The Joe Rogan experience.
Are you aware at all of the current state
of surveillance and what, if anything,
has changed since your revelations?
Yeah, I mean, the big thing that's changed
since I was in in 2013 is now it's mobile.
First, everything
mobile was still a big deal, right.
And the intelligence community
was very much grappling
to get its hands around
it and to deal with it.
But now people are much less likely to use
laptop than use a desktop than than use,
you know, got any kind of wired phone
than they are to use a smartphone.
And both Apple and Android
devices, unfortunately,
are not especially good in protecting
your privacy, I think, right now.
You got a smartphone,
right? You might be listening to this
on a train somewhere and in traffic right
now, or you, Joe, right now you got
a phone somewhere in the room, right?
The phone is turned off for at least the
screen is turned off, it's sitting there.
It's powered on.
And if somebody sends you a message,
the screen blinks to life.
How does that happen,
but how is it that if someone from any
corner of the Earth dials a number of your
phone rings and nobody else's rings,
how is that you can dial anybody else's
number and only their phone rings?
Right.
Every smartphone,
every phone at all is constantly
connected to the nearest cellular tower.
Every phone, even when the screen is off,
you think it's doing nothing.
You can't see it because radio
frequency emissions are invisible.
It's screaming in the air
saying, here I am, here I am.
Here is my IMEI.
I think it's individual manufacturers,
equipment, identity and IMEI individual
manufacturers, subscriber identity.
I could be wrong on the break out there,
but the acronyms are
the Emii and the emcee and you
can search for these things.
There are two globally unique identifiers
that only exist anywhere
in the world in one place.
Right.
And it makes your phone different
than all the other phones.
The IMEI is burned
into the handset on your phone.
No matter what SIM card you change to,
it's always going to be the same and it's
always going to be telling the phone
network it's this physical handset,
the Iame essi is in your SIM card.
Right.
And this is what holds your phone number.
Right.
Is that basically the key,
the right to use that phone number?
And so your phone is sitting there doing
nothing you think,
but it's constantly shouting and saying,
I'm here who is closest to me?
That's a cell phone tower
and every cell phone tower with its big
ears is listening for these little
cries for help and going, oh, right.
I see Joe Rogan's phone, right.
I see Jamie's phone.
I see all these phones
that are here right now.
And it compares notes
with the other
network towers and your smartphone
compares notes with them to go,
who do I hear the loudest and who you hear
the loudest is a proxy for
proximity, for closeness, distance.
Right.
They go whoever I hear more loudly
than anybody else, that's close to me.
So you're going to be bound to this cell
phone tower and that cell phone tower is
going to make a note, a permanent record,
saying this phone,
this phone handset with this phone number
at this time was connected to me.
Right.
And based on your phone handset and your
phone number,
they can get your identity right
because you pay for this stuff with your
credit card and everything like that.
And even if you don't write, it's
still active at your house overnight.
It's still active, you know,
on your nightstand when you're sleeping.
It's still whatever
the movements of your phone are,
the movements of you as a person.
And those are often
quite uniquely identifying.
It goes to your home.
It goes to your workplace.
Other people don't have it sorry
in any way.
It's constantly shutting this out.
And then it compares notes
with the other a parts network.
And when somebody is trying to get
to a phone, it compares notes
of the network, compares notes to go.
Where is this phone with this phone number
in the world right now
and to that cell phone tower
that is closest to that phone.
It sends out a signal saying,
we have a call for you,
make your phone start ringing so your
owner can answer it, and then it
connects it across this whole path.
But what this means
is that whenever you carry a phone over,
the phone is turned on.
There's a record of your presence
at that place that is being
made and created by companies.
It does not need to be kept forever.
And in fact, there's no good
argument for it to be kept forever.
But these companies see that as
valuable information, right?
This is the whole big data problem
that we're running into and all this
information that used to be ephemeral.
Right.
Where were you when you
were eight years old?
You know, where were where'd you
go after you had a bad breakup?
You know, who'd you spend the night with?
Who'd you call?
After all, this information used to be
ephemeral, meaning it disappeared.
Right.
Like like the morning do it would be gone.
No one would remember it.
But now these things are stored.
Now these things are saved.
It doesn't matter whether
you're doing anything wrong.
Does it matter where you most
ordinary person on Earth?
Because that's how bulk collection,
which is the government's euphemism
for mass surveillance, works.
They simply collect it all in advance in
hopes that one day it will become useful.
And that was just talking about how
you connected the phone network.
That's not talking about all those apps
on your phone that are contacting
the network even more frequently.
Right.
How do you get a text
message notification?
How do you get an email notification? How
is it the Facebook knows where you're at?
You know, all of these things,
these analytics,
they are trying to keep track through
location services on your phone to GPS,
through even just wireless access points
you're connected to because
there's a global contact.
The updated map, there's actually many
of them of wireless access points
in the world, because just like we talked
about, every phone has a unique identifier
that's globally unique,
every wireless access point in the world.
Right.
You cable modem at home,
whether it's in your laptop,
every device that has a radio modem
has a globally unique identifier in it.
And this is standard term.
You can look it up
and these things can be mapped when
they're broadcasting in the air because
again, like your phone says to the cell
phone tower, I have this identifier.
The cell phone tower responds and says,
I have this identifier.
And anybody who's listening,
they can write these things down.
And all those Google Street View
cars that go back and forth.
Right.
They're keeping notes on whose Wi-Fi
is active on this block.
Right.
And then they build a new GM app.
So even if you have turned off right,
as long as you connect to Wi-Fi,
those apps can go well,
I'm connected to Joe's Wi-Fi, but I can
also see his neighbor's Wi-Fi here.
And the other one in this apartment over
here and the other one
in the apartment here.
And you should only be able to hear
those four globally unique Wi-Fi access
points from these points
in physical space.
Right.
The intersection in between the spread's,
the domes of all those
wireless access points,
it's a proxy for location
and it just goes on and on and on.
We can talk about this for more hours.
We don't have that kind of time.
Can I ask you this? Is there a way
to mitigate any of this personally? I
mean, is shutting your phone
off doesn't even work, right?
Well, so it does.
In a way, it's yes.
No, I'm the thing with shutting your phone
off that is a risk is how do you
know if phones actually turned off?
It used to be when I was in Geneva,
for example, working for the CIA,
we would all carry like
drug dealer phones.
You know, the old smartphones
are old dumb phones.
They're not smartphones.
And the reason why was just because they
had removal that from the banks where
you could take the battery out.
Right.
And the one beautiful thing about
technology is if there's
no electricity in it.
Right.
If there's there's no go juice
available to it, if there's no battery
connected to it, it's not sending anything
because you have to get
power from somewhere.
You have to have power
in order to do work.
But now your phones are all sealed
and you can't take the batteries out.
So there are potential ways that you can
hack a phone where it appears to be off,
but it's not actually off.
It's just pretending to be off,
whereas in fact, it's still listening
in and doing all this stuff.
But for the average person,
that doesn't apply.
Right.
And I got to tell you guys, they've
been chasing me all over the place.
I don't worry about that stuff.
Right.
And it's because if they're applying
that level of effort to me,
I don't probably get the same
information through other routes.
I am as careful as I can.
And I use things like Faraday cages.
I turn devices off.
But if they're actually
manipulating the way devices display,
it's just too great a level of effort,
even for someone like me to keep
that up on a constant basis.
Also, if they get me,
I only trust phones so much.
So there's only so much they
can derive from the compromise.
And this is how operational
security works.
And you think about what are the realistic
threats that you're facing
that you're trying to mitigate
and the mitigation that you're trying
to do is what would be the loss? What
would be the damage done to you
if this stuff was exploited? Much more
realistic than worrying about these
things that I call voodoo hacks.
Right.
Which are like next level stuff.
And actually just a shout out for those
of your readers who are
interested in this stuff.
I wrote a paper on this specific problem.
How do you know when
a phone is actually off?
How do you know when it's
actually not spying on you?
With a brilliant, brilliant
guy named Andrew Bunnie Huang.
He's an MIT Ph.D. and I
think electrical engineering
called the Introspection Engine
that was published in the Journal
of Hope Engineering.
You can find it online
and it'll go as deep down in the weeds,
I promise you, as you.
Well, we take an iPhone six.
This was back when it was fairly new
and we modified it so we could actually
not trust the device to report its own
state, but physically monitor it
state to see if it was spying on you.
But for average people, right
this academic night,
that's not your primary threat.
Your primary threats are these
bulk collection programs.
Your primary threat is the fact that your
phone is constantly squawking
to these cell phone towers.
It's doing all of these things
because we leave our phones
in a state that is constantly on.
You're constantly connected right now.
Airplane mode doesn't even
turn off Wi-Fi really anymore.
Just turns off the cellular modem.
The whole idea is
we need to identify the problem
and the central problem with smartphone
use today is you have no idea what
the hell it's doing at any given time.
Like the phone has the screen off.
You don't know what it's connected to.
You don't know how
frequently it's doing it.
Apple and iOS, unfortunately,
makes it impossible to see what kind
of network connections are constantly made
on the device and to intermediate them
going, I don't want Facebook
to be able to talk right now.
You know, I don't want Google
to be able to talk right now.
I just want my secure messenger
app to be able to talk.
I just want my weather app to be able
to talk, but I just check my weather
and now I'm done with it.
So I don't want that to be
able to talk anymore.
And we need to be able to make
these intelligent decisions.
Are not just an app by app basis, but a
connection by connection basis, right.
You want let's say you use
Facebook because, you know,
for whatever judgment we have,
a lot of people might do it.
You want to be able to connect
to Facebook's content servers.
You want to be able to message a friend.
You want to be able to download
a photograph or whatever,
but you don't want it to be
able to talk to an ad server.
You don't want to talk to an analytics
server that that's
monitoring your behavior.
Right.
You don't want to talk to all these third
party things because Facebook crams their
garbage and almost every app that you
download and you don't even know what's
happening because you can't see it.
Right.
And this is the problem
with the data collection used today
is there is an industry that is
built on keeping this invisible.
And what we need to do is we need to make
the activities of our devices,
whether it's a phone,
whether it's computer or whatever,
are more visible and understandable
to the average person and then
give them control over it.
So if you could see your phone right now
and at the very center of it
is a little green icon.
That's your, you know, handset or
it's a picture, your face, whatever.
And you see all these little
spokes coming off of it.
That's every app that your phone is
talking to right now
or every app that is active on your phone
right now and all the hosts
that it's connecting to.
And you can see right now,
once every three seconds,
your phone is checking into Facebook
and you could just poke that app and then,
boom, it's not talking
to Facebook anymore.
Facebook's not allowed Facebook
speaking privileges have been revoked.
Right.
You would do that.
We would all do that if there was a button
on your phone that said,
do what I want but not spy on me,
you would press that button, right?
That button is not does
not exist right now.
And both Google and Apple, unfortunately,
Apple's a lot better at this than Google,
but neither of them allow
that button to exist.
In fact, they actively interfere with it
because they say it's a security risk.
And from a particular perspective,
they they actually aren't wrong there.
But it's not enough to go.
You know, we have to lock that capability
off from people because we don't trust
they would make the right decisions.
We think it's too complicated
for people to do this.
We think there's too many
connections being made.
Well, that is actually a confession
of the problem right there.
If you think people can't understand it,
if you think there are too many
communications happening,
if you think there's too much complexity
in there, it needs to be simplified,
just like the president can't
control everything like that.
If you have to be the president
of the phone and the phone is as complex
as the United States government,
we have a problem.
Guys, this should be much
more simple process.
It should be obvious.
And the fact that it's not and the fact
that we read story after story year after
year, saying all your date has been
breached here,
this company's spying on you here is
companies manipulating your purchases or
your search results or they're hiding
these things from your timeline
or they're influencing you or manipulating
you in all of these different ways.
That happens as a result of a single
problem.
And that problem is in inequality
of available information.
They can see everything about you.
They can see everything about what your
device is doing, and they can do
whatever they want with your device.
You, on the other hand, owned the device
well, rather, you paid for the device.
But increasingly these
corporations own it.
Increasingly, these governments own it.
And increasingly, we are living in a world
where we do all the work right.
We pay all the taxes, we pay all
the costs, but we own less and less.
And nobody understands this better
than the youngest generation.
Well, it seems like our data became
a commodity before we
understood what it was.
It became this thing that's insanely
valuable to Google and Facebook
and all these social media platforms.
Before we understood what we were giving
up, they were making billions of dollars.
And then once that money is being earned
and once everyone's accustomed
to the situation, it's very
difficult to pull the reins back.
It's very difficult
to turn that horse around
precisely because the money
then becomes part right.
The information then becomes influence.
That also seems to be the same sort
of situation that would happen
with these mass surveillance states.
Once they have the access,
it's going to be incredibly difficult
for them to relinquish that,
right?
Yeah, no, you're exactly correct.
And this is the subject of the book.
I mean, this is the permanent record
and this is where it came from.
This is how it came to exist.
The story of our lifetimes is how
intentionally by design,
a number of institutions,
both governmental and corporate,
realized it was in their mutual interest
to conceal their data collection
activities, to increase the breadth
and depth of their sensor network.
That were sort of spread out through
society, rumor back in the day
intelligence collection
in the United States, even at Segan,
used to mean sending an FBI agent right
to put alligator clips on an embassy
building or sending in somebody
disguised as a workman.
And they put a bug in a building or
they built a satellite listening side.
Right.
We called these foreign set were
foreign satellite collection.
We're out in the desert somewhere.
They built a big parabolic collector.
And it's just listening
to satellite missions.
Right.
But these satellite emmissions, these
satellite links were owned by militaries.
They were exclusive to governments.
Right.
It wasn't affecting everybody broadly.
All surveillance was targeted
because it had to be.
What changed with technology is
that surveillance could
now become indiscriminate.
It could become dragnet.
It could become bulk collection,
which should become one of the dirtiest
phrases in the language
if we have any kind of decency.
But we were intentionally
this was intentionally concealed from us.
Right.
The government did it.
They used classification,
companies did it.
They intentionally didn't talk about it.
They denied these things were going.
They said you agreed to this and you
didn't agree to nothing like this.
I'm sorry.
Right.
Right.
They go we put that terms of service page
up and you click that,
you click the button.
That said, I agree
because you were trying to open an account
so you could talk to your friends.
You were trying to get driving directions.
You were trying to get an email account.
You were trying to agree to some 600 page
legal form that even if you read,
you wouldn't understand.
And it doesn't matter even if you did
understand, because one of the very first
paragraphs and it said this agreement can
be changed at any time unilaterally
without your consent by the company.
Right.
They have built a legal paradigm
that presumes records collected about us
do not belong to us.
This is sort of one of the core principles
on which mass surveillance
from the government's perspective
in the United States is legal.
And you have to understand that all
the stuff we talk about today, government
says everything we do is legal.
Right.
And they go, so it's fine.
Our perspective, the public should be
well, that's actually the problem,
because this is an OK,
the scandal isn't how they're breaking
the law, the scandals that they
don't have to break the law.
And the way they say they're not breaking
the law is something called
the third party doctrine.
Third party doctrine is a.
Legal principle derived from a case and I
believe the 1970s called
Smith versus Maryland
and Smith was this knucklehead who was
harassing this lady,
making phone calls to her house.
And when she would pick up, he just,
I don't know, sit there, heavy breathing,
whatever, like a classic creeper.
And, you know, it was terrifying,
this poor lady.
So she calls the cops
and says, one day I got one of these phone
calls and I see this car creep past
my house on the street
and she got a license plate number.
So she goes to the cops and she goes,
is this the guy?
And the cops?
Again, they're trying
to do a good thing here.
They look up his license plate number
and they find out where this guy is
and then they go, what phone number
is registered to that house?
And they go to the phone company and they
say, can you give us this record
in the phone? Company says, yeah, sure.
And it's the guy the cops got there, man.
Right.
So they go arrest this guy.
And then in court, his lawyer brings
all this stuff up and they go.
A.
You did this without a warrant that was
sorry, that was that was the problem was
they went to the phone company,
they got the records without a warrant.
They just asked for it
or they subpoenaed it.
Right.
Some lower standard of legal review.
And the company gave it to him and
got the guy they marchmont in jail.
And they could have gotten a warrant.
Right.
But it was just expedients.
They just didn't want to take the time.
Small town cops, you can
understand how it happens.
They know the guy's a creep or they
just want to get him off to jail.
And so they made a misstep with the
government doesn't want to let go.
They fight on this and they go.
It wasn't actually
they weren't his records,
and so because they didn't belong to him,
he didn't have a Fourth Amendment right
to demand a warrant be issued for them,
they were the company's records and
the company provided them voluntarily.
And hence no warrant was required because
you can give whatever you want without
a warrant as long as it's yours.
Now, here's the problem.
The government extrapolated
a principle in a single case of a single
known suspected criminal who they had real
good reasons to suspect was their guy
and use that to go to a company and get
records from them and establish
a precedent that these records
don't belong to the guy.
They belong to the company.
And then they said, well,
if one person doesn't have
a Fourth Amendment interest in records
held by a company, no one does.
And so the company then has absolute
proprietary ownership of all of these
records about all of our lives.
And remember, this is back in the 1970s.
You know, the Internet hardly
exists in these kind of contexts.
Smartphones, you know, don't exist.
Modern society, modern
communications don't exist.
This is the very beginning
of the technological era.
And flash forward now, 40 years.
And they are still relying on this
precedent about this one,
you know, pervy creeper to go.
Nobody has a privacy right
for anything that's held by a company.
And so long as they do that,
companies are going to be extraordinarily
powerful and they're going
to be extraordinarily abusive.
And this is something
that people don't get.
They go, oh, well,
it's Data-Collection, right?
They're exploiting data.
This is data about human lives.
It is state about people.
These records are about you.
It's not data that's being exploited.
It's people that are being exploited.
It's not data that's being manipulated.
It's you.
It's being manipulated.
And this this is this is something that I
think a lot of people
are beginning to understand.
Now, the problem is the companies
and the governments are still pretending
they don't understand or
disagreeing with this.
And this reminds me of something that one
of my old friends, John Perry Barlow,
who served with me at the Freedom
of Press Foundation,
I'm the president of the board,
used to say to me.
Which is you can't awaken someone
who's pretending to be asleep.