How did you get into digital activism?
I was originally a journalist covering these issues. More broadly, the reason why I got into covering tech journalism is that I was part of the first generation that grew up with communications technology being part of their life. It's always a sort of continual amazement to me, who used to dream of just living near a bigger library, that I now have access to as much of the world's information as is possible. All of us recognize the social challenges that come with having that kind of setup, but it still remains an environment that is better for humans than what existed previously. The internet enables and enhances a lot of civil liberties that we can still very easily imagine going away.
In one of your first forays into this subject, you were instrumental in founding the Open Rights Group in the United Kingdom. What was the major motivation for switching from journalism? What were the major challenges for that group, and what major successes did you have?
It's an interesting question about when journalists move into a more activist role. I think those two roles blend a lot more these days than they did in, say, the 1990s. One of the things that was particularly frustrating at the time, in the early 2000s, were the people who did understand [the actual impacts of technology] were a long way away from the halls of power. Almost everybody involved in the policymaking process had poor insight into what the Internet was, how important it was, and the impact of digital technology in general.
The Open Rights Group was an attempt to connect those two communities together. I had had some experience documenting and working with the folks who were originally sort of guerilla public interest activists, in the sense that they would build websites that were better than the government websites and connect citizens to their lawmakers. In a terrible kind of thing that reveals exactly when it was made, there was a website called Fax Your MP, which was deliberately anachronistic because the only way you could get hold of your Member of Parliament (MP) was faxing them. So we basically set up an email-to-fax gateway. That experience [of setting up Fax Your MP] showed us there were a bunch of people who were vaguely technically knowledgeable who did not have any ability to reach out to either lawmakers or the government institutions.
In terms of victories, one of the reasons why Open Rights Group started was an EU-wide law that was passed very quickly and with very little debate. The law required all Internet service providers to retain the data of all of their users for between six months and three years. Now, we recognize that storing that amount of data is just creating this vast honeypot of information. It means that people who have not done anything get their data stored and kept and handed over to the government if necessary. And, of course, nowadays the European Union is really one of the leading jurisdictions pushing back against that kind of unnecessary data collection. At the time, nobody within the European Union really knew that this was a big deal. Open Rights Group, as well as other digital rights groups around Europe, were instrumental in having that regulation thrown out by the European Court of Justice.
Transitioning to your work at the Electronic Frontier Foundation (EFF), what exactly does the Director of Strategy at an organization like the EFF do?
Neither of the words in my title actually indicate any concrete value or occupation. We do increasingly work with the legislature these days, actually, but a lot of our heart lives in public impact litigation, somewhat like the American Civil Liberties Union (ACLU). In both of those cases, what you are trying to do is to give decision-makers a vision not only of what is going on now but of the possible futures. I think one thing that we learned very early at the EFF when we were fighting against broad censorship models in the early 90s was the difficulty of trying to explain what the counterfactual would be: if you did this small thing now, this would have huge consequences 20 or 30 years down the line. Part of my job is to try and anticipate what will be coming down the pike in 10 to 20 years. That is both fascinating and a little terrifying, because I think everybody at EFF feels at some point that, after looking at this stuff for months or years, you get your first phone call from a journalist about it, and you suddenly go from someone who has just been thinking and reading about this to somebody who is an expert in it. I have had that experience on multiple occasions.
Just to give you an example, we talked for a very long time about the dangers of digital rights management (DRM), these technologies that the rights holders use to lock down data so that you cannot copy it and the legal backing that allows them to criminally prosecute anybody who tries or tells anyone else how to how to unlock that data. We were worried about this from the very moment that the law that criminalized even speaking of such things was passed in the 90s. It was not until the mid-2000s that people started finding this DRM infecting a lot of what they used. I think we are in a slightly better place right now. I think there are some areas like music where DRM is mostly a dead letter. At the time, it moved from being a theoretical problem to one where people were actively concerned that when they put a CD into their computer, Sony (the music company) had actually put software on it that would take over their computer, and desperately try to stop them ripping the music off that.
I see a lot about the EFF, but mostly in a US context. I don't hear a lot about the international work that the EFF is doing. Could you talk a little bit about international work the EFF is doing and the way it is working with actors on the ground in different countries to promote digital activism?
Generally speaking, there is a digital rights group in every country that you can think of. That is not surprising because the internet is now pretty pervasive. As I said before, a lot of EFF’s best levers are in the judiciary, as we have over 30 lawyers who look for cases that may be able to change precedents. Now, that is not a strategy that is easily transferable because not every legal system has the concept of precedent or places the same importance on judicial decisions. In order to influence a country's policies by going to the courts, you have to have lawyers that understand that country's legal system, and we do not have the money for 200 different lawyers.
We lean on a few other things. One of the areas that I think sets us apart from a lot of civil liberties groups is that we have a fairly substantial tech team. We've always believed that one of the routes to protecting civil liberties is the exercise of them, and one of the things that can empower people to exercise their civil liberties is technology. So we build tools that get used all around the world. For instance, we have been complaining for a very long time about Big Tech's ability to track you around the web. In the end, we built a browser plugin called Privacy Badger, which tries to block that kind of tracking. Those have been internationally effective because we can translate them into different languages.
We try to provide logistical and policy support to a lot of organizations around the world, especially coordinating to prevent simultaneous attacks on civil liberties. Just to give you an example, the United Kingdom and Australia have passed laws in the last few years that give their governments extremely broad powers to demand that tech companies reengineer their technology to make it easier for those governments to conduct the same kind of mass surveillance that Edward Snowden described. It is a really retrograde step, and it means that governments now have a secret power to turn your phone into even more of a spying device than it was before. So that is a pretty global movement at this point. Just being able to coordinate on both sides of the Atlantic and in the Global South with our colleagues there at least gives us a fighting chance to stop the establishment of worldwide norms that would really undermine people's ability to communicate freely and securely.
Where do you see the space going in the next 10 to 20 years?
Theoretically, it is my job to know this. I think the big burgeoning issue right now is the insecurity of the Internet, and what we do about it. A lot of tech that is connected to the internet is not very well protected against malicious use. People can hack into systems, they can steal data, and they can bring down very essential parts of the internet. We have spent many, many years amplifying the voices of our colleagues who are computer security researchers, pointing out this house of cards. I think that we should shift the incentives around so that people most capable and most responsible for fixing those problems are incentivized to do so, rather than just increasing a punitive model, where we try to punish people after it has happened or punish people even for pointing out that it happened. Currently, cybersecurity is on this slightly disturbing war footing, where national governments accuse one another of conducting this kind of hacking but do not have any collective way to prevent it. I feel that that is a very dangerous model to pursue.
I think something that is almost a sort of metaphorical match for that is people's concerns about misinformation, harassment, and abuse online. This is now a pervasive problem and one that is demanding solutions. It is also something that spread into the political space. Nothing focuses a politician's mind more than when some particular issue affects them. Folks on both the left and right of the political spectrum around the world are concerned about misinformation or perceived censorship aimed at them. I think there are a lot of really bad proposals in this space. The space where we have always seen things improve, historically, is providing better tools, and better ways for individual users to empower themselves to protect themselves against harassment and abuse.
When you start thinking of this in terms of a collective empowerment problem, you begin to realize that it is just a piece of a wider issue we have in the United States about people's access to fair and just legal systems. Right now, tech companies give users a bunch of tools that are primarily based on what they see as the average user. The group that they see as an average user is one that looks like the average tech employee, who is fairly privileged, fairly white, fairly middle class. There are lots of different people who have lots of very different experiences of the Internet and need the tools to be able to handle and enhance that experience, and we are not seeing that right now.
Danny O’Brien is the Director for Global Strategy at the Electronic Frontier Foundation, where he also hosts the podcast How to Fix the Internet.