The NSA is watching us, and they're not alone. Ask me anything about who is watching, what they know and how to protect your digital privacy. I'm a co-author of the award-winning series, "What They Know," for the Wall Street Journal and have written extensively about how to safeguard your privacy online.

This is me.

EDIT 2:50 p.m. ET. I have really enjoyed answering your questions. Thank you for taking the time to stop by. I hope to continue this conversation here as well as on WSJ.com. You can find me on Twitter @jenvalentino.

Also, if you have anything you want to discuss outside a public forum, my info for more secure communications is here: https://jennifervalentinodevries.com/. I think it's good for reporters who cover privacy and surveillance to be sensitive to people's security needs.

Bye!

Comments: 123 • Responses: 43  • Date: 

kutletta12 karma

Could you single out one recommendation that in your opinion, greatly increases ones digital privacy significantly and if you can, please explain how this can be achieved.

jenvalentino18 karma

I think it's important to consider something called a "threat model." In other words, you need to determine what kind of surveillance worries you, and what type of surveillance you're most likely to see. The following recommendations go from easiest to more difficult.

  • For many people, protection against their threat model will just mean that they want to make sure tracking companies don't have information about them that could be used to influence the deals and offers they get. THAT mostly requires deleting cookies and using tools like Disconnect and Ghostery.

  • The next step is to make sure you are using a more secure network on the Web as frequently as possible. A browser add-on called HTTPS Everywhere will help you do that.

  • Other people might want to protect their Web browsing further and really be anonymized as much as they can. That requires something called Tor.

  • Then beyond that, you can use encryption. I find that a great introductory encryption tool is something called CryptoCat. That allows you to conduct encrypted chats and have cat emoticons. This is a good way to ease yourself into understanding that you can, indeed, use this sort of thing.

  • Beyond even that, you can check out Adium and Pidgin and something called OTR (off the record) chat. There is an IM server, jabber.ccc.de, that is quite good about not logging, etc. I suggest Googling those things.

  • A hacker called The Grugq, who is good at this stuff, recommends using Pidgin and OTR over Tor and creating multiple jabber.ccc.de addresses. He also recommends CryptoCat used over Tor.

  • And you can use PGP ("pretty good privacy") encryption for email and other things. I wrote up some instructions on it on my personal blog, but it's a little out-of-date. Could be helpful, though.

But all that said, if you are really in danger, be careful about relying on any of these things. There was a huge brouhaha over CryptoCat, for example, and whether it was safe enough for dissidents to use. The creators of that really do warn people whose lives are in danger, for example during the Arab Spring, that they should be careful about anything.

If someone is really after you, well, that's probably beyond a Reddit thread.

But anyway, that gives you an idea of threat modeling and the depths to which you can go.

(Edited to add further information about CryptoCat and OTR chat, as well as to link to The Grugq's Twitter feed, which I might regret.)

ekaj6 karma

TL/DR: watch "OPSEC for Hackers" it will run down the various ways of staying safe and anonymous/private.

To anyone reading this, in short, skip cryptocat, use Pidgin + OTR, don't believe that TOR is infallible, if you're worried about a nation-state entity, don't so let use TOR, VPN to a private VPS in say Russia or china or some other eastern block nation, the do it again. Then browse using TOR. If you monitor entry and endpoints determining who someone is would not be difficult, and given the fact that various governments setup/run TOR exit/entry nodes, it's not a silver bullet

Why would you suggest cryptocat? I believe that it has been shown to be insecure as nd the author of it basically said "Fuck you, I don't care". Stack overflow explaining why : http://security.stackexchange.com/questions/37306/is-it-possible-to-create-a-secure-chat-web-application-relying-on-html5-web-sock

In short, because cryptocat is a web application you must trust the security of the web server(not taking into account attacks/compromise of ssl). This means that if for whatever the server is compromised, you're SOL. It should also be noted that cryptocat I'd hosted in Sweden, which is very friendly with the US (they help with CIA rendition flights, have complete wiretapping of their incoming/outgoing Internet). It's for that reason that I feel cryptocat is insecure for anything than small things like selling drugs in your neighborhood or anything that wouldn't attract attention from someone other than your local police.

Pidgin + OTR is much more secure, and I believe that you should recommend that anytime over cryptocat, or explain the insecurities of it.

Also, trusting a 3rd party server in Germany does not sound like a great idea.

Don't get me wrong, I love your guy's coverage of these things and believe that this project is amazing for getting people up to speed.

Edit: cannabis helps with asthma. It enlarges the bronchial pathways, relieving some of the symptoms.

Also, have you seen the talk or slides by "the gruqq" called OPSEC for hackers? It contains a large amount of useful info regarding personal security and privacy. If not I highly recommend it.

jenvalentino7 karma

Hi.

Yes, that's why I suggest it as an introduction and caution that you shouldn't use it if you're in danger. I will say that many improvements to CryptoCat have been made since those reports came out, and also that holes have been found in Pidgin.

However, in my experience trying to get regular journalists and ordinary people to use encryption, I can beg until I'm blue in the face, and they won't use Pidgin until forced or unless they already understand technology. It's actually intimidating for many people.

CryptoCat provides a good introduction and eases people in to comfort with the concept of encryption.

Once you go down the rabbit hole of whether things are safe or not, you can come to the conclusion that "No, nothing is safe." If I could get people to use virtual machines and disposable hardware, I would.

So that was how I intended that response.

cqwww2 karma

Recommending security tools for dissidents should not be followed by a debate/"rabbit hole of whether they are safe or not". If they're not safe, it's irresponsible to recommend them. I recommend Washington Post start using rot13 for their whistleblowers, it's better than nothing, would be irresponsible, for example.

jenvalentino7 karma

Point taken. Thanks.

I'm not recommending security tools for dissidents, nor am I saying this is what I would use for confidential sources. I'm sorry if it came off that way. The OP seemed to be asking for some very basic recommendations and an introduction.

I'm recommending to everyone how they might learn more about this, and saying that dissidents, sources and people in danger should be more careful than that.

I think broad use of similar tools is, in fact, important in increasing a general understanding of security. The more people who use them, the more of a signal it sends that people are interested in their privacy and have an expectation of privacy.

Thanks for prompting me to clarify that. Seriously.

If somebody wants to ask a question about security for journalists or dissidents, I'm happy to get into that. I think it's very important. It's just not the audience I was targeting with my initial response.

Also, I don't work for the Washington Post. I'm not sure why people think I do.

And when I use ROT 13, I make sure to use it twice!

katarokkar7 karma

What is your response to someone that says, "If I have nothing to hide, why should I worry?"

jenvalentino16 karma

One of my favorite questions!

One response is that you might have more to hide than you think, and you might not even know right now that it's something you want to hide.

Right now, people tend to talk about surveillance as a terrorism-fighting tool. So often, the public supports it, because nobody wants terrorist attacks except the terrorists. I don't want bombs going off either.

But what if the surveillance turns to target ... say ... people with Communist leanings? Or people of some other political persuasion deemed to be dangerous. We did have that whole "Red Scare" thing.

One of my colleagues, Geoff Fowler, wrote a story about some students who joined a LGBT choir at college. The choir administrator signed them up for the Facebook group, and a notice went out to their families without their approval. It created a terrible situation for them. So ... did they have something to hide? Yes and no.

Another response is that, well, this could be exactly what the framers of our Constitution had in mind when they included the Fourth Amendment.

The Fourth Amendment was intended to address things called "general warrants," in which law enforcement could just go through people's houses looking for contraband. Of course, if you were innocent and had nothing to hide, maybe it was just an inconvenience.

But is that really the society you want to live in? Certainly earlier in our history, important people didn't think so.

skeemeritis5 karma

What are your feelings on the constitutionality of the various surveillance programs, as well as the potential for the SCOTUS to actually see the pending lawsuits?

jenvalentino6 karma

That's a broad question, because all of these programs are different, and all of them are complicated. I think to decide the legal standing of these, you actually have to have a deep understanding of the technology. That can be difficult for people who aren't steeped in the tech.

I'll just talk about two aspects of this now, to simplify.

One is that in some respects, this is a First Amendment issue. You've seen companies such as Facebook coming out and announcing vague numbers regarding the requests they receive from the government. They are under gag orders, so they aren't free to disclose much.

I covered a story in which a technology company fought a National Security Letter and said this strict gag order was unconstitutional under the First Amendment.

I think that's a very interesting argument.

Another interesting issue: standing.

Previously, courts have said people couldn't really bring suits about this because they couldn't prove they were affected. But more concrete disclosures might change that. The ACLU just filed a suit saying that because this tracking has been disclosed, they feel they will be affected because people will be afraid to call them.

T1mac5 karma

How concerned are the conservative and Tea Party groups about and the widespread phone and internet searches and the loss of privacy?

When there was the gun control debate after Sandy Hook, these organizations were enraged about the encroachment on the 2nd Amendment, do they care that the 4th Amendment is now under attack?

jenvalentino5 karma

The only thing I know about the Tea Party is from my family back in Texas, and they seem concerned. Sample size of two, though!

However, I've also heard conservative commentators come out in favor of this surveillance.

One of the things I think is so interesting about this issue of surveillance is that it doesn't always break neatly on party lines. It has now been promoted by two administrations that are different politically. And it has now been assailed by people on both sides of the spectrum as well.

vadan4 karma

Do you think there is any hope that Americans will see a level of privacy originally intended by the founding fathers ever again, or is there simply no going back now? Do you expect the invasive practices of the US Government against it's citizens to get worse, or better? Also, thanks for doing this AMA!

jenvalentino6 karma

To be honest, I don't know.

A lot of this is a question of technology. We're all carrying around little tracking devices--our smartphones. And the tech is only going to get smaller and more powerful.

There isn't much of a way around that. Who is going to say, "No. Stop making computers more powerful and convenient?"

I'm a big proponent of technologies like encryption. But they are currently difficult to use, and privacy-protecting technical solutions often can be circumvented.

So really it comes down to a question of the law, I think. Plenty of people disagree with this.

But it's a matter of making sure lawmakers and the judiciary understand the technology and create legal protections for us. And it's a matter of the public voicing concerns, if they have them. Maybe the public really doesn't.

In general, I'm an optimistic person. Our country has gone through a lot. It wasn't too long ago that some people were legally prohibited from voting. So I'm hopeful we can handle this and come up with some reasonable solutions.

JNJ089043 karma

I sometimes hear that Government is always one step behind Technology and playing catch up when it comes to legal rulings. What are some ways Government can properly address Constitutional questions as technology advances at a rapid pace?

jenvalentino6 karma

One of the most important factors is transparency. Good technology education and advice also are important.

It's key for judges who are making these decisions to know what technology they are really dealing with. Secrecy for law enforcement is understandable and important in many respects. Certainly I wouldn't want anyone to be put in danger by disclosing, say, confidential informants and the like.

But judges and lawmakers need to have staff who understand this technology and what it can do.

There's a magistrate judge in Texas who has written opinions on "cell tower dumps" and other surveillance technology, stating that he doesn't think judges are receiving adequate information about the technological tools to truly make good decisions.

So I'd say transparency is the first step.

(I hope I understood your question properly. There were a couple ways to read it.)

ServerGeek3 karma

Thank you for doing this AMA.

  • Who else is watching me, besides the NSA?
  • What are they doing with my information?

jenvalentino8 karma

It depends on who you are and what you mean by "watching."

But I'll just tackle this broadly.

Your data can be gathered with incredible ease. For the most part, the folks doing this are the companies that are providing you the services. Google, for example, sifts through Gmail to show you ads. As you know, the phone companies can get a lot of information about the "metadata" from your calls.

Depending on the type of data and who is gathering it, some of it gets sent to companies called data brokers. These guys (Acxiom, for example, or Lexis Nexis) store a lot of data about you from private sources as well as public databases, like court and real estate records.

Right now, in terms of corporate tracking, this is done mostly to show advertising. But it's also done to identify good customers and tell marketers about who desirable customers are.

I myself like getting targeted ads. The concern comes if companies are doing this to alter prices, especially for sensitive categories such as insurance. My fellow reporters and I had a story about this type of thing in December.

As for government tracking, law enforcement has the ability to track people pursuant to several authorities.

To get content (what you're actually saying), they get a Title III wiretap warrant, which requires probable cause as well as minimization of extraneous content and other things.

Law enforcement also can get things like email metadata pursuant to a lesser court order, which requires going before a judge and showing "specific and articulable facts."

The lowest type of court order, called a "pen register trap and trace" order, provides things like phone metadata. For that, investigators just have to show that it's relevant to an ongoing investigation. They aren't supposed to use that authority to track your location going forward, though, even though location is now also found in phone metadata.

And then there are other countries and so forth, but that isn't my area of expertise.

LazyNarwhal3 karma

Is the NSA actually doing what the people of Reddit are saying they're doing and looking at each individual persons information?

jenvalentino6 karma

If I knew exactly what they were doing, I would have published that information.

tornadoRadar1 karma

Would you have published all 41 slides?

jenvalentino1 karma

I don't know what is on them, so I'm not sure. What if they have the names of a bunch of analysts or contacts? Or the exact locations of facilities abroad?

I just don't have enough information to answer.

inkspot0003 karma

i'm as frustrated as anybody with what the government is doing. But i also know we need to be vigilant in trying to track and find out what real terrorists are doing. How can we strike the right balance between privacy and fighting against terrorism?

jenvalentino8 karma

I might end up giving this answer a lot. But I think transparency is the key first step.

We can't, as a society, decide if we agree with something if we don't even know what that "something" is.

A couple senators on the Intelligence committee have been saying for some time, rather loudly, that there is a "secret interpretation of the law" that should worry us all. Turns out that secret legal interpretation is what allows this massive gathering of phone record information and so forth.

Those senators had been asking to have the legal reasoning be declassified, but they weren't able to effect that change.

To me, if you can't even declassify the way our own laws are being interpreted, that's a huge question for our system. That's not about protecting troop movements or activities. It's about whether we as citizens get to know what the law says.

kevma3 karma

hook 'em

jenvalentino7 karma

Indeed. I'd like to mention, apropos of nothing, that I was at the 2006 Rose Bowl. I like to drop that into conversation.

grandhotel891 karma

Shout out from the basement.

jenvalentino1 karma

Yes!

Crusader10892 karma

Are you dutch? I knew a Dutchman named De Vries.

Otherwise, I have no question.

jenvalentino5 karma

My husband is of Dutch ancestry. I took his name but liked my original name, Valentino, so much that I couldn't part with it. So now I just make everyone write out a long, annoying name.

Alopexx2 karma

Can you elaborate on a way to do an "explain to me like I'm five" for people that are not as well informed? Many people I know don't have the knowledge because they don't have time or aren't simply aware of it. Thanks!

jenvalentino2 karma

(1) People should be aware that their digital tools give off a lot more information than they might think. It's especially important to mention location data here. Location, location, location.

(2) The government is able to access or take much of this information, following certain laws. The key thing here is to tell people about the "third party doctrine," which means that data about who you call, where you go, what you buy, and more can be accessed by the government without a warrant. That's because you've already shared it with a "third party," generally technology companies.

(3) Finally, I'd talk about the secrecy surrounding these procedures and laws. We just don't know exactly what the government can take, what it gets and when it can actually use it in investigations. People might not understand technology or legal issues, but they can generally understand that making the law itself a secret is a little disconcerting.

Blazed_Pascal2 karma

How clear of a picture of your life can organizations build using data that is readily available? More specifically, how much can the government surveillance complex learn about your political associations without violating the letter of the law? Most people I have encountered seem to think that "meta-data" collection is harmless and we shouldn't be concerned because it's nothing new.

jenvalentino5 karma

Metadata can provide a very clear picture of your life.

For example, if you're a woman and you call your doctor, then your boyfriend, then a women's clinic that provides abortions, it might be clear what is going on, even if you never listen to a conversation.

In addition, people don't seem to realize how much location information is involved in metadata, now that we are all carrying cellphones.

Check out this interactive map from a German politician who got six months of his phone metadata records. You can see him at specific parties, and walking along streets, to the block level. We're not always talking accuracy of miles anymore. With femtocells in large cities, you can get accurate to a floor or two of a building.

The cleverest post I've seen on this is called "Using Metadata to Find Paul Revere".

That said, the NSA and others say that to look at you in the first place, there needs to be some kind of reason to suspect you. That could have to do with your associations, for instance.

Depending on what population you're in, your associations could leave you open to having your records viewed. Suppose someone suspected of terrorism activity in another country has family in the U.S. and calls them regularly. Then suppose some of those people call others in their neighborhood, and you call them every Tuesday because you want to order some nice ethnic food. These contact chains can sweep up people pretty quickly.

But we don't know for sure what those rules actually are. Again, secrecy here is leaving people concerned.

this_heel_of_shit2 karma

Did you have to do unpaid internships as a reporter just out of college?

What do you think of the number of unpaid internships in the press?

jenvalentino3 karma

I didn't do any unpaid internships. I got a job as a copy editor at the Houston Chronicle.

And I think unpaid internships are unfortunate and bad for journalism. They mean that the only people who can get these internships are people with money in the first place.

eat_this_kitten2 karma

Do you think that the journalistic integrity of the Wall Street Journal has been compromised since the acquisition by Rupert Murdoch?

jenvalentino3 karma

Nope. Everyone I work with has very high ethical standards.

The differences, which have been well recorded, have mainly to do with subjects of coverage and length of stories. There is more general news, and stories are shorter.

treatwell2 karma

Is there any hope for "location privacy" short of turning off your smartphone?

jenvalentino3 karma

I'm going to go with "no" on that one, if you're talking about it in a technical sense.

You can also use a "Faraday bag" that blocks your signals, but you can't receive phone calls while the phone is in it. There's a guy in New York who makes artisanal privacy cases. I think he's in Brooklyn, naturally: http://ahprojects.com/projects/off-pocket.

There is, however, always the option of seeking stronger laws.

ultradip1 karma

What does the NSA think of software like The Onion Router (TOR), PGP, and other tech used to preserve privacy?

jenvalentino3 karma

I don't know what the NSA thinks, I'm sorry to say.

Such technology makes it more difficult to spy on people, so in general I would think spies would find it annoying.

But people have a great many vulnerabilities. If someone really wants to track you, it's tough to get away.

One point I'd like to make that your question raises: Sometimes people say this sort of software is used only by criminals. And it's true that criminals are among the people who want to preserve their privacy. It's also true that I'm not a fan of criminals, and I appreciate all the work law enforcement does to catch them.

But other people use these things as well. Good people. Dissidents, journalists, women who have been stalked or abused, regular people who just want to be left alone.

It's important for our society to decide whether we want to support the freedoms of those good people, or whether we're more concerned about catching bad guys.

HomeHeatingTips1 karma

Why is it called "what they know"? shouldn't it be "what we know" If The US government is really made of the people for the people by the people, why is there always such an Us verses them attitute when talking about the government. Unless...

jenvalentino3 karma

Well, we started that series covering corporate collection of data. We're the Wall Street Journal, so that was our wheelhouse.

My editor, Julia Angwin, came up with the series and title back around 2010. It has just slowly come to deal more with government use of surveillance technology, and the laws around it.

Edited to add: I realize you were making a joke. But I also wanted to explain the genesis of our reporting.

Needsnewbatteries1 karma

If it wasn't for the multiple scandals going on with the administration at the moment, and the IRS scandal especially, do you think The Obama administration would have gotten more of a pass than they are now?

jenvalentino1 karma

That's a political question that is beyond my area of expertise. I've never been a DC reporter. Sorry!

leftinthedark1 karma

The NRA does a really good job of talking about the "Slippery slope" of the second amendment.

In your opinion, is there something that could be the slippery slope of the 4th amendment? To whom should we give our time/energy?

jenvalentino1 karma

I think the things to focus on here are bulk records collection and location data. People understand the importance of tracking their location.

Mikeydoes1 karma

What types of methods do you expect the Government/lobbyists to use to get this to blow over?

How important is it that this doesn't blow over-- what are the most extreme consequences?

jenvalentino2 karma

I don't cover lobbying or governments, so I can't answer the first part.

But if you're asking me to be super-extreme about the worst possible consequences, you get some kind of dystopian future in which we have no privacy and use computers to value people and judge everything about them, including whether they should be hired and whether they are going to commit a crime.

But I like to be more optimistic than that.

digjam1 karma

[deleted]

jenvalentino2 karma

I don't know that anybody is exempt from active snooping. But that doesn't mean people are snooping on them.

In the case of call records, those include everyone. That doesn't mean everyone is the target of an investigation. But anyone whose cellphone connects with the towers is going to be recorded.

leftinthedark1 karma

In his Q&A today, Snowden said congress is exempt.

digjam1 karma

[deleted]

jenvalentino1 karma

Ah, OK. I don't have visibility into what Snowden means. But if you're getting a full cell tower dump from somewhere, I'd be surprised if certain people's phones were excluded from that dump.

knightboatsolvecrime1 karma

As a former UT student, what would you recommend for a current student to do in Austin for free time during the school year?

jenvalentino2 karma

Work at the Daily Texan! And go to football games.

joopius1 karma

Do you smoke marijuana?

jenvalentino4 karma

I have asthma, so I don't smoke anything.

k8yy1 karma

Thank you, sincerely, for doing this AMA. I've been trying to research methods of protecting my privacy but didn't even know where to begin my search.

Most people I know, when I talk with them about this, feel utterly defeated because of the power behind the US government and how monstrous it can seem. Myself included.

Thus, my question is...

How can we change this? What steps can we take besides writing our senators or congressman--some of which seem to be behind data collection and the NSA?

I'd rather do something and not just let the government have its way with my butthole.

jenvalentino2 karma

You know, I think writing to Congress is never a bad idea. Seriously.

Personal letters from constituents are actually important, as far as I can tell.

There was a case last year in which public outcry stopped a law called SOPA that would have been problematic for the Internet's defense architecture (among other things).

So, whatever your political persuasion is or whatever your beliefs are, don't feel defeated. What's the point of that?

LitPro1 karma

How do you think this story is resonating, or not, with the generations in the US, e.g. Boomers, Gen X, Y? What political ramifications does that difference give rise to? How do you provide oversight to black projects if not with a secret (FISA) court?

jenvalentino3 karma

This sort of broad "resonance" question is difficult for me to gauge, because I'm kind of in the weeds on the topic of surveillance.

I'm not sure the NSA coverage is breaking down along generational lines. I think it might better to think of the reaction in terms of the time that has passed since the attacks of Sept. 11. The farther we get from it, the more we are able to process the policy decisions that were made in response to it.

Remember, this story is similar to ones that came out in 2005, 2006, 2008 and so on. We get more details in each iteration, and the way we react is changing.

wildebeest3e1 karma

Is metadata available for warrantless search under the 4th amendment? What is the precedent for this? For example, is it legal for the police to write down the addresses of people who are sending me physical mail by sending an officer to the post office without a warrant?

jenvalentino3 karma

Yes, metadata is available under the Fourth Amendment.

There are several reasons for this, including in cases involving physical mail.

The main one is what is called the "third party doctrine." This is a legal theory that holds that, if you give information to a third party, you can't really expect that it's private anymore. For example, if you tell a confidential informant something in "secret," that's fair game.

A 1979 Supreme Court case found that investigators didn't have to have a warrant to get phone numbers a person had dialed, because the person would have to know that the phone company had those numbers anyway. (After all, they'd show up on the phone bill.) Another case held the same for banking records.

The difference now is that this metadata now reveals a lot more about us. Particularly with the advent of smartphones, you are giving off a lot of information in "just metadata." And with more powerful computers to analyze it, investigators can put together pieces like never before.

In a Supreme Court case last year, U.S. v Jones, the justices actually began raising concerns about this. They decided that case, which was about a GPS tracker on a car, based on a simple question of trespass.

But the concurring opinions dealt with the increasing power of tracking and data. Justice Sotomayor even questioned whether the judiciary should take another look at the third party doctrine in light of these technological changes.

So it is definitely an interesting question and will be for some time, I think.

JamesZhou131 karma

What is your favorite flavor of ice cream?

jenvalentino3 karma

Chocolate peanut butter!

[deleted]1 karma

[deleted]

jenvalentino1 karma

I'm not sure how much insight I can provide here, but I'll go ahead and answer: I don't approve of plagiarism. It's sad when it involves top reporters.

geekologie231 karma

What's it like being one of the few famous women in IT - and what advice would you give to other women like me moving up in the ranks of the IT world?

jenvalentino1 karma

Hrm. I don't think I'm famous, and I'm not in IT. :-/

It's true that venturing into the tech world at all can be difficult for women. I'm not sure I have any specific advice, except to say that I think I'm a nice person but stubborn, and that seems to work well.

chooter1 karma

Should people automatically assume that they are starting from a baseline of zero privacy and operate from there?

jenvalentino2 karma

I think that's a good place to start in some respects. People do need to be aware that much of their data can be collected and shared.

But it's certainly a bad place to end up. In a world in which we don't have or expect privacy, how can we have room to think?

One of the smartest people in the security business, Moxie Marlinspike, has a post about this that is a good read. It's titled "We Should All Have Something to Hide".

With that, I'm going to grab a sammich. BRB.

jenglass1 karma

Hi Jen, Thanks so much for holding this forum. I wanted to ask you, since the government is involved in "listening" to the details of our online activities and phone calls, how can we truly trust the attorney-client privilege (or any other privileged conversations) are really confidential and will not be used by the government in some manner? I am concerned that the idea of the government watching an online stream (e-mails/chats/texts) between a client and their attorney or a patient and their doctor can be used against them in the future. With the new health care rules going into effect in January (and the old Death Panel rumors), what's to say that the fourth and fifth amendments are really being protected when the NSA doesn't even require a warrant anymore to listen to our conversations?

jenvalentino1 karma

Again, at some point we have to rely on laws.

The government has long been technically able to conduct phone wiretaps or bug conversations between attorneys and clients. But they aren't supposed to.

Do investigators sometimes break the law? Of course. But as I see it now, that's a concern better addressed in specific instances.

idontwatchtv1 karma

Welcome to reddit and thanks for doing this AMA.

U.S. encryption exportation laws and an encrypted laptop, am I breaking the law if I go through customs/border control with an encrypted laptop, and the software necessary to decrypt that hard disk (let's just say we're talking about LUKS or TrueCrypt)? Are any laws being violated?

jenvalentino1 karma

I've gone through customs many times with an encrypted laptop. I think I would have heard more about this if it were illegal.

If you have more specific questions, I recommend the Electronic Frontier Foundation as a resource.

caerphilly1211 karma

Hi Ms Valentino! Thanks for doing an ama. In the discussion of privacy protection, a question I've never seen answered is: does going to lengths to protect one's privacy put you on the "radar", as it were? You mentioned Tor, but it's obvious that a browser is using it. As for VPNs, obviously your ISP can see that you are connected to one, does that raise any red flags? Basically, does going to lengths to protect privacy make "them" suspicious?

jenvalentino1 karma

I have heard that in some cases it does, that using encryption is considered a red flag.

That's why I think it would be interesting if more people started using encryption or privacy-protecting measures generally. If more people use such tools, privacy becomes a public norm.

caerphilly1211 karma

Thanks for responding! It's interesting, then, that we live in a society where locking a door is considered the norm, if not expected, but an equivalent level of digital privacy is considered suspicious.

jenvalentino1 karma

Great analogy.

hippostiptoes0 karma

In your opinion, are the surveillance systems which are currently set up more about detecting and quashing "national security threats" or gathering information about consumers for commercial purposes?

jenvalentino1 karma

More people are affected on a daily basis by commercial collection. So, your Web email is generally scanned. Your searches are scanned. Your purchases are recorded, and all of this information can help inform which ads to show you.

However, the fact that this information is recorded in the first place means that, at some point, it's likely available to the government as well. Fewer people will be touched by government surveillance in any sort of noticeable way, but in some respects it's of more concern to our society.

Traditionally the US has been less suspicious of private companies and more suspicious of the government. But the data can be sent from companies to the government, as is the case under the authorities we have learned about recently.

cshaxercs0 karma

Hello Jennifer, first off I just want to say that you look beautiful ! But I do have some questions for you.
1) How did you get your job as a reporter at The Wall Street Journal?
2) What is the most appealing thing about your job? What’s the thing that motivates you day-by-day?
3) What is your most prized story that you written for the Wall Street Journal? The story that you favorite the most that you written? Link me too, if that’s not too much trouble, I would love to read it!
Have a great day answering away .

jenvalentino3 karma

Hi. Thanks for the questions.

1) I started at the WSJ doing online production, working nights. I was still in grad school. Eventually I became a tech blogger and then moved to covering digital privacy.

2) I approach reporting as though I'm solving a puzzle, and that's my favorite thing. Some reporters have different approaches.

3) That's hard to say. I think I have two favorites.

http://online.wsj.com/article/SB10001424053111904194604576583112723197574.html

http://online.wsj.com/article/SB10001424052702303567704577519213906388708.html

moonbeanie0 karma

I really have to ask how you can work for Rupert Murdoch and look at yourself in the morning. FOX news and the WSJ are some of the most corrosive elements in American society. Why should anyone believe a thing you say when you are allied with FOX/WSJ?

jenvalentino5 karma

I see that this has moved down the page because of voting, but I want to respond anyway.

First, I take great pride in my reporting. I have been at The Wall Street Journal since before it was purchased by News Corp., and since it was purchased I have never had anybody tell me not to write or run a story or anything like that. The Journal is a great paper, and I'm honored to work here.

That said, the Journal's reporting staff has had a long tradition of, shall we say, not always agreeing with the opinion staff. The opinion page has in fact come out against the reporting of me and my editor, Julia Angwin, on this "What They Know" series.

It's part of our history at the Journal. This is a fact that is well-known within the journalism world but not among the public.

In fact, there is a blue plexiglass wall--a physical wall--between the newsroom and the opinion page. I'm on the first row of reporters on the reporting side.

We use this wall as a white board, as you can see here.

[Edited to change characterization of upvoting / downvoting, as pointed out below.]