In addition to her work on privacy at ProPublica, Julia Angwin’s Dragnet Nation is available today wherever booksellers are spying on you.
You are being tracked. Besides comprehensive government spying, there are hundreds of data brokers compiling and selling information about you: Phone records, texts, phone location, computer location, web history, social networking use, background checks, credit history and now even entrance to some retail stores, with facial recognition linking you to your online data.
Julia Angwin, a reporter for ProPublica who was on a Pulitzer-winning team at the Wall Street Journal, spent a year trying to find out if a reasonably consumer tech-savvy person could circumvent the information-collecting dragnets while keeping her friends and her sanity.
Angwin spoke with me about her successes and failures, the FBI
tracking Reddit jokers, visiting the Stasi archives in Berlin, how
to leak stuff, how to utilize child password labor, the values of a
personal Faraday cage, and whether or not a healthy market for
privacy could ever exist.
OK, why don’t we just start off with talking about some
of people you interviewed for the book. Mostly I’m interested in:
What’s the sort of person that’s being tracked by the
What type of person is being tracked by the government? As we’ve learned from Snowden, everybody is being tracked by the government.
We now know that every single person’s call records are being swept into these dragnets that the government has. We have also seen many other instances of indiscriminate mass surveillance: the automatic license plate readers that the government is using, there’s all the facial recognition with cameras and, increasingly, drones!
That’s why I called my book Dragnet Nation, because
there are so many dragnets. It used to be you could say the kind of
people the government tracks are suspects. Now they’re basically
tracking everyone, because they have technology that allows them
Say I’m a Muslim writing something on Reddit. What are
my chances of that being picked by and pursued by the
Yeah. I don’t know what the chances are, but certainly in my book I tell a story about two young Muslim men living in California. One of them wrote a kind of snarky thing on Reddit, basically making fun of the TSA’s screening procedures. There was a long discussion on the board about taking away your deodorant, and the checkpoints, so this guy wrote something saying, Well it’s silly, because I could just go bomb a mall, and nobody’s checking anything there. I could walk in with a trenchcoat and a duffel bag and bomb it.
So, a couple weeks later, he and his best friend were getting his friend’s car oil changed. The car went up on a hoist, they looked underneath their car and saw this weird thing hanging off of it, and in fact the FBI had installed a GPS tracker on their car, and had been following them around.
And later, when the FBI came to reclaim this device, after they publicized the fact that it was there, the FBI agents did say to the guy being tracked: “The reason we did this was your friend’s comments.”
And this story resonated for me in so many ways, because it was not even the guy who wrote the comments who was being tracked, it was his friend!
What happened after that, was that their friendship broke up. The guy who was being tracked was like, I can’t really afford to be friends with people who are going to get me in trouble. These guys who’ve been friends since childhood don’t talk anymore, and the guy who was being tracked is very cautious about the way he lives his life, he’s concerned that he’s under scrutiny, he does get detained when he travels internationally, for extra screening.
And it makes me wonder what kind of country this is, when we’re supposed to have this freedom of expression to say things, and we actually fight in court to allow people to say the craziest things ever under the First Amendment.
But we’re now in the situation where surveillance is so easy
that you can get in trouble for fairly innocuous silly comments you
As a reporter, obviously you need to be connected to
social media in some fashion. Is that hard to balance with
protecting the privacy of people you associate
Oh, I love social media, I mean, I wrote a book about MySpace when it came out. But I have chosen to limit my presence on a lot of social media sites, because I just don’t feel I can trust the privacy protections.
As a journalist, I felt like I didn’t want my list of friends or connections on LinkedIn to be seen as my sources.
So I got rid of them. However, I really suffer for that…. It’s
very easy to connect with people and find people you can’t find any
That reminds me of this great bit in the book where you
actually go to see Stasi files.
I went to Berlin, to visit the Stasi archive, which is some of the best preserved records of surveillance in modern times. You know, East German secret police, the Stasi, during the communist regime were aggressively spying on the citizens. And I thought, I wonder what these files look like compared to what is being collected today. Because people sort of throw around the idea of, “oh, the NSA is as bad as the Stasi,” but what did it really look like?
I went there, I filed sort of the equivalent of a Freedom of Information Act request to see some files, and after about six months I got a few, and I got a few more after another six months. I got them translated. And I learned a few things from seeing these files.
One was: the Stasi had to work really hard. You know, they had to steam open mail, listen to people’s calls, follow them around in cars and spend a huge amount of time recruiting informants to inform on people for them. And so they had to work way harder than any of today’s surveillers have to do.
Secondarily, they didn’t have files on everybody in East Germany, they only had about a quarter of the population. So they didn’t have total coverage. And today’s surveillance systems can much more easily get total coverage.
However, it’s worth saying though, there’s a huge difference, you know, they were using this information to oppress the population. So everyone in East Germany lived in fear of the Stasi. In particular, they lived in fear of saying something that could be turned in to the Stasi.
I got a social network that they drew, from one guy that they were watching, and they had 46 connections, carefully mapped out. It looked like it must have taken months of work because they had really paid attention to different trips he had taken, different people he had visited. And it was 46 little nodes. And when I went looked at my Linkedin connections before I deleted them, I had more than 200 connections. In an instant any kind of surveiller could have looked at that.
So I thought, this adds to my worry that the amount of
surveillance doesn’t have to be that high in order for people to
totally self-censor themselves. And that again is my biggest
concern about the world we’re building right now.
You seem to pinpoint the problem with all the data
that’s being collected as: Companies need our data to make money,
and they want to collect in every way possible. And then they are
forced to hand it over to the government.
Right, well, I don’t think anyone really planned it this way. What has happened is that after the dot-com bubble burst, there was this time in Silicon Valley where everyone realized, “We’ve got this great Internet thing, we want to build services, but the people who want to come to the Internet don’t want to pay for it. What are we going to do about that?”
And there are multiple reasons why people didn’t want to pay, and you could argue about whether that was a good decision or not, but we’re in a world right now where people expect everything for free. What we are learning though, is that really it isn’t free.
The things that were public record before were very static. Now you can literally see like “oh, they’re browsing a website about this, now they’re on that site; oh, look, they’re shopping for this.” This is like a minute-by-minute — it’s almost like the inside of your mind — at least my web searches look like that. So it’s irresistible.
And what we learned from the Snowden revelations is that not only is the government going to the front door of these companies with secret court orders like, “hand over this data,” but also they’re going in the back door and hacking in when they can’t get it.
So maybe we should think again about if the price of this is too high.
And one thing I really found frustrating in my reporting is that
I would really be happy to pay for some of these services. I would
pay for Gmail—one that was privacy-protecting and didn’t store my
data. But I can’t find it. There aren’t any of these services
You talked to someone, Daniel Jaye, who was sort of an
inventor of tracking, and now hates it and is trying to come up
with privacy software.
This guy helped invent the behavioral ad tracker, which is the way that websites and advertisers are able to follow you from site to site build a profile about you and show you ads that they think are relevant.
He came up with this idea back during the dot-com bubble in the late 90s, and it was too early. There were like five people on the Internet, and they weren’t buying anything.
Around 2007, it became sort of the accepted way that advertisers would follow people around. But the thing is when he came up with it, he thought of it as a very privacy protecting move, because you weren’t identified by name, it was just like, there’s a person with a cookie number 123456 that goes to this site or that site.
But what’s happened over the years is it’s become increasingly identified. So Facebook, for instance, sees you on other websites, and they have their buttons on a lot of websites.
Some others are buying data from these offline data brokers, who have your name and address, and then they put some anonymized version of that in their online tracking.
So Dan’s concern is that these two things are merging, and he
never meant for that.
I think one of the successes you talk about is being
able to install anti-online-tracking programs.
Some of the more successful things I did were to block online ad tracking. I encrypted my connections to the Internet … using HTTPS Everywhere, which is something you can add onto your existing browser. I also found that I could anonymize my location by using software called TOR—but my connection was much slower.
So, there’s a cost for some of this, but the technology used to
block ad tracking, Ghostery
Everywhere, are very easy to install and didn’t affect my
performance, and I would recommend everyone do that.
I really love the story of you trying to put your cell
phone in a locked metal box. Because even if you have your in phone
in airplane mode, there’s still the chance that you could be
Right, so the problem with the phone is it’s the perfect tracking device. First of all, we carry it everywhere. We put it next to our bed. We’re never without these things, so, first of all, spies could never have dreamed of anything so wonderful.
Ultimately, I found that I had to put it in this bag, as you described, the Faraday cage. Essentially, it’s a bag that is lined with metal, very thin metal. And that blocks the signal that could be transmitted to a tower or to anything.
I ended up throwing it in the bag as a way to protect my privacy. But it was, of course, completely ineffective, because then I didn’t have a phone I could use.
So, as a mother of two children who wants to be able to reach
them if something goes on, it was not the most effective
You’ve had a lot of interesting posts at ProPublica, and
writing in the book,
about how we seem to come at passwords in a completely
arbitrary and just wrong way.
A lot of workplaces have these really complicated password rules: numbers, a symbol, letters, and you have to not write them down and you have to change them every three months. This is the conventional wisdom.
And it is terrible advice! Because if you have to come up with something really complicated that you can’t write it down, and you have change it every three months, you’re going to fail at that task, because that’s not how our brains work.
So then you’re going to cheat. And where do people mostly cheat? They mostly cheat by making their passwords really, really easy to remember. Because that’s the least pain.
I eventually came up with a two-pronged strategy.
For the vast array of passwords—in my case more than 50 just for random websites—I use a password manager. This software you put in your computer, and actually it comes up with the password for me. I just press a little dial, it generates a random string of numbers, and it stores it on my computer.
Now, I have no idea what those passwords are. The only way I can get into those sites is by using the password manager. But I don’t care, because they’re not that urgent.
But for banking, for email accounts, for my password to my
password manager, I wanted really, really strong passwords.
That you could remember.
That I could remember!
I did a lot of research and found that there is a way to come up with strong passwords you can remember: it’s called Diceware. It basically involves rolling dice and picking words out of a dictionary that are numbered.
Theoretically, you could pick random words out of a dictionary
just by opening it and putting your finger down, but what research
shows is people are not that random. They pick one word, “unicorn,”
and then they’re like, oh why don’t we make the next one
You also talk about using encrypted chat messages
through your phone to contact sensitive sources.
I installed this program called Silent Circle on my phone. So it has encrypted phone calls and encrypted text messaging….. But the huge problem was you have to get the other person to install the app.
And for an encrypted text, sent between my phone and another phone, we both kind of had to be within reception at the same time. So, in effect, it’s only really worth it if you’re both in range.
I had his absurd situation where I’d end up calling people and
say “OK, are you ready to receive my encrypted text?” Thus
defeating the entire purpose of encryption.
I remember, when Wikileaks was the big thing, a lot of
news organizations were announcing that they were going to also try
to build a black box that people could send secret documents to,
and I sort of didn’t hear anything about it since then. Is maybe
one of the problems with that, that you can’t just send documents
without coordinating it first?
After Wikileaks, it’s true there were a couple organizations, including where I used to work, the Wall Street Journal, where we tried to build similar type of dead drop boxes. And they were largely unsuccessful. Because they weren’t really secure enough. However, this year, a new generation of these secure drop boxes have come out.
Here, where I work, at ProPublica, we just installed one. And I think we’re one of the first to get it. And it is actually really hard for the source to send documents. … The source who wants to submit documents has to go through a bunch of steps, to anonymize their location and the documents themselves, and submit them through this very circuitous route.
However! I think what we’ve learned in the era of Chelsea
Manning and Edward Snowden is that there are some sources who know
how to do this stuff, want to do it and feel like they have
something want to share in the public interest. And so the hope
that in journalism is that we can find a way for these people to
communicate with us.
You say you also had some success with getting your
children to get on board with the privacy game.
Yeah, it was really surprising to me because, first of all everyone says kids don’t care about privacy, and my kids certainly were resistant to the idea. Because privacy was something I always told them was the reason they couldn’t post videos on Youtube or couldn’t join a social network.
So, to them, it meant no. As I was thinking about ways to change that dynamic, it occurred to me, they do want privacy! They want privacy from each other, and from me. You know, like, I’m the NSA to them, I’m Big Brother spying on them.
So once I sold it to them that way, they actually got a little more interested. And then I made it fun. I taught my daughter a way to make strong passwords. Which involved her rolling dice and using the numbers she rolled to pick words out of a dictionary that were numbered.
And she started a business selling passwords. She makes passwords for a dollar each. They’re very long, they’re 30 characters and strong. And she loved it, she was like, oh I’m making money, and adults want to talk to me about my cool business.
So she was really into it. And then, from there, they wanted to
adopt some of the other things I was doing they thought were really
cool. They thought it was really cool that I had set up a fake name
for some of my online accounts, so they set up fake names for their
accounts. They really liked the ad-blocking software. Because it
had a little picture of a ghost.
At one point you compare privacy products to buying
I think we just all need to be a little more thoughtful about the choices we make because when we choose to use a different technology that is more privacy-protecting, we are voting. That’s a kind of vote, and it will incentivize people to make the technology.
Because we are on these devices all the time. Actually, more
often than we eat right?
Do you feel like that sort of market is possible in the
near future? You’ve interviewed a couple creators of privacy
software who are very excited about it and think the market is
coming, but at the same time there’s lots of estimates of how much
our data individually is worth to companies, and it’s anywhere from
like 28 cents, to, in the case of Google, some people have said
30 dollars a year.
I think that it’s hard to know whether there will be a robust market. What’s happening now that’s really weird is that the more companies that collect data about us, the more they all have the same data and the uniqueness of their data actually falls.
So in some ways, the companies that are collecting data are bringing down the price of our data because there’s no scarcity. There are hundreds, literally hundreds of companies have information about me. And`many of them have the exact same information about me. So they can’t sell it for very much.
There are people who argue that privacy would help us make our data more scarce. And then actually those companies would benefit, they would actually be able to sell it for more because they would be the only one that had it.
There’s also the fact that they’re going to be people who will
pay for privacy, and it might just become a luxury good. Where some
people will buy their way out of it. And that might be an unfair
situation societally, in the sense that some people will have this
protection that some people won’t. And I’m not sure where the
market will go, but I suspect that we will see a rise in maybe both
Do you think privacy legislation is something we should
be pushing for, or is it too mired in lobbying?
I found 250 data brokers who had information about me; only like a dozen would even let me see the data. And I think that’s unfair…. Isn’t that the whole point of big data that we’re going to be able to learn from all this stuff? But I’m the only one not learning anything about myself.
So, we’re the only Western country, one of the only ones, that doesn’t have a baseline privacy law that gives people access to the data that being held about them, gives the right often to correct that data if it’s wrong, and sometimes the right to delete it.
I think that baseline level of privacy is something that most
Western nations have agreed on. And I would like to see that here,
because I actually just want my data.
You talk a little bit about “sousveillance,” which is, I
guess, using surveillance tools in a sort of democratic
There’s an idea that’s actually very popular in Silicon Valley that yes, there’s a lot of surveillance going on, but we as citizens and consumers also have incredible tools to, quote, watch the watchers.
David Brin, in his book The Transparent Society—written almost 15 years ago but totally prescient—said this was the only way that this coming surveillance state will be tolerable. That we can build this sort of system where we control the cameras, meaning we the citizens.
So his idea was a city where there’s a camera on every corner, but you could log on to your home computer, and get access that feed, and you could watch your kid walking home at night.
That is a lovely vision, however, that is just very far from the
reality we are facing, which is that we don’t control the
So you’ve had this year of trying all these of trying
all these privacy tools. Talking with other people about this, have
they been like, “oh that’s interesting” or “oh, I would never want
to bother to do that”?
My hope in actually going in to write this book was that people would read it and think, “Yeah that one’s a little crazy, but I think I could do that.” I wanted to present people the whole range of things you could do, and then people could decide which thing might make sense for them.
I think everyone could pick one thing that they might like, and some people might pick nothing. They might say, “You know what, I’m not going to do any of this.”
But in the end I think we’re all going to have to do some of it because we are going to have just become more tech literate. The threats aren’t going away. There are criminal hackers trying to get into your machine. There are other countries trying to wage cyber war, so in fact we are all going to have to learn to be a little bit better defended.
So I feel like, we might as well start now.
After reading this book and talking to Angwin, I have changed zero things about my privacy online. I have thought about making changes quite a lot, and I recognize it’s a problem. I don’t think data should be freely given, and many of the Angwin’s tips are fairly painless. I even think rolling dice to come up with passwords sounds fun, because aren’t we all nine years old?
But. Perhaps these are changes we don’t make instantly. The consequences of data collection, after all, are usually invisible—until they’re suddenly not. Or maybe I’m like a guy Angwin quotes in the book, who likes the idea of our online trash littering time forever. What kind of surveillance excuser are you?
Tim Williams is a community moderator for the New York Times. He did not even realize when pitching this interview that this book was published by Times Books, an imprint run by the paper and distributed and managed by Henry Holt. This transcript has been condensed and edited.