Q&A Andy Greenberg: How to keep your email and Facebook accounts secure
Andy Greenberg, 30, is the author of the new book "This Machine Kills Secrets: How Wikileakers, Cypherpunks and Hacktivists Aim to Free the World's Information." A tech writer at Forbes, he lives in Park Slope with his wife, film maker Malika Zouhali-Worrall.
Q What would you most like to see changed or accomplished in NYC?
A The mayor should create a 311 app that allows citizens to submit video and audio recordings as a way to make an official complaint or to submit evidence about the behavior of city employees (such as police behavior during the OWS protests or street stops). Everyone should be able to keep tabs on authority. Such an app could also be used by internal whistle-blowers. There's already an app called Open Watch built for the ACLU that allows people to record police. The government should invite this as in some cases it might exonerate employees as well.
Q Should there be controls on "creeping" and "upskirting" - the posting on the web of salacious pictures of people that were taken without their knowledge?
A You can't ban cameras and cellphones and you can't impose some kind of moral code on these open web forums. But don't be a creep on the Internet! It's useful for people to know that almost all cellphones have cameras now and to act accordingly. It's going to be worse when we all have Google glasses. There is now a transparency put on all our lives that changes the notion of privacy, and we need a new awareness. Mitt Romney (when he delivered his infamous "47%" remarks) thought he was in a private home with a private crowd. There is no such thing as a private crowd anymore and no such thing as a shared secret. Millions of Americans have access to classified secrets now and every shared secret becomes an open secret.
Q Why do people hack, anyway?
A The first reason people hack is just because others can't. They feel powerful. Julian Assange did it as a teenager just because he could: He compared it to playing chess. It's a deep game. It's kind of a power that young, smart kids have and then they find other motivations. You have white hat hackers and black hat hackers, who are motivated for criminal reasons and/or profiteering. Political guys do it for ideological reasons, but ideology is often tied up with ego.
Q Surveys have shown that you are most likely to have your cellphone hacked by a loved one, though: By a romantic partner who suspects you of infidelity, or a parent who wants to know what a child is texting or doing on line.
A I don't know if that's hacking. That's more like opening up a diary. Hacking is fundamentally about using technology in ways it wasn't meant to be used and finding loopholes. Not every violation of privacy is hacking.
Q You're a tech expert. How do you keep all your computer passwords straight?
A I have a different password for every account. My wife complains about this because I'll ask her to sign in to different accounts and they all have different passwords. And I have different layers of security based on the sensitivity of the accounts.The breach of Zappo’s credit card data? The data didn’t really get out, but but things like that are sensitive because a lot of people use the same password for Gmail, Facebook and Google. That’s the scary thing. It’s really important to have different passwords for every single place.
Q But how do you keep them straight? Somehow I doubt you have a million yellow stickies all over your computer.
A I keep them all in my head.
Q I could never.
A Different people use different strategies for encoding. Maybe they have a dog named “Spot” and use the dog’s name with different numbers and characters. Or they go one letter before or after the letters in a name or word. There are different kinds of systems to make it easier. But you don’t want to use the same password for your Gmail as you do for other sites.
Q So what is the best email service?
A I’m not sure Gmail is fundamentally more secure, but they do a couple different things that are good. The warn you if they notice suspicious activity and the have two-factor authentication. They send a one-time password to your phone so if someone is trying to get into your gmail, they also have to have your phone. It can be inconvenient, but it’s an important safeguard.
Q Every step we take to become makes us more technologically secure increases the hassle factor of using technology.
A We had an illusion of security before. We weren’t aware of how insecure we were. The tools we use for encrypting email and that provide safeguards have become incredibly easy for anyone to use. Bradley Manning (the soldier on trial for leaking classified documents about the Iraq War) was able to be anonymous much more easily than he would have been a decade ago. He only got caught because he told somebody.
Q So is Bradley Manning a hero or a hack?
A He was a troubled, ostracized kid in the military who spilled thousands and thousands of files – he didn’t even know what they were. I do think he probably broke the law, but he did so for reasons he thought were moral. His actions had a huge impact: They helped fuel the Tunisian revolution and the whole Arab Spring. What those documents revealed helped the Iraq government say (to the U.S.) ‘thank you. Now please leave.’” His actions had an enomous impact.
Q Can we protect our personal accounts from hacking?
A The same tools Bradley Manning used to be anonymous can be used by anyone. There are a number of them: PGP, TrueCrypts, Tor. These tools are particularly important to people in regions outside the United States. The tweets by Malcolm Harris (an OWS protestor) were subpoenaed by the Manhattan DA after he was accused of disorderly conduct. If he had used Tor, Twitter wouldn’t have even known who he was.
Q So you’re saying we should encrypt all our communications to guard our anonymity?
A I’m saying you should base your paranoia on the threat. And if you’re an OWS protestor, you should be careful and use tools to be anonymous to keep your communications secret.
Q Are we ready for electronic voting? It would be so nice not to have to go to the polls and to be able to vote from computer or smart phone and be confident that our vote is properly counted.
A We could. It’s a really complicated thing, but really just a matter of having the right technology. They do it in Estonia, I believe. There are so many issues. I don’t trust it in the near term, but in the long term, I think we’ll figure it out.
Q What’s the biggest threat at the moment?
A The biggest threat to internet freedom is cloud computing and this idea we should put all our data on some centralized service that could turn it all over to the government. Facebook, incidentally, has shown itself to be happy to give your data to advertisers and the government. Keep things on your own machine and don’t store them in the cloud. People forget that the info there is controlled by a private company.
Q Are you on Facebook?
A I am. But I don’t use it very much at all.