Q&A: Cindy Cohn of the EFF

Authorities Are Growing More ‘Hostile to Your Ability to Lock Up Your Data’

By Nora Macaluso

Second of three parts.

Law enforcement and tech companies have been teaming up on surveillance — and privacy advocates say that could be problematic.

In today’s Digital Privacy News interview, Electronic Frontier Foundation Executive Director Cindy Cohn discussed the link between litigation and policy change and the need for a national privacy law.

This interview has been edited for length and clarity.

Looking ahead to 2021, what are EFF’s privacy priorities?

We’re going to continue our focus on public-private partnerships.

This is where, for example, Amazon’s Ring partners with local law enforcement to try to get people to buy Rings and then turn them on in ways that cops can get access to footage.

This is one of the most pernicious ways that we see companies plus law enforcement working together to build — really — a dystopian world, where you’re always on camera.

We know this kind of mass surveillance disproportionately affects people of color in our communities, because they’re the ones who get tagged as “suspect” for walking down the street.

Amazon’s Ring “is one of the most pernicious ways that we see companies plus law enforcement working together to build … a dystopian world, where you’re always on camera.”

We’re going to continue that work, especially the part of that work that talks about equity issues.

Such as?

We discovered the city of San Francisco had access to one of the networks of private cameras — not the Ring — and had tracked people who attended Black Lives Matter protests, and even the gay Pride parade in San Francisco.

So, we’ve sued the city over this lack of transparency.

There’s an ordinance in San Francisco that says the police have to tell you if they’re deploying these mass-surveillance techniques — and the police did not.

Hopefully, we’re going to set some good precedent with that litigation.

What’s EFF’s strategy?

Our approach, especially around these types of issues, is to — first — try to force governments to be transparent about what technologies they’re buying — and, then, use those requirements to force companies to be transparent about who they’re selling to, to force accountability when those tools are misused, which they often are.

Will encryption be an issue?

The other thing in 2021 I think will be going on is more attacks on encryption.

The number one way you can protect your privacy and security is having the tools that let you lock up data — and the tool that lets you do that is encryption.

“The number one way you can protect your privacy and security is having the tools that let you lock up data — and the tool that lets you do that is encryption.”

We continue to see the Department of Justice (DOJ) — and, now, a lot of law enforcement internationally — being incredibly hostile to your ability to lock up your data so nobody can get access to it but the people you trust — which is what encryption does.

That’s an area where I don’t see the (Democratic President-Elect Joe) Biden administration being significantly better, because (former President Barack) Obama wasn’t.

The Biden administration is bringing in a lot of the same people on these issues that were in the Obama administration — and we’re very worried they’re going to yield to the DOJ’s unreasonable requests.

What are the chances for a national privacy law? 

It’s really going to depend on whether the anger that exists toward the tech companies is going to manifest itself in this way.

We’ve seen a lot of anger at the tech companies, but it’s really manifested itself in these attempts to chip away at the liability protections that they have for what their users say.

But another way to get at the problems of Big Tech is to really get at their business model, which is privacy-invasive.

On encryption: The Biden administration is bringing in a lot of the same people on these issues that were in the Obama administration — and we’re very worried they’re going to yield to the (Justice Department’s) unreasonable requests.”

Is it going to be picked up? I don’t know.

That’s where it comes back to what happens in Georgia. But even if it happens in Georgia, it’s got to get further up on the Democrats’ agenda — and that’s going to take work.

But it’s work we will do. 

What needs to happen to make privacy a national priority?

So many other problems that we have on the internet right now come back to the surveillance business model.

They come back to the surveillance that’s going on, whether by companies or governments.

So many of the other problems would be much smaller.

The dominance of the big platforms would be much smaller if we had more competition.

The privacy invasions and the data about us these big companies have make it impossible to compete.

So, it’s all tied together: The privacy invasions are tied deeply to the tech platforms, especially Google and Facebook, but Amazon as well.

“Another way to get at the problems of Big Tech is to really get at their business model, which is privacy-invasive.”

Until we recognize that conjuncture — and unless we begin to address the surveillance model as part of the problem we’re having reining in Big Tech — we’re just messing around on the edges.

That’s why I mentioned the antitrust cases: Even though you might not think of an antitrust case as important for privacy, if we get that connection right and we fix it, it may be.

Friday: Two landmark privacy cases and “COVID-wash” surveillance.

Nora Macaluso is a Philadelphia writer.