Interview with Cindy Cohn, EFF Executive Director

Cindy Cohn, Executive Director of the Electronic Frontier Foundation (EFF) and Board Member of the Tor Project, was named one of America's Top 50 Women in Tech 2018 by Forbes.
As a tireless defender of digital rights, we wanted to get her take on the state of the internet today, recent victories and challenges ahead, and Tor’s role in taking back the internet.
How would you describe the internet today?
Disempowering. Between surveillance business models, national security surveillance, and ineffective legal and technical protections, many people feel that they have no power to protect their security and privacy.
But the good news is that we can regain control, and more people than ever are demanding a course change. Tor is a critical tool to helping us make that shift.
What do you think are some key victories that have happened in the past year to advance privacy and freedom online?
Tor and the Tor network just keeps getting stronger, more important, and easier to use. That’s amazing and a testament to the fierce, powerful and smart people who develop, support, maintain, and protect it.
I’m also heartened by the growing recognition across the world that privacy and security are linked and that technical, legal, and policy work is all needed to protect them.
I’m biased, but I think that a major step toward protecting people’s privacy as they cross the US border came in the Alasaad case EFF and the ACLU handled, where the court agreed with us that the US government needs reasonable suspicion to search the devices that people carry.
The ongoing efforts to encrypt the web and increase awareness about security tools and practices are also cause for celebration.
What challenges do you think privacy advocates and developers will face in the next year online?
I think the rise of authoritarianism around the world will continue to present challenges for privacy advocates and developers. One of the key things that would-be dictators know is that they have to prevent the people from being able to speak and learn things confidentially. This means more attacks on encryption.
I think that advocates and developers will need to continue to stand up for encryption and also ultimately will have to address the need to re-decentralize the internet. The pressures on the tech giants to make sure that no one can have a private conversation online will continue. We need to be ready and build out alternatives.
What is the internet you would like to see in the future?
We need to build a world where everyone has free (as in speech) access to read, speak, create, and control their experience, including creating their own tools and protecting their own privacy. A world where humans have the legal, policy, and cultural support and protection to do so. Where individuals have the strength and processing power to take on larger organizations, whether government or corporate, as well as to be protected from them. A world where our technology, whether as simple as an email or as complex as an AI system, is trustworthy and loyal to us.
Why do you think people should support and care about Tor?
If you care about maintaining (or creating) a society that can change — where ideas can grow and information can be learned free of control by governments or corporations — then Tor is one of the critical tools that you should support and care about.
Tor protects the canaries in the coal mines.
Even if you personally don’t need the protection that Tor offers, standing up for Tor is standing with the people who take risks to keep the rest of us informed about some of the most dangerous and important facts and issues facing the planet.
Many thanks to Cindy Cohn…
Many thanks to Cindy Cohn for her willingness to speak out on behalf of Tor, an invaluable tool for the defenders of human rights!
As we all know, Tor is unfortunately is on the receiving end of a seemingly unending stream of "bad press" in the US mass media, not to mention official invective associated with the "Going Dark" FUD punted by the leaders of such agencies as DOJ and FBI. The interview above is a rare example of a counterattack in the public sphere, but I fear no-one outside the Tor community will read it unless TP and EFF try to make our side of the story more widely available.
I would like to urge Tor Project, EFF, and Citizen Labs to consider joining forces to pursue four projects which involve reaching out to US politicians such as Washington Senator Maria Cantwell:
First, please try to ensure that Congress is aware of the positive role played by Tor in protecting activists, dissidents, human rights researchers, and whistle-blowers around the world.
Second, please try to ensure that Congress is aware of the negative role played by the rapidly growing cyberwar-as-a-service industry, which includes such notorious malefactors as Hacking Team, Gamma Group, NSO Group, and Dark Matter. Please try to ensure that they are aware that these companies are actively hiring form NSA/TAO and Unit 8800 (Israeli equivalent of NSA/TAO) operatives, and are attacking Americans in the USA who are opposed to human rights abuses by such countries as Saudi Arabia.
Third, please try to ensure that Congress is aware of the horrific potential for harm which is presented by machine learning (mis)-informed by Big Data repositories, in connection with "the New Jim Crow" and the kind of horrifying technologically sophisticated population control system ("social credit") being created (with the help of American companies) in China.
Please make sure they know that a similar system is not only possible in the US, it is inevitable unless Congress takes a hard look at the tales they are being told by companies such as Amazon, Facebook, Google, IBM, and Microsoft, which hope to profit by making self-serving and greatly exaggerated claims that machine learning informed by Big Data repositories holding (for example) the medical files of every American citizen, or the social media posts of every American student, can "cure cancer" [sic], "eliminate mental illness" [sic], "improve educational outcomes" [sic], "eliminate traffic congestion" [sic], "eliminate human trafficking" [sic], "eliminate cyberbullying and school shootings" [sic], and "prevent terrorism" [sic]. Deep Blue might be good at solving chess problems but the social woes just mentioned are not artificial and are for more complex.
Please try to ensure that Congress is particularly wary of particularly insidious population control schemes which USG has been developing for some decades, which go far beyond China's hideous "social credit" system, which consist of the following stages:
Stage One: "collect it all" about every American, using both government and corporate systems which collect and store all the "data exhaust" emitted by everyone alive.
Stage Two: amalgamate this data in huge databanks sourced from literally hundreds of government and corporate sources, including public school agencies, medical insurers, medical providers, data brokers, real-time bidding companies, brokers who collect (from their telecom partners) and sell real-time geolocation telecom data, credit agencies, police agencies, and a host of federal agencies such as NSA, FBI, and even CIA.
Stage Three: construct elaborate supercomputer models of the populations of entire major US cities, in which every resident is individually represented, together with their relationships with family, friends, employers, schools and local government agencies, plus their personal financial, educational, medical, housing, travel, and communications histories (to give an idea of the level of detail, these systems aim to know not only when and where parents drop off their children at school but route they drive, even the path they take when they walk the dog). The models also incorporate various alternative government actions, everything from PSAs to new administrative rules or new laws, or even actions targeting particular persons such as prominent political dissidents.
Stage Four: trial various alternative actions by the government in runs of the computer models, and choose the one which best meets some governmental objective (such as maximizing tax revenues, or minimizing political dissent).
Please suggest that Congress contact scientists employed by the US National Labs which have played a leading role, together with public/private partners such as the Santa Fe Institute, in developing these population control systems, in great secrecy. Please see in particular an tragically overlooked story published by Wired which offers a strong hint at what these systems are capable of doing to each and every citizen:
https://www.wired.com/story/scientists-know-how-youll-respond-to-nuclea…
Scientists Know How You’ll Respond to Nuclear War—and They Have a Plan
Using data from smartphones, satellites, remote sensors, and census surveys, modelers can create synthetic populations—and watch what they do in a disaster.
13 Feb 2018
This story only discusses the potential benefits of such computer models, but EFF should immediately appreciate the enormous potential dangers, particularly in the hands of someone like President Trump (or President Putin or President Xi.) Please note that the story suggests that some of the people who have been doing this kind of modeling for entities such as LANL are finally willing to speak out in public, at least about the potential benefits. But they should be called before Congress to testify about the all too plausible malicious uses of these vastly powerful systems for behavioral prediction and social control.
Fourth, please urge Congress to encourage the growth of a privacy industry.
Why are medical providers still relying upon unencrypted fax machines to share personal medical files, rather than using tools such as OnionShare which are no harder to use (and less expensive) than fax machines?
Same question for law offices, government officials, political parties, and most journalists, regarding other extremely sensitive personally identifiable information.
Why are such useful accessories as Faraday bags (for smart phones) so hard to obtain? Why are such horridly unsafe products as Amazon Ring and similar "home security systems" [sic] which rely upon insecure WiFi or even worse "cloud hosting" (shudder) the only game in town?
More generally, why are consumer devices designed using the sensible principle "do one simple thing and do it very well" (thank you, UNIX) impossible to find? A good example would be clocks which lack cameras/mics or any physical capability to transmit signals, but which receive over the air federal time signals--- such devices are invaluable in case of blackout and very useful for anyone using a Tor client running on a device with an imperfect system clock, but are virtually unobtainable in "big box" consumer electronics stores. Faraday bags are another item which would surely sell well if they were only readily available.
(I suspect that the answer to all my "why" questions is that Big Tech is well aware that they can make far more profit by spying on everyone than by helping anyone to make surveillance capitalism less easy or less profitable. Indeed, Amazon itself is already enjoys a virtual monopoly as retailer of consumer electronic items, and openly aims to become a monopoly on groceries and other household essentials as well. Congress talks but does nothing, because Amazon lobbyists come calling with huge campaign contributions. But maybe, just maybe, if EFF and Tor Project come calling to, some in Congress maybe willing to hear from those who are willing to speak up for the voiceless majority of citizens who are economically excluded from having a say in the American legal and political systems.)
Home security systems should not use WiFi and certainly should not be cloud based, because of the danger that cameras will be turned against the home owner, or used to harass entirely innocent passersby. The industry trend towards making everything IoT capable, equipped with hidden cameras/mics or WiFi radios, or cloud hosted is utterly insane from the viewpoint of cloud security.
Far from opposing strongly encrypted private messaging, Congress should seek to ensure that safe and reliable strongly encrypted communications are readily available to every American.
I know I am asking a great deal from three overworked and under-resourced groups, but I believe that all of these projects are extremely urgent and very much in vital interests of all North Americans (and all citizens of every other nation). One lonely voice is not enough, however well-informed, to counter the self-serving lobbying of vastly wealthy corporations such as Amazon, Facebook, Google, IBM, and Microsoft.
One simple task which I believe would be very helpful in countering the endless bad press targeting Tor with unfair accusations of responsibility for everything from human trafficking to incidents of swatting: the essays published in this blog during this and previous year-end fund-raising campaigns can do invaluable service in journalists and education decision makers about the positive role played by Tor in so many things connected with human rights, civil liberties, and social justice movements which aim to combat such threats as economic inequality, the dehousing crisis, militarized policing, nuclear weapons, failing states, criminal cartels and warlordism, famine, civil wars, mass migrations, and climate change. Accordingly, I ask TP to collect them and feature them prominently in the home page, www.torproject.org
@ readers: please join me in support Tor Project, Tails Project, and EFF!