don’t think it’s that big a secret anymore, at least with this administration.

The dangers of the app store duopoly

Yeah. I’ve I’ve seen some app developers have, like you said, that stuff’s been taken down and they’ve talked about it online and they’ve been — like not for jawboning reasons I think — but they’ve posted like they said “it was for this reason so I emailed them back, and I’m like the code is right here you can see it doesn’t do that,” like it’s whole runaround, so yeah, app stores are not very transparent.

No and it’s why we shouldn’t just have two app stores. I mean, at the end of the day, this duopoly of app stores is problematic, right? Because they only have to put the squeeze on two companies, and they can take stuff away from us.

You know, it’s part of why EFF has a whole competition area now, is that we began to see that the consolidation and you know… we’ve had two telecommunications companies, Verizon and AT&T, for a long time. This is part of the network neutrality concerns. And now we’re seeing it with app stores. We’re going to see it with other things, because of the consolidation of the industry. So, it’s a really important for us to support decentralization, to support open source and other kind of ways for people to get things that don’t require either of the big companies.

There are people who are trying to build distributed systems where you don’t have to rely on Amazon or Google for cloud storage, right? That’s actually pretty hard given how dominant they are. But I think it’s really important.

I don’t think we can trust these companies anymore, that they’re going to be neutral. There was a period in which I think it was a safe bet that the companies just wouldn’t get involved. And you know, they they would let people sort it out and they wouldn’t put a thumb on the scales. And I don’t think we can say that’s true anymore. We can’t trust it.

Near the end of the book, you said that EFF has been instrumental in ending at least one mass surveillance program, and dramatically scaling back another.

I feel like we haven’t seen any major whistleblowers since like Vault 7, which was 2017. Yeah. Um it’s been a while since we’ve had… was it Mark Felt — no, he was deep throat…

Mark Klein.

Yes, Mark Klein, thank you.

…was 2005, and then Snowden was 2013.

Exactly. So how can we get more insight into what the government’s doing right now? Because it to me it feels kind of like a “Vatican secret archive” thing, where it’s like, you have to know what book you’re looking for, and then we’ll go find it. It’s like, well, if I don’t know the programs there, how do I do a FOIA request?

Yeah. I mean, I think that I do worry about that a lot, and I don’t think it’s an unreasonable concern.

While I don’t like the FISA amendments act — Section 702 — theoretically, Congress is supposed to have oversight over these things, and many more things have to go in front of the FISA court.

Are there things that could be outside of that structure that they’re doing in secret that we don’t know about yet? Absolutely. We just have to wait and see. They are not supposed to be doing other secret things. But…

[Laughter]

I mean, “not supposed to” as in I don’t think the law gives them space to do a lot of it, because that’s part of what Congress tried to do, was to bring them all under this umbrella of congressional oversight and FISA court oversight. Now, they didn’t do enough, and right now I’m worried Congress is asleep at the switch, right? So, I think it’s worth it to be to be worried, but yeah, we’re going to have to wait and see.

It took, you know, after the Patriot Act was passed in 2001, it took until 2006 before Mark Klein walked into our door. So… and we had heard rumors. We heard lots of rumors about lots of things. We knew we were actually preparing a complaint with some of these things. We had enough information. I don’t have the same trickle of information right now about new programs, but I don’t take much from that like that. I don’t trust that that means there aren’t things.

But look, 702 is up for renewal in April! They’re talking about kicking it down the road again, because it’s actually pretty controversial, it’s not sure they can get it. But this is a good time for people to show up and try because they are looking deeply.

Senator Wyden did you know, “the Wyden siren,” I think is what they call it.

I just heard that for the first time the other day!

[Laughing] I just learned that! He gave one of those speeches where he said “if the American people knew what I knew, they would be upset.” So that that tells me there’s stuff going on there.

Although, what he said was not necessarily… I didn’t parse it to mean there’s a whole other program we don’t know about, as much as “if the American people knew how they were interpreting the rules that they have so far, they would be very upset.”

But yeah, those are the kinds of things we watch for. We watch for whistleblowers. We watch for people like on the intelligence committees like Wyden who are courageous and try to do as much as they can without crossing the line. And when if we learn about more, we’ll jump on it.

It’s an ongoing, it never… I mean maybe it would end someday? But in general, the national security people are playing the long game. And the long game for them is that nothing happens anywhere on the globe that they don’t have access to collect it all, manage it all. I understand why they have that philosophy, but it’s a disaster for the rest of us.

Yeah.

I think it’s very dangerous. And I think it is dependent on this idea — that they are honorable and will never misuse this power — that is just demonstrably false. It was false before the Trump administration came into effect, but it’s definitely false now. They fired all those guys.

Yeah.

All those guys who used to tell me, “Don’t worry, we have internal protocols, and we would never do anything wrong!” They all got fired and their clearances pulled. So, like that’s got to tell you something, that happened because the Trump administration doesn’t have the same sense of honor, and the idea that it would never misuse these tools in ways that are problematic for civil liberties that their predecessors did.

And again, I think we’re seeing that… We’re seeing it in a bunch of different places with the Trump administration. I see no reason to not think that’s the same is true here.

Last question, turning it over to you. Is there anything I didn’t talk about that you want to bring up?

No, I mean, I just really thank you for doing this. I think you’re doing really heroic work out here.

Oh, thank you!

I was really psyched to hear from you, and I think that having people all throughout the country who are trying to get the message out, and also really demystify privacy and make it accessible to people, I just think it’s fabulous and I hope you continue to do it.

Thank you so much.

All right. Thank you.

We want to thank Cindy so much for being so generous with her time and sharing her wisdom with us.

Her new book, Privacy’s Defender, is out now and available through MIT Press, Bookshop.org, or wherever you buy your books. Nate has read the book and loved it, and many of the questions in this interview were directly inspired by it. If any of the topics in this interview interested you, definitely grab a copy, because we barely scratched the surface.