On January 25, Donald Trump signed an executive order that, essentially, screws over all non-Americans online. If you use Internet services that touch US servers, your privacy is at risk.
As Canadian law professor and tech law expert, Michael Geist, explains:
For Canadians, the order should raise significant concerns about government data shared with U.S. authorities as well as the collection of Canadian personal information by U.S. agencies. Given the close integration between U.S. and Canadian agencies – as well as the fact that Canadian Internet traffic frequently traverses into the U.S. – there are serious implications for Canadian privacy.
Arguably, this was always the case to some degree, but this goes beyond what we learned from the Snowden leaks in 2013. In fact, the Snowden leaks had previously led to a push to extend greater privacy protection to non-Americans.
Geist goes on to say:
The Trump Executive Order makes it clear that U.S. agencies should ensure that their policies do not extend privacy rights to non-U.S. citizens or permanent residents under the Privacy Act. The intent and effect of the order means that the personal information of Canadians will not be protected under that statute. The decision requires an immediate review by the Privacy Commissioner of Canada on the effect of Canadian personal information and data sharing agreements and a potential re-assessment of what personal information is made available to U.S. agencies.
In essence, as a Canadian, you have no right to privacy when you use Internet services that use US servers. That includes things like Facebook and Google — including your Gmail account.
The best defence, at least until we have a better understanding of what this really means for Internet users living outside the United States, is to use a VPN or something like the Tor Browser to hide your location while online. It would also be very smart to stop using Gmail. I recommend ProtonMail which, coincidentally, I signed up for about an hour before I learned about Trump’s executive order.
ProtonMail is, arguably, the world’s most private and secure email provider. Because all your email is encrypted, they couldn’t hand it over to authorities even if they wanted to. They could only provide the encrypted data, which is close to impossible to decrypt through brute force methods. ProtonMail’s servers are located in Switzerland and they offer free accounts, which are probably good enough for most users, so there’s little reason not to switch.
It wouldn’t hurt to stop using Google in favour of something like DuckDuckGo or Startpage. DuckDuckGo is based out of the US, so could potentially be at risk of privacy breaches, but they don’t track users and I personally think they have a better user experience than Startpage (which is based in Europe), so I’m willing to take that risk for the time being.
Finally, though not directly related to the executive order that inspired this post, you might want to consider using something like Signal to encrypt your mobile messages. Unlike a lot of mobile messaging apps, Signal still allows you to send SMS messages to people who aren’t using Signal. They’ll get a regular, unencrypted text message via whatever texting app they use. But if the person you’re messaging is another Signal user, your message will be end-to-end encrypted, so anyone who intercepts it won’t be able to read it.
If you care about your privacy online, you should probably have been doing some or all of these things already. But most of us prefer the convenience of things like Google and Gmail.
You have to decide for yourself what you’re willing to give up for the sake of convenience. For me, that line is starting to move to a place where I’m more willing to deal with minor inconveniences in order to better protect my privacy online.