[NYU] Spring on the Square

by Tommy Collison in

I'll be speaking at NYU next week as part of a panel discussion with the NYU LGBTQ center. If you've wanted to get involved with the center (as a grad assistant, peer educator, first year, or club leader), this is your time to ask questions!

Myself and the other panelists will be talking about our experiences -- I'll probably bring in some of the privacy stuff I've been working on. (LGBTQ rights, privacy, Internet freedom, you can't separate any one issue!) 

It's happening on Thursday 1/29 from 12:30-1:45pm. Hope to see you there!

NYU LGBTQ's "No Shame About Being HIV+" event. Washington Square Park, November 2014.

NYU LGBTQ's "No Shame About Being HIV+" event. Washington Square Park, November 2014.

Pew Polls and Public Education

by Tommy Collison in ,

So a recent Pew poll measured how favorably Americans view the National Security Agency. From my perspective, the findings are cause for concern: 

"Young people are more likely than older Americans to view the intelligence agency positively. About six-in-ten (61%) of those under 30 view the NSA favorably, compared with 40% of those 65 and older."

Quick recap of NSA actions since 9/11. 

  • It collects the call data of millions of Americans on a daily basis irrespective of whether they're suspected of wrongdoing. This includes phone numbers, location data, and the time and date that the call took place. 
  • The GCHQ (Government Communications Headquarters, a UK security and intelligence organization that shares information with the NSA) intercepted the communications of foreign politicians (computers, Blackberries) at two G20 summit meetings in 2009. (Bonus: they set up Internet cafés with e-mail interception programs and keylogging software.) 
  • The NSA was involved in the spying on a political candidate, as well as several civil-rights activists, academics, and lawyers, just because they were Muslim-American. It spied on 7,485 e-mail addresses from 2002-2008 and, according to Faisal Gill, the political candidate, "no non-Muslim attorneys who defended terror suspects had been identified on the list." In a 2005 document which shows how to properly fill out a memo to justify FISA (foreign intelligence surveillance act) surveillance, the placeholder name given is "Mohammed Raghead." 
  • The NSA widely monitors international payments and credit card transactions.  
  • With no suspicion of wrongdoing, the GCHQ and the NSA intercepted and stored webcam images of millions of Internet users, which included a "large quantity" of sexually explicit images. 

When you marry the long, long list of NSA/GCHQ abuses to the fact that this type of surveillance just doesn't work, it becomes clear that major reform of surveillance practices is overdue. French police were intercepting and listening to the phone calls of the perpetrators of the Charlie Hebdo attacks, and failed to prevent it. A presidential review group found in December 2013 that telephone metada collection was "not essential to preventing attacks" and "could readily have been obtained in a timely manner using conventional section 215 orders."

Which brings me back to the Pew poll that shows that over half of under-30s view the NSA favorably. Part of me thinks that the wording of the question has something to do with it -- in theory, at least, it might be hard to disagree with something which has the words "national" and "security" in the title if you don't know the full story. It's like how people intuitively support something called the PATRIOT Act.

If the question was phrased more like "do you agree with the content of your calls/texts/e-mails being read by your government with no suspicion of wrongdoing or public debate," I imagine the results would be different.

So from an activism perspective, the job becomes educating people until they start to make that mental connection themselves. When I read the words NSA, I think of warrantless domestic surveillance, I think about the fact that it doesn't work and that privacy is a right and not a luxury, and that a society where privacy is seen as suspicious is one which is inherently less free and less open. But that's because I've been working in this area for almost a year.

If I knew how to better educate everyday Americans as to why the NSA is a toxic organization that (like the TSA) likes to look like it's doing something without actually being effective, I'd be a much better privacy advocate than I am now. 

But I see results like the Pew poll and I realive just how far we have to go. I'm in it for the long game.

Gearing Up

by Tommy Collison in

(Trigger warning: mention of suicide) 

So I've really been enjoying getting to spend some time in NYC before classes start for the Spring semester. I've been catching up on reading, sleeping a lot, and seeing NYC friends. 

As I've written before, I'm working as a deputy opinions editor with NYU's student newspapoer this semester. I think my first column is going to be on the suicide of Leelah Alcorn and why Obama needs to step up and ban gender conversion therapies. I'll most likely crosspost columns from the NYU news site to here, so stay tuned. 

I'm also expanding my involvement with NYU's LGBTQ student center. I started working there as a volunteer last semester, being a student rep and also giving the 2-3 hour "Safe Zone" training, which aims to:

  • make LGBTQ allyship more visible. (We have placards!) 
  • help LGBTQ allies understand the issues facing queer students and staff
  • raise awareness of the many resources we have on campus. 

As well as continuing that role, I'm going to be designing and sending out the LGBTQ newsletter each week, which includes film screenings, new NYU classes, and related opportunities to the LGBTQ community and its allies.

Apart from that, I'm going to continue giving encryption workshop trainings as long as people sign up for them. The next one is happening next Friday in Brooklyn, and I'm excited for it -- I gave two talks in Ireland over the Xmas break with a new talk I wrote in late Decemeber, and I'm looking forward to seeing how it goes over with an American audience. I'll write something longer about the workshops soon. Suffice to say, they're keeping me busy, but I'm very much enjoying giving them.

As if all that wasn't going to fill my days sufficiently, I'm also taking 4 classes in the journalism and politics departments. History of the media, Middle East reporting, and Journalism Inquiry, which is the introductory reporting class. (As opposed to the introductory theory class I took last semester.) I'm also taking a US politics course, to try and get a grip on this country.

All in all, I'm excited for the next few weeks. Hopefully, I can keep my nose above water.

P.S. Denver readers -- will I be seeing any of you at the Creating Change conference in February? 

Students Against Surveillance

by Tommy Collison

Last May, I worked with two other NYU students to launch Students Against Surveillance, a project encouraging students and faculty to protest mass surveillance on campuses.

After we wrote the letter and the Electronic Frontier Foundation covered it, we encouraged other students and faculty-members to write their own letters and host them on our site. In all, we hosted 17 letters.

We worked with the Student Net Alliance, a a group dedicated to bringing the fight for digital rights into campus communities all over the world. We believe that a climate of mass surveillance chills free speech and restricts the type of intellectual exploration that is central to the university experience. The private realm, somewhere you're free from the attention of others, is the realm in which creativity and exploration and human freedom and dissent exclusively reside. 

Universities should be strongholds of open communication, where the free flow of information is encouraged. The ability of students to learn and grow is severely hampered when governments monitor our communications and social media activity.

Now, writer and activist Hannah Weverka and I want to expand the project, reaching more students and garnering more signatures. 2015 is going to be a big year in the fight for digital rights, between the sunsetting of Section 215 (one of the main laws that violates the Constitution and our civil liberties) and the continued battle for fair net neutrality laws. Governments across the world are trying to use the Charlie Hebdo attacks to justify more surveillance, and they have to be reined in before all privacy on the Internet is eroded.

Why not join the Student Net Alliance and raise your voice against warrantless surveillance? Here are some things you can do to get involved: 

  1. Become an SNA campus coordinator and get a discussion started among your friends about digital rights.
  2. Write a letter petitioning your university to take a stand against the NSA's chilling mass surveillance practices. (Check out the EFF's guide to writing an open letter here.) 
  3. Keep up with the Student Net Alliance on Twitter and Facebook

Reach out to me on tommy@studentnetalliance.net if you want to get involved.

Market-Driven Journalism

by Tommy Collison in

The reduction of news to whatever we happen to want to know in the moment is terrifying.” — Astra Taylor.


There’s nothing objectively wrong with market-driven journalism. It’s just that good journalism is arguably driven by something else — something that isn’t a profit margin.

The thinking is that market-driven journalism is too beholden to corporate interests. What sells isn’t the hard-hitting news that informs a citizenry. More often than not, it’s the .gif-laden articles, funny cat videos, and personality quizzes that gets the most clicks. If reporters only pursued stories that they knew beforehand were going to get clicked on, they’d gravitate toward the overly-sensational and the easily-digestible.

The future of journalism is a question of redistribution. Currently, the money is in repackaging a bite-sized article about Lindsay Lohan’s arrest record, and not in the longer, more thoughtful research-driven pieces that are both entertaining and useful. The running joke is that journalists are going to lose their jobs to content aggregators. (Is resistance futile? The answer may surprise you.)

Fundamentally, it’s hard to get people to eat their vegetables.

Astra Taylor, who identifies as a creator of “steamed broccoli cinema,” links the rise of gif-delivered “news” with the human struggle between doing what they’d like to do and what’s enjoyable — we’d love to eat healthily all the time and read Nabokov, but it’s far easier in the moment to reach for M&Ms and the latest Dan Brown novel.

We don’t have a hard-and-fast answer about the future of news — if there was one, Jeff Jarvis could go back to whatever he does when he’s not extemporizing on how news should be hyper-local and hyper-personal. (Shudder) The best we can hope for is that smart people like media critic and NYU journalism professor Jay Rosen continue writing and contextualizing new developments in the news industry for us.

Thankfully, people like Jeff Jarvis are starting to be challenged on their citizen journalism opinions. It was a scary time when “citizen journalist” was the buzzword du jour with no critical thinking into what makes journalism different from your friend telling you a story.

Yet many influential new-media thinkers argue that the prospect [of citizen-based journalism] should be eagerly embraced. […] The reduction of news to whatever we happen to want to know in the moment is terrifying. What about politics, poverty, foreign policy, and all of the other problems that plague us? […] After a series of historic failures — from the credulous reporting on the nonexistent weapons of mass destruction in Iraq to the business press missing the story of the subprime mortgage scandal and the financial crash until well after the fact — public trust in the media is at a two-decade low, with 63 percent of poll respondents saying that news stories are often inaccurate.
The People’s Platform: Taking Back Power and Culture in the Digital Age, by Astra Taylor (p. 77).

When it comes to companies trying to be the future of news, BuzzFeed obviously has the traffic side of things down — they’re astoundingly successful, even if it’s a stretch to call their content news:

I like Bill Kovach and Tom Rosenstiel’s definition that journalism functions as a society’s moral cartography, “providing citizens with the information they need to be free and self-governing.” It’s really hard to marry 99% of what BuzzFeed produces to reasonable definitions of journalism. I think BuzzFeed is incredibly successful at what it does — I just think that what BuzzFeed does isn’t news, it’s some sort of hybrid info-tainment site. — BuzzFeed’s Relationship to News.

They also seem to have a good firewall between the content and advertising sides of the newsroom, in that journalists can write about whatever they want regardless of what’s happening in advertising, by policy. I think this church-and-state separation is critical to a publication’s ability to deliver news that fits Kovach and Rosenstiel’s definition. (Bizarrely, Jay Rosen and I seem to disagree on this point.)

Beacon is another potential solution, which aims to put the cart before the horse and fund journalists before they go out and do the research. It’s a crowdfunding solution to content production, whereby the journalist has some idea that her audience exists before setting out to research and write the piece.

I’m not sure if the Kickstarter-for-journalism model can solve all the industry’s problems. It’s a lot easier to read five articles with cat .gifs than part with $1 or $5 or $10 for a really decent bit of political journalism.

A more efficient model for reading news online might be for some new service to negotiate with newspapers directly, allowing consumers to read stories from various sources for one price. Readers would pay only for that service, not for each individual subscription.

But at the end of the day, we’re still working these problems. Similarly, we have no good answers for the current privacy debate — how much governmental encroachment into our private lives is “okay” in the name of national security. The best we can hope for is that privacy advocates continue to contextualize the latest developments (hell, that’s what I’m doing).

Tommy Collison is an activist and New York University student who examines privacy and the future of journalism in a post-Snowden world. He runs events where journalists, activists, and other citizens can learn how to reclaim their privacy online.

Back in New York, Starting a Rock Band

by Tommy Collison in

(Title reference.)

Arrived back in NYC today. Jet-lag was strong but thankfully I have a week and a half before classes start. Using that time to swim, sleep 8 hours a night (a wonderful habit I built up over the break that is 100% untenable during the semester), read, and catch up with friends. 

PSA for NYC friends: Crypto Harlem is happening on 1/22. Details here

What I'm Reading: 
Julia Serano's Whipping Girl: A Transsexual Woman on Sexism and the Scapegoating of Femininity and Jason Stearns's Dancing in the Glory of Monsters: The Collapse of the Congo and the Great War of Africa. I picked up the former in the LGBTQ center just before Xmas break and am only getting to work through now. The latter was a present because I might be going to Ghana with the NYU journalism program in June. More news on that once I apply. 

What I'm Listening To:
Guys and Dolls for my Broadway fix, Everything in Transit by Jack's Mannequin for everything else. 

What I'm Learning:
Not learning as much as during the semester. Check back in a few weeks! 

What I'm Procrastinating By Writing This Blogpost:
Not strictly procrastinating, but I took a break from reading to post this.

David Cameron Should Worry You

by Tommy Collison in ,

Why “We must not allow terrorists safe space to communicate with each other” is fear-mongering garbage.


David Cameron has promised a “comprehensive piece of legislation” to close the “safe spaces” used by suspected terrorists to communicate online with each other. If he wins the election, Mr Cameron said he would increase the authorities’ power to access both the details of communications and their content. —David Cameron says new online data laws needed. BBC News, 12 January, 2015.

Leaked NSA slide from Edward Snowden

Leaked NSA slide from Edward Snowden

It should have come as a surprise to nobody that leaders around the world are jumping on the Charlie Hedbo attacks in Paris as a means to justify increased warrantless surveillance.

What you should take away from his statement is that he’s willing to encroach on the civil liberties of millions of British people in a misguided attempt to increase national security. We know from leaked NSA slides (see left) that this has always been the desire of the surveillance arms of the UK and US governments. Now, they’re using the fear that Paris generated to pass legislation.

But here’s why implementing something like this would actually make us less safe.

It’s unclear exactly what specific measures Cameron is suggesting, but for argument’s sake, let’s assume he wants to create a backdoor into end-to-end encryption and criminalize online anonymity. A software backdoor would allow the government access to data even if it’s encrypted in transit. Skype is an example of this: Skype chats are encrypted as they move over the network, but Microsoft partnered with the NSA to give them access to the decrypted messages.

Criminalizing online anonymity is the bigger issue. His logic is that existing online anonymity software allows terrorists to communicate freely, and that if using these tools was a criminal offense, terrorists couldn’t coordinate and carry out attacks.

I think that’s a very big claim for David Cameron to make, and I don’t think he can deliver.

In 2012, a Mexican drug cartel realized that the telco networks were being monitored. Their response? They built and maintained their own radio network to communicate in secret.

The fact that something benefits terrorism should not be a concern in and of itself. We know that terrorists use phone networks and websites and even, yes, World of Warcraft. We know they use Google Earth.

Are we supposed to criminalize all those? Communications infrastructure by its nature can be used for legal and illegal purposes in the same way anything can. David Cameron is not calling for the criminalization of cars just because one was used in a hit-and-run attack last week.

Doesn’t Tor enable criminals to do bad things? “Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.”

Doesn’t Tor enable criminals to do bad things?
“Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.”

There are dozens of legitimate uses of anonymous browsing that have nothing to do with terrorism.

  • US military field agents use it to safely communicate with home base (Tor, the online anonymity network, even notes that it was created “with the U.S. Navy in mind, for the primary purpose of protecting government communications”)
  • US law enforcement officials use it to conduct sting operations.
  • Citizen journalists in China write about local politics.
  • Activists in repressive regimes use it to communicate without being arrested, tortured, or killed.

If we allow online anonymity to be criminalized, journalists, lawyers, doctors, police officers, activists, and human rights workers would be unable to do their jobs. Doctor-patient confidentiality would be eroded, and journalists would no longer be able to guarantee source anonymity.

It’s easy to fall for Cameron’s rhetoric while we’re still reeling from the Paris attacks. But reactionary laws like the one described are prime targets for civil liberties violations and they don’t even make us safer.

Read More: What’s a Crypto-Party, and Why Should I Care?

Tommy Collison is an activist and New York University student who examines privacy and the future of journalism in a post-Snowden world. He runs events where journalists, activists, and ordinary citizens can learn how to reclaim their privacy online. The next workshop is in Brooklyn on January 30th. Want to attend? RSVP by e-mailing tommy@collison.ie.

What's a Crypto-Party, and Why Should I Care?

by Tommy Collison in

Want to be alerted when the next NYC privacy and encryption workshop is happening? E-mail tommy@collison.ie for more information.

Photo credit: Victor Jeffreys II.

Photo credit: Victor Jeffreys II.

When I’m not in class at NYU, I run events where journalists and activists can learn how to use privacy software with Verso Books. I teach them about the Tor browser as well as how to encrypt their e-mails and instant message conversations. This post answers the two most common questions I get.

Crypto-parties are events where people bring along laptops and other mobile devices to learn how to use basic encryption tools and discuss privacy in more general terms.

Whether you’re filing your taxes, browsing the Internet, or communicating with a loved one, privacy is a fundamental human right and it’s a non-negotiable requirement for a functional democracy. Journalists need it to protect their sources, activists working under repressive regimes need it to make their voice heard, and ordinary citizens should be able to keep their professional and medical info secure.

In a society where we're all being watched (or we always think we're being watched), we automatically engage in behavior that's more passive and compliant. The private realm is the realm in which creativity and dissent and exploration and human freedom exclusively reside.

Having something to hide is perfectly natural — what we tell to family is different to what we tell our employers or colleagues or friends, and that doesn’t make us duplicitous or secretive people. Under mass surveillance, though, we change how we act: we may choose not to go to a political meeting, or we may choose to stay quiet about a particular political opinion. In both cases, surveillance is chilling your expression. Crypto-parties seek to mitigate that problem.

Photo credit: Victor Jeffreys II.

Photo credit: Victor Jeffreys II.

Crypto-parties are often posited as being anti-NSA or even anti-American, but that’s not the case. The NSA, its contractors, and its global partners are collecting data about us, including our browsing history, location, phone-call metadata, e-mail content, and health information. And it’s not just three-letter government agencies: the profit margins of companies like Google and Facebook rely on building a profile of your habits and personality traits. They use the contents of your e-mails or the list of your self-reported interests to target you with ads, even when you think they’re not tracking you.

Privacy advocates say that there should be more checks and balances when it comes to consumer’s personally-identifying information online, but until legislation curbing these privacy violations is introduced, they encourage the use of encryption software, and crypto-parties are places to learn about them.

The next crypto-party will be held in Brooklyn on January 30th. I'll be announcing the following one soon. Want to get in touch? Check out my about page.

Being Tolerant of Intolerance: On Charlie Hebdo and Free Speech

by Tommy Collison in

"It is tragic that individuals, artists and journalists, were murdered [but] the abhorrent murder of individuals does not erase an institution’s history of promoting oppression and disseminating oppressive ideas."wishverse.tumblr.com

"But this week’s defense of free speech rights was so spirited that it gave rise to a brand new principle: to defend free speech, one not only defends the right to disseminate the speech, but embraces the content of the speech itself. Numerous writers thus demanded: to show “solidarity” with the murdered cartoonists, one should not merely condemn the attacks and defend the right of the cartoonists to publish, but should publish and even celebrate those cartoons."
Glenn Greenwald, The Intercept

A lot of the talk about the Charlie Hebdo news has centered on this idea that the cartoonists somehow brought the attack on themselves, or deserved it for provoking the wrath of the extremists.

I don't like this line of thinking, and I disagree wholeheartedly with it. It's the same sort of victim-blaming mentality that sometimes comes up in the national discussion in the US about campus rape. It's wrong-footed and toxic to any sort of meaningful discussion. A lot of the online discussion I've read has been debating whether society is richer or better off when it can print blasphemous cartoons. I think this is true -- a society with a free flow of ideas and criticisms is better than one which has restrictions on it.

But there's also been a weird conflation, where if you agree with the principles of free speech, you have to like or agree with the speech. This is not something I agree with. When the ACLU defends the right of Neo-Nazi groups to march through the community of Skokie, Illinois, they're not implicitly condoning Naziism. Free speech advocates have a responsibility to be aware that the speech they're defending can be anti-Semitic, Islamophobic, sexist, homophobic, ableist, xenophobic, and racist. (In that case the ACLU did condemn anti-Semitism unequivocally.)

I don't think it's enough to say "I don't like what you say but I'll defend to the death your right to say it," you have to say all that and then "...but also, have you considered not being a racist piece of shit?". People baying for the blood of those condemning Charlie Hebdo need to be careful that they don't end up defending Islamophobia or racism. Political incorrectness sometimes looks a lot like bigotry. I don't think they should be illegal, but I don't find privileged humor that punches down at marginalized group to be funny, and I don't particularly feel compelled to perpetuate it.

I think rape jokes are abhorrent, but I don't want to live in a world where it's illegal to make them.

The Ethical Considerations of the Tor Browser

by Tommy Collison in ,

During the fall semester, when I was still figuring out what I wanted to study, I took a class called "Privacy in Information Technology," which dealt with topics like surveillance, big data, online anonymity, and the like. 

30% of the grade was a final group project in December on some aspect of the course material, which consisted of a 10-15 minute spoken presentation and some form of media. An activist friend of mine and I decided to look at the ethical considerations of the Tor Browser, an online anonymity network. Here's a bit of background about that project, and some of the text of the talk we gave.

We were interested in the topic not only because of work we'd previously done about campus surveillance, but because of the rhetoric of the current debate for online anonymity. Yesterday, Bloomberg ran a story about Manhattan District Attorney Cyrus Vance, who said that Apple and Google should be legally compelled to hand over customer data necessary to investigate crimes. Police, he claimed, might not be able to stop crimes against children or solve murders without this data. His comments echo those of FBI director James Comey, who said he could not understand why Apple would “allow people to place themselves beyond the law.” Other police officials have been unequivocal in their condemnation. “Apple [iPhones] will become the phone of choice for the pedophile,” said John Escalante, head of the Chicago Police Department’s Bureau of Detectives. 

Given that this is the current debate, we decided to lay out the ethical considerations of using a web browser which enables online anonymity and resists censorship. 

Tor --and online anonymity in general-- has a pretty bad reputation in some quarters. The only people who want it are criminals, it's inherently bad because you can use it to access child pornography or stalk people. The rhetoric is usually that only "bad people" want online anonymity, using whatever definition of bad people you care to use on a given day. After all, who gets called a terrorist in the US is different to who gets called a terrorist in Syria, which is different to who gets called a terrorist in China.

So we've talked a little bit about Tor and how it works already, and we're going to look at what that means for different actors in any given browsing session -- you, the server you access, the third-party cookies on the webpages you visit, your Internet Service Provider (ISP), and whatever government agents happen to be monitoring your connection. In short, what's the difference between using Tor and using, say, Google Chrome?

The first thing you might notice about Tor is that it's a little slower than other web browsers. Using it means you have to fundamentally change your browsing habits: everyday webpages are full of browser extensions and third-party cookies that reveal information about you, and Tor blocks almost all of them by default. 

So we have a bunch of people who are involved in a given browsing session. When I visited Prezi.com, Ghostery told me that there were trackers from AdRoll, AppNexus, Bizo, Google Adwords, Google Analytics, Google Dynamic Remarketing, Google Tag Manager, Optimizely, and Quantcast. The takeaway here is that a lot of people knew I visited Prezi who weren't Prezi. Also, NYU, my ISP at college, knew I did, because I didn't use Tor. If I had, NYU would have seen that I pinged a server in Japan or something, but they wouldn't know where that connection went from there. Also, because my connection with Tor looks different every time, third-party cookies are virtually useless.

"[When it comes to your government tracking and recording you,] most people believe that the state will never target them, that the only targets will be sub-human, you know -- terrorists, which is just coded racism for Muslims, usually." -- Jacob Appelbaum, Tor developer and activist.

A core tenet of the privacy class we took is that privacy is not synonymous with secrecy but rather that the flow of personal information about oneself should flow appropriately, subject to constraints depending on the context. By this, we acknowledge that people assume different roles depending on the situation. In class, I am a student; at home, I am a son, or a brother, and at my place of work, I am a staff columnist. In the eyes of the US government, I am a visa-holding citizen of a foreign country. Contextual integrity divides social interactions into actors, activities, norms, and values, which allows us to debate the legitimacy of privacy in a given situation. Contextual integrity means that it's considered strange or inappropriate to tell your barista about your marriage problems, but perfectly normal to tell someone who's acting as a marriage counsellor. Similarly, in the doctor/patient context, it's unusual for a counsellor to start telling you about their own problems. 

So we've come to the conclusion that using Tor restores contextual integrity, because if I access NYU's health center to get test results, I don't want third party cookies knowing I did that. If you know someone called a suicide hotline from the Golden Gate Bridge, you could guess at their mental state at the time. Essentially, Tor restores the integrity of your communications and web-browsing because it reduces the interaction back to you and the server: no governments, no data brokers, nobody eavesdropping on your network. 

So then the next question is whether Tor is ethically "worth it," because for every person who's researching HIV treatments and whistleblowing on repressive regimes, there is, the argument goes, someone looking up child porn or stalking someone or buying heroin.

If you imagine an activist who's reporting on the ground from China, or someone trying to organize safe passage out of Syria for their children, they don't have that many tools at their disposal. Now, let's imagine a women in New York who's being harassed online by someone using Tor. How do you begin to weigh up that world -- online sexual harassment is abhorrent, but you can't really put it on a weighing scales against whistleblowing. 

It's not a question of absolutes, whether you can do X or Y. It's a question of relativity and also of perception. Being stalked sucks, but a creep stalking a woman in the US has a plethora of tools: if Tor gets shut down, he picks from a dozen alternatives and the harassment continues. But that woman in Syria doesn't have a whole lot of alternatives. It's people like that Syrian women that lead us to believe that, yes, a world with Tor is better than a world without it.

Tommy Collison is a privacy advocate and journalism student at New York University who runs events where other journalists and activists can learn how to use online privacy tools. He's @tommycollison on Twitter.

Student Newspapers

by Tommy Collison in

(Disclaimer: I'm writing this in a personal capacity, not on behalf of the Washington Square News. Opinions are mine.) 

I'm happy to say that I've accepted a position with the Washington Square News, New York University's student newspaper. I'll be moving from a staff columnist to the deputy opinions editor. 

After a year and a half of taking classes towards various major, I'm starting to settle down into a double major of politics and journalism. I had debated doing communications, or creating my own major at the intersection of privacy, journalism, and technology, but I've largely settled on doing a journalism and politics major. Studying journalism means studying a craft, learning how to research and report, but NYU thinks (and I agree) that college should be for learning bodies of knowledge, which is why journalism students are required to double-major.

When I arrived at NYU in 2013, joining the paper was a no-brainer, and I freelanced and wrote two articles for them that fall, working as a stringer, writing articles that regular staff reporters didn't get to. I didn't write much during the spring semester, probably because I thought I was too busy with privacy stuff. I was introduced to activists at the EFF for the first time, and immersed myself in the cryptography scene. 

This past fall, when I recommitted myself to majoring in journalism, I decided to get more involved in the paper full-time. I had a hunch (that I confirmed by talking to other reporters) that any journalist worth their salt started off by writing for their college newspaper. But there are a ton of reasons to write for your college newspaper apart from it looking good on a resumé: I practice working on a deadline, I befriend other journalism students (before we get too caught up in the jobs rat-race after graduation...), and I write weekly. A lot has been said about 10-articles-a-day "churnalism" (list articles, press release rewrites, etc.) but I'm not referring to that -- the ability to write well is like a muscle, in that it improves with continued use and strengthening. Conversely, disuse causes atrophy. With this blog, there's a temptation to take breaks from writing or only write when it suits me. With the paper, it's like clockwork, because there are column inches that need to be filled. 

Moving from a staff columnist (where I wrote --and will continue to write-- a weekly column on technology and social life that was affectionately referred to as "Collision Course") to the position of deputy editor position is a big change: I'll be tasked with editing some of the pieces submitted by staff and contributing columnists (the distinction: whether they write pieces weekly or only now and then -- staff columnists are expected to write once a week every week). I haven't done a huge amount of editing of other people's work before, so I expect that's where most of my on-boarding will be. 

Working at the paper over the fall semester was a great experience. There are probably half a hundred blogposts out there about how great it is to be working in a fast-paced environment and getting valuable experience in reporting. All that's true, but you don't need another blogpost from me to describe it. Yes, it's great experience. No, it's not really like The Newsroom.

(Trigger warning: discussion of rape and its handling in student newspapers.)

One of the most interesting newspaper experiences I had happened right at the end of the semester, and it was a confluence of my work in social justice circles and my interest in journalism. For background: As well as writing one article a week, staff writers are expected to contribute to one of that week's editorials (three pieces where the newspaper as a whole takes a stance on something). I arrived into the office that evening expecting to be writing a piece about Eric Garner, since it was about the time a New York grand jury failed to indict Daniel Pantaleo, the NYPD officer who put Garner in a chokehold. 

It turned out that the newspaper was about to break the story that in September 2013, a then-freshman was raped at an off-campus party. A judicial hearing following in March 2014, and the rapist was found responsible and suspended for the remainder of that Spring semester, as well as the Summer and Fall terms. Washington Square News, NYU's official student newspaper, was going to break the news after the rape victim came forward and spoke to one of the paper's Staff Writers. While the news desks were working on the story, the opinions staff was asked to write an editorial about the incident.

A group of us got together and wrote an editorial condemning what we saw as the NYU administration failing rape victims. We warned that NYU was at risk of becoming a part of a nationwide problem of treating rape as a minor assault:

It is clear that the NYU administration is only nominally interested in prosecuting sexual violence, one that believes there are shades of grey when it comes to rape. The current attitude is discouragingly pervasive and undeniably toxic. Rapists should receive the harshest university response possible and be prosecuted to the fullest extent of the law. [...]

NYU should not have given Olsen a petty suspension and housing banishment — he should have been expelled.  If NYU is unable or unwilling to sufficiently determine an appropriate punishment, this type of case should be ceded to the police. This punishment should not apply solely to [the rapist in this incident], but to all rapists enrolled in college. Approaching rape with a dismissive and forgiving attitude indicates a tolerance for a crime that threatens campus health and public safety. Acceptance of sexual assault to any degree is an affront to decency and justice.

It was a strong editorial, and it caused a stir when it went live. The editorial's byline reads WSN Editorial Board, so who exactly wrote what line isn't revealed. The next day, as I went to class, I watched people picking up the newspaper and talking about the story with their friends. It was a strange experience, getting to see people read and talk about a story I was involved in writing, unbeknownst to them. In Bobst Library, I watched someone I didn't know idly grab a copy of the paper, start reading it, and then have what looked like a PTSD anxiety attack. It was a sobering experience, and it was hard to see something like that happen and know that you had some indirect part of it. The front-page article and the editorial both had trigger warnings on them, and so I think the WSN did everything it could, but it was still jarring. 

And it certainly got the attention of the administration. Four days later, the senior vice-president for student affairs wrote a letter to the editor responding to our claims that the university had mishandled the case. "[T]o suggest that the University (and its faculty, staff, and students involved in this process) are incompetent or unconcerned about student welfare," he wrote, "is simply and completely incorrect."

Reading our editorial a month or so later, I stand by what we wrote -- I think we struck the right chord and captured what we were feeling at the time. The criticisms we levied at NYU are mostly to do with the lax punishment the judicial hearing handed down. We didn't single any one person out for criticism: the only university administrator mentioned by name is Thomas Grace, the director of NYU's Office of Community Standards, who noted that deciding punishment "depends on the exact circumstances of the incident."

When people ask me about studying in New York, I always comment that it's a great spot to do journalism, because there's so much going on. The city just keeps happening around you, non-stop. In the opinions section of the Washington Square News, the diversity of NYU's student body especially shines through. I'm looking forward to working with such a talented group next semester, and beyond.

Telegraph: Anti-terror plan to spy on toddlers 'is heavy-handed’

by Tommy Collison in

From The Telegraph:

Nursery school staff and registered childminders must report toddlers at risk of becoming terrorists, under counter-terrorism measures proposed by the Government. The directive is contained in a 39-page consultation document issued by the Home Office in a bid to bolster its Prevent anti-terrorism plan.

Everyone always jokes about the US being the nanny state, but the UK really is giving it a run for its money here. I'm especially freaked out because I just finished 1984, where kids are routinely encouraged to rat out their parents. Mostly, though, I just don't get how this is going to be a viable strategy in terms of curbing terror -- I'm skeptical that the authorities are going to pick up on anything of use from scrutinizing toddlers.

The Telegraph quotes a UK Home Office as saying “We are not expecting teachers and nursery workers to carry out unnecessary intrusion into family life, but we do expect them to take action when they observe behaviour of concern," but we're given no inclination what "unnecessary intrusion" and "behaviour of concern" is defined as. 

Telling childcare professionals that they should report on the stuff kids say is concerning enough -- without stringent abuse safeguards and careful oversight, I think this proposal represents a huge potential for abuse. 

1984 in 2015

by Tommy Collison in

I just finished rereading George Orwell's 1984. I read it for the first time when I was 14 or 15, and most of the significance went right over my head. Since then, I've become more interested in surveillance and privacy, which are arguably main themes of the book. I was curious to see what would jump out at me if I reread 1984 with more context, so I picked it up while in my parents' house over the new year. 

The parts that jumped out at me are still in the early part of the book, when Winston is describing the conditions he lives under -- the telescreen and all that. In a privacy class at NYU this year, we learned about the idea of a panopticon. Originally, it was a prison design where a watchman could watch inmates simultaneously, but the inmates couldn't tell whether or not they were being watched at any given moment. More generally, the idea of constant surveillance as a form of behavioral control has come to the fore of the surveillance debate as technology has improved. Devices like CCTV cameras drastically lower the cost of widespread persistent monitoring.

The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live—did live, from habit that became instinct—in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.
—George Orwell, 1984, page 5.

This sort of control is particularly insidious because it's less overt than gates and locks and guards -- the impulse to behave in an acceptable fashion (for whatever definition of "acceptable" used) exists in the mind of the surveilled rather than being imposed externally. 

In “The Chilling Effects of Surveillance," a study done by Stanford University psychologists Gregory White and Philip Zimbardo, participants were placed under varying levels of surveillance as they were asked their opinions on the severity of marijuana penalties. Those who were under surveillance (told that their answers would be shared with the police for training purposes) were more likely to denounce pot use. 

From the discussion section of the paper: 

The evidence from this controlled experiment demonstrates that the threat of surveillance exerts a powerful influence over behavior, beliefs, and feelings, whether or not that threat is realized. [...] The present experiment demonstrates, however, that the threat or actuality of government surveillance may psychologically inhibit freedom of speech at the price of increased disrespect for the government and society itself. Our research design did not allow for the easy possibility of avoiding "assembly," but we would expect that the anxiety generated by threat of surveillance would cause many people to totally avoid situations that are assumed to be under surveillance. Since such assumptions are limited only by one's imagination and are encouraged daily by revelations of government and institutional invasion of privacy, the boundaries between paranoid delusions and justified caution indeed become tenuous.

I think 1984 is an important book to bring to the present surveillance discussion, but it's important to be clear about what comparisons should be drawn. I don't think any government today has reached the stage of truly rewriting the past to the scale of Big Brother. But, I think 1984 is a good example of a society with ubiquitous surveillance and the chilling effects on a populace.

My suggestion: read this, and then read Brave New World, by Aldous Huxley. Orwell’s view of the future is well-known: individualism is prosecuted, there is omnipresent government surveillance, and thinking socially-unacceptable thoughts is tantamount to treason. Huxley approaches the same view of an oppressive future regime from the opposite angle. Where 1984 posits that the government would keep information from us, Brave New World’s world is one where we choose to distance ourselves from uncomfortable thoughts and experiences with mind-altering drugs. In short, people choose happiness over truth.

Dublin, IE, Encryption Event: SpunOut.ie

by Tommy Collison in ,

Ready to announce a privacy talk and encryption workshop I'm hosting with SpunOut.ie next week. It's on Wednesday, January 7th, at SpunOut's offices at 48 Fleet Street, Dublin 2.

I'm going to be talking about privacy in a networked world, and teaching participants how to use the Tor browser and other encryption systems. Registration is free via the EventBrite here. 

I'm a big fan of SpunOut.ie, so I'm delighted to get to work with them on something that affects young people. I'm planning on making it a discussion-based event, because Ireland's a different landscape to the US, especially as far as surveillance is concerned. 

Via their announcement blog

SpunOut.ie are proud to partner with privacy activist Tommy Collison to run a workshop -- or Crypto-party -- where participants will be invited to bring along laptops and other mobile devices to learn how to use basic encryption tools and to discuss wider privacy issues. The workshop will take place on Wednesday, 7th January 2015 from 7pm - 9pm at SpunOut.ie's offices in Temple Bar, Dublin 2. Entry is free, but registration is required.

Leelah Alcorn

by Tommy Collison in

Trigger warning: suicide.

The world is a little darker tonight. A light extinguished. 

Leelah Alcorn was a 17-year-old transgender woman from Ohio. She committed suicide on Sunday, December 28th, when she was hit by a tractor-trailer.

She left a letter on Tumblr, which she scheduled to go live after her death:

"That’s the gist of it, that’s why I feel like killing myself. Sorry if that’s not a good enough reason for you, it’s good enough for me. As for my will, I want 100% of the things that I legally own to be sold and the money (plus my money in the bank) to be given to trans civil rights movements and support groups, I don’t give a shit which one. The only way I will rest in peace is if one day transgender people aren’t treated the way I was, they’re treated like humans, with valid feelings and human rights. Gender needs to be taught about in schools, the earlier the better. My death needs to mean something. My death needs to be counted in the number of transgender people who commit suicide this year. I want someone to look at that number and say “that’s fucked up” and fix it. Fix society. Please."

Leelah Alcorn was failed by the adults around her. She was, as others have noted, a women who wanted to live life with dignity. I'm sorry we don't live in a world that affords that dignity to everyone. It's on all of us (transgender, not transgender, LGBTQ+, not LGBTQ+) to play a role in building that better world.

I never want someone to think that their present and any of their million potential futures is so hopeless that their only option is to kill themselves. I want to build a better world than the one I currently find myself in.

To the parents who use their religion as a stick to beat their children, to the parents who refuse to accept who their children are, you are implicitly stating that you would rather bury your child than love them. 

You can donate to TransOhio here.



Ethical foundations of hacking: motivation and limits

by Tommy Collison in

This was posted on several fliers around #31c3 and I wanted to transcribe it. As far as I can tell, the flier I transcribed is an English translation of ccc.de/de/hackerethik, but I can't speak to the translation quality.

  1. Access to computers -and anything which might teach you something about the way the world works- should be unlimited and total. 

  2. All information should be free.

  3. Mistrust authority — promote decentralization. 

  4. Hackers should be judged by their actions, not bogus criteria such as appearance, age, species, gender, or societal position. 

  5. You can create art and beauty on a computer.

  6. Computers can change your life for the better. 

  7. Don’t scrabble around in other people’s data. 

  8. Utilize public data, protect private data.

Doing Right By Everyone

by Tommy Collison in

Build tools with a social conscience. 


Technology is a means, not an end.

I'm at #31c3 right now, a computer/hacking/privacy conference in Hamburg. I'm writing this while sitting in a talk about the internet voting pilot system in Norway. A lot of the talks here are along such lines: using technology to streamline an existing analog process. It's a very millennial idea, and in theory I definitely support it, but technology isn't a blanket solution.

But I'm concerned that sometime, we divorce technology from existing social issues: 

  • "Oh, on the internet, everyone is just an avatar, so gender-based harassment isn't perpetuated online."
  • "Oh, it's impossible to be stalked online -- can't you just ignore them?"
  • There are bigger issues.

I've become immersed in the online privacy and cryptography scenes over the past year, and I'm particularly interested in the intersection of privacy and existing offline problems. One of my favorite apps right now is Circle Of 6, an app which aims to "prevent violence before it happens." (Hoping to get NYU on board with this next semester -- stay tuned.)

New technologies, and particularly privacy and crypto tools, have to be built with a social conscience. If you're building something, ask yourself how (or if) it's going to benefit marginalized groups. If the benefit of your new technology accrues only to a small already-privileged group, I challenge you to take another look.

As I wrote earlier this month, I was proud to sign The Tor Project's Solidarity against online harassment open letter. Our technologies don't exist in a vacuum, and we have to be aware of this.


Hamburg Diary

by Tommy Collison in

So I'm sitting here in one of the many really nice cafés in Hamburg, taking the day off from the 31c3, the internet privacy/hacking/security conference I'm attending. The talks have been really interesting, but because they're all recorded and put online, I find myself actually not putting a whole lot of importance on physically attending the talks -- it's also a lot of fun to spend time with a bunch of friends who are also in Hamburg. 

Hamburg is a really nice city. NYU has about 16 study abroad sites, campuses in other countries where you can take classes. I'm thinking of doing somewhere completely new to me, like Shanghai, or Abu Dhabi, but the idea of spending a semester or two in Berlin is also really appealing to me. (Admittedly, it's moving from one city with good public transport and a thriving crypto scene to another.) 

I think I'm enjoying this conference more than HOPEX because I'm not defining success as going to 100% of the talks, or even 100% of the talks that look interesting to me. The first evening, I missed two talks that looked great because a group of about 20 of us went to a bar to catch up.

I'm back to Ireland for a bit in January, and I think I'm pretty close to announcing two encryption workshops I'll be hosting in Dublin. More on those when I have details firmed up. Being around 31c3 has been great, because I've seen about a dozen cool things that I want to add to my talks -- I guess nothing breeds creativity quite like a conference full of like-minded people. 

My view en route to this café.

My view en route to this café.

31c3, day two

by Tommy Collison

I'm in the process of putting together a longer CCC tips post, but for now, Hamburg looks great:

Shot taken from a hotel corridor window. The way Hamburg catches the light is gorgeous.

Shot taken from a hotel corridor window. The way Hamburg catches the light is gorgeous.

A frozen pond in Planten un Blomen, the 47-hectare park right beside the convention center.

A frozen pond in Planten un Blomen, the 47-hectare park right beside the convention center.