The Electronic Frontier Foundation is potentially more freaked out by a Trump administration than just about anybody, probably because they have a deep grasp of just what the government can do—and who they can target—with technology. To that end, they have five immediate tech fixes that need to be implemented. Immediately.
The results of the U.S. presidential election have put the tech industry in a risky position. President-Elect Trump has promised to deport millions of our friends and neighbors, track people based on their religious beliefs, and undermine users’ digital security and privacy. He’ll need Silicon Valley’s cooperation to do it—and Silicon Valley can fight back. […]
We present here a series of recommendations that go above and beyond the classic necessities of security (such as enabling two-factor authentication and encrypting data on disk). If a tech product might be co-opted to target a vulnerable population, now is the time to minimize the harm that can be done. To this end, we recommend technical service providers take the following steps to protect their users, as soon as possible:
Those recommendations:
- "Give your users the freedom to access your service pseudonymously." It's already a problem for activists—particularly those in vulnerable populations—to have to declare themselves publicly online. In a Trump administration it could be downright dangerous.
- "Do not attempt to use your data to make decisions about user preferences and characteristics—like political preference or sexual orientation—that users did not explicitly specify themselves." That's behavioral analysis and the problems with it are pretty obvious. Users should always be able to edit that kind of personal information or opt out of providing that info altogether.
- "Now is the time to clean up the logs. If you need them to check for abuse or for debugging, think carefully about which precise pieces of data you really need. And then delete them regularly—say, every week for the most sensitive data." If you don't have the data about activists or individuals in your logs, you can't provide them when the government asks for them.
- "Seriously, encrypt data in transit. Why are you not already encrypting data in transit?" Put encryption in place now, and fight like hell to keep it in place under the new regime.
- "If your service includes messages, enable end-to-end encryption by default. […] You must give users the option to turn on end-to-end encryption universally within the application, thus avoiding the dangerous risk of accidentally sending messages unencrypted."
As consumers, we should be demanding that the companies we do business with follow these recommendations and keep our information safe. (Daily Kos is currently reviewing all our procedures. We don't keep a lot of personal information for users, but we're serious about making sure we've got what we do have locked up tight.) Beyond who you do business with, make sure that you yourself are educated and protected.